sonar-ai-fix-parser

Fixes the regular expression of an existing parser using Logpresso AI. Validates the existing parser's matching results against the sample logs supplied by the subquery, and when matches fail or fields are missing, the sLLM regenerates the regular expression. Use this command to quickly correct a parser in operation when it no longer matches a new log format. A Logpresso AI Assistant connection profile must be configured beforehand.

Command properties

Item	Description
Command type	Driver query
Required permission	None
License usage	Counted
Parallel execution	Not supported
Distributed execution	Not supported

Syntax

sonar-ai-fix-parser [profile=STR] code=STR [prompt=STR] [max-retry=INT] [debug=BOOL] [dry-run=BOOL] [ SUBQUERY ]

Options

profile=STR: Name of the Logpresso AI Assistant connect profile to use. If omitted, one of the available profiles registered on the system is selected automatically.
code=STR: Identifier of the existing parser to fix. Must be 50 characters or fewer.
prompt=STR: Additional guidance text passed to the sLLM when fixing the regular expression.
max-retry=INT: Maximum number of retries when regular expression validation fails (default: 3).
debug=BOOL: When set to t, sLLM request and response messages and automatic-fix details are also returned as output fields (default: f).
dry-run=BOOL: When set to t, only the validation and repair procedures run without modifying the actual parser definition (default: f).

Output fields

Returns one row per progress event during sample extraction, regular expression validation, sLLM invocation, and parser update.

Field	Type	Description
`_time`	timestamp	Time when the progress event occurred
`profile`	string	Name of the connect profile used
`level`	string	Log level (`info`, `debug`, `error`)
`module`	string	Processing module name (`agent`, `api`, `sllm`, etc.)
`msg`	string	Progress or result message
`status`	string	Status of each step (`success`, `failure`)
`error`	string	Error message on failure (unset on success)

Error codes

Parse errors

Error code	Message	Description
212200	사용 가능한 SLLM 프로파일이 없습니다.	`profile` was omitted and no Logpresso AI Assistant connect profile is registered on the system.
212201	SLLM 프로파일 이름을 입력하세요.	The `profile` option value is empty.
212202	하나의 프로파일만 지정하세요.	Two or more profiles were listed in `profile` separated by commas.
212240	[ ] 괄호 안에 서브쿼리를 지정하세요.	The subquery that supplies sample logs is missing.
212270	code 옵션을 지정하세요.	The required `code` option is empty.
212271	파서 식별자는 50자 이하여야 합니다.	The `code` value exceeds 50 characters.

Runtime errors

Error code	Message	Description	Post-processing behavior
N/A	파서 수정에 실패했습니다.	Covers all exceptions raised during execution, including sLLM call failures, exceeding regex validation retries, and parser save failures.	The exception is absorbed; a row with `level=error`, `status=failure`, and `error=<exception message>` is returned and the command terminates.

Description

The sonar-ai-fix-parser command operates in the following order.

Runs the subquery ([ ... ]) to collect sample log lines.
Looks up the regular expression and output field definitions of the existing parser specified by code.
Applies the existing regular expression to the sample logs to verify whether matching fails or any fields are missing.
If validation fails, attempts an automatic fix (RegexAutoFixer) first, and if that does not resolve the issue, requests the sLLM to fix the regular expression.
Validates the regular expression returned by the sLLM again, retrying up to max-retry times when validation fails.
Applies the validated regular expression to the parser. This step is skipped when dry-run=t.

Progress for each step is returned as level=info rows, while detailed information such as sLLM request and response bodies or automatic-fix records are returned as level=debug rows. Debug rows are emitted only when debug=t is set.

The subquery must return original log records that include a line field. Typically you extract recent data from a collection table in the production environment or query a sample table preloaded for this purpose. The profile option accepts a single profile only; specifying two or more raises an error during the parse stage.

Examples

Fix the regular expression of the web-apache parser using the last hour of logs from the production WEB_APACHE table
```
sonar-ai-fix-parser code="web-apache" [
  table duration=1h WEB_APACHE
  | fields line
  | limit 100
]
```
Validates the existing parser against the 100 original log lines extracted by the subquery, and when there are unmatched lines, fixes the regular expression and applies it to the parser. Step-by-step progress messages are returned as individual rows.
Run a simulation only with additional guidance
```
sonar-ai-fix-parser profile="logpresso-ai" code="custom-fw"
    prompt="The src_ip group must match both IPv4 and IPv6" dry-run=t [
  table duration=10m FW_CUSTOM
  | fields line
  | limit 50
]
```
Because dry-run=t is set, only the validation and repair procedures run, and the parser definition is not modified. The regular expression suggested by the sLLM and the validation results can be inspected in the msg field of the output.
Inspect sLLM responses and regex differences in debug mode
```
sonar-ai-fix-parser code="web-nginx" max-retry=5 debug=t [
  json "[{'line': '203.0.113.5 - - [18/Nov/2024:10:00:00 +0900] \"GET / HTTP/1.1\" 200 1024'}]"
]
```
With debug=t, the sLLM request and response bodies, automatic-fix steps, and differences in named groups between the original and the fixed regular expressions are returned together as level=debug rows.

Compatibility

The sonar-ai-fix-parser command is available from Sonar 5.0.2603.0.