Log parsing rules

Log parsing rules provide you the ability to parse, extract, map, convert and filter your log entries. Rules can help you convert unstructured log data into JSON format, extract important information from your logs and filter your log stream according to various conditions.

One of the most popular ways to customize your logs is using named groups Regex. This will allow you to modify and extract your logs in various ways For more information on named groups Regex

Access your log parsing rules interface by opening your admin user dashboard -> Settings -> Rules.

open coralogix settings

open coralogix parsing rules


1) Add a new group and name it.

Add log parsing rules group coralogix

2) Add a new rule

add rule coralogix

3) Select the rule type that you want to create

select rule type in coralogix

4) Create a Regex according to your needs.

5) Approve the rule you created (note that you can see how it affects your data in real time under the “preview” pane)

Important rule groups logic: 

  1. Rules run according to their order inside the group, once the first rule within a group is matched, the engine moves to the next group. 
  2. Block rules need the be configured 1 per group in order for them to run properly. 

Here are 2 examples on how you can leverage this feature:

PConvert log message to JSON

Raw log:

result: 200, status: OK, username: anonymous
Define parse rule:



  "result" : 200,
  "status" : 'OK',
  "username" : "anonymous"

Extract information from log message

Raw log:

INFO - myclass: This is a test message
Define parse rule:

(?P&lt;severity&gt;[^ ]+)\s-\s(?P&lt;category&gt;[^:]+):\s(?P&lt;text&gt;.*)

The result is the “INFO” value will be extracted to severity column, “myclass” to category column and the rest will go to the text column.

Signup to Coralogix
WordPress Lightbox