wcomnisky/README.md

## README.md

      
    Raw
  

              README.md
            
          
    New Relic Logs Parsing

To create a log parsing rule follow the steps below.

Access https://one.newrelic.com/logger/log-parsing
Hit the "Create parsing rule" button
Fill in the fields:

Name as you like
Field to parse any field available in the logs; usually the message
Filter logs based on NRQL examples:

message like '%Search result request.%'
message like '% GET /%' OR message like '% POST /%' OR message like '% DELETE %'


Parsing rule examples below, where the word between <...> becomes the searcheable Attributes:

Search result request. Keyword: (?<keywords>(.*)), Latlong: (?<latlong>-?\d+\.\d+,-?\d+\.\d+), Distance: (?<distance>\d+), Limit: (?<limit>\d+), Offset: (?<offset>\d+)
^(?<ip>(.*?)) \| (?<datetimereq>.*?Z) \| (?<req>(GET|POST|DELETE) \/.*?)


Additional information can be found in the official docs:
https://docs.newrelic.com/docs/logs/ui-data/parsing/