New Relic¶

By enabling this toolset, HolmesGPT will be able to pull traces and logs from New Relic for investigations.

Prerequisites¶

A New Relic User API Key (the one whose value starts with NRAK-)
Your New Relic Account ID (numeric, e.g. 1234567)

Creating a User API Key¶

New Relic supports several API key types — HolmesGPT needs a User API Key (prefix NRAK-). Ingest License Keys (NRII-), Browser keys, and Mobile keys will not work.

Go to Administration → API keys in your New Relic UI:

US region: https://one.newrelic.com/admin-portal/api-keys/launcher
EU region: https://one.eu.newrelic.com/admin-portal/api-keys/launcher

Click Create a key, choose key type User, give it a name (e.g. "holmesgpt"), and copy the NRAK-... value — you'll only see it once.

Finding your Account ID¶

In the same UI, click your profile icon (bottom-left) → Administration → your account name. The numeric ID appears in the URL and on the account overview page.

Configuration¶

Holmes CLIHolmes Helm ChartRobusta Helm Chart

Add the following to ~/.holmes/config.yaml. Create the file if it doesn't exist:

toolsets:
  newrelic:
    enabled: true
    config:
      api_key: "<your New Relic User API Key>"
      account_id: "<your New Relic account ID>"
      is_eu_datacenter: false  # Set to true if using New Relic EU region
      enable_multi_account: false  # Optional: set to true to query across multiple accounts

After making changes to your configuration, run:

holmes toolset refresh

First, create a Kubernetes secret with your User API Key:

kubectl create secret generic newrelic-credentials \
  --from-literal=api-key=your-new-relic-user-api-key \
  -n holmes

Namespace must match Holmes' deployment

Create the secret in the same namespace where Holmes runs. The -n holmes flag in the Holmes Helm tab and -n default in the Robusta Helm tab match each chart's documented defaults — adjust if you installed Holmes/Robusta into a different namespace. A secret in the wrong namespace silently resolves to an empty env var and authentication will fail with no clear error.

Then add to your Holmes Helm values:

additionalEnvVars:
  - name: NEW_RELIC_API_KEY
    valueFrom:
      secretKeyRef:
        name: newrelic-credentials
        key: api-key

toolsets:
  newrelic:
    enabled: true
    config:
      api_key: "{{ env.NEW_RELIC_API_KEY }}"
      account_id: "<your New Relic account ID>"
      is_eu_datacenter: false  # Set to true if using New Relic EU region
      enable_multi_account: false  # Optional: set to true to query across multiple accounts

First, create a Kubernetes secret with your User API Key:

kubectl create secret generic newrelic-credentials \
  --from-literal=api-key=your-new-relic-user-api-key \
  -n default

Namespace must match Holmes' deployment

Create the secret in the same namespace where Holmes runs. The -n holmes flag in the Holmes Helm tab and -n default in the Robusta Helm tab match each chart's documented defaults — adjust if you installed Holmes/Robusta into a different namespace. A secret in the wrong namespace silently resolves to an empty env var and authentication will fail with no clear error.

Then add to your Robusta Helm values:

holmes:
  additionalEnvVars:
    - name: NEW_RELIC_API_KEY
      valueFrom:
        secretKeyRef:
          name: newrelic-credentials
          key: api-key
  toolsets:
    newrelic:
      enabled: true
      config:
        api_key: "{{ env.NEW_RELIC_API_KEY }}"
        account_id: "<your New Relic account ID>"
        is_eu_datacenter: false  # Set to true if using New Relic EU region
        enable_multi_account: false  # Optional: set to true to query across multiple accounts

Update your Helm values and run a Helm upgrade:

helm upgrade robusta robusta/robusta --values=generated_values.yaml --set clusterName=<YOUR_CLUSTER_NAME>

Configuration Reference¶

Option	Default	Description
`api_key`	(required)	New Relic User API Key (starts with `NRAK-`).
`account_id`	(required)	New Relic account ID (numeric, e.g. `1234567`).
`is_eu_datacenter`	`false`	Set `true` for the EU region. Controls both the API endpoint (`api.eu.newrelic.com`) and the URL used in clickable links in Holmes's responses.
`enable_multi_account`	`false`	Enable cross-account queries. When true, Holmes exposes an additional `newrelic_list_organization_accounts` tool and lets individual NRQL queries override the account ID.

Capabilities¶

Tool Name	Description
newrelic_execute_nrql_query	Execute NRQL queries for Traces, APM, Spans, Logs and more
newrelic_list_organization_accounts	List all account IDs/names available to the API key (only enabled when `enable_multi_account: true`)

Multi-Account Mode¶

If your organization has multiple New Relic accounts, setting enable_multi_account: true lets Holmes query across all of them.

Your API key must have access to all the accounts you want Holmes to query. Without the required permissions, Holmes won't be able to retrieve data from those accounts.

The account_id in your config is used as the default when no specific account is specified.

How it Works¶

You don't need to know NRQL to use this toolset. Holmes will automatically construct and execute NRQL queries based on your investigation needs.

For example, when investigating application logs, Holmes might execute a query like:

SELECT message, timestamp FROM Log WHERE pod_name = 'your-app' SINCE 1 hour ago

To learn more about NRQL syntax, see the New Relic Query Language documentation.