> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# New Relic

> How to forward MCP Manager logs to New Relic over OpenTelemetry: generating a License (ingest) key, choosing the regional OTLP endpoint, configuring the api-key request header, and verifying logs with NRQL.

New Relic supports native OTLP (OpenTelemetry Protocol) ingestion, so MCP Manager can send logs straight to New Relic's OTLP/HTTP endpoint over HTTPS — no intermediate collector or proxy required. Once your MCP Manager logs are in New Relic, you can query them with NRQL, build dashboards alongside your application telemetry, and alert on unusual MCP tool-call patterns.

This guide covers the New Relic-specific details. For what MCP Manager sends, how forwarding behaves, who can configure it, and general troubleshooting, see [Export to SIEM](/enterprise/export-to-siem).

<Info>
  Configuring log forwarding requires the **Manage OpenTelemetry collector** capability and an Enterprise plan that includes the OpenTelemetry integration. If you do not see the **Logging → Integrations** panel, see [Who can set up log export](/enterprise/export-to-siem#who-can-set-up-log-export).
</Info>

## What you'll need

* A **New Relic account**.
* A New Relic **License (ingest) key** — the key type used to send data into New Relic. This is **not** a User key.
* Access to MCP Manager with the **Manage OpenTelemetry collector** capability.

## Step 1: Generate a License (ingest) key in New Relic

MCP Manager authenticates to New Relic with a **License key** (also called an ingest key). License keys are specifically for sending data into New Relic; User keys are for NerdGraph API access and will **not** work for OTLP ingestion.

<Steps>
  <Step title="Open the API keys page">
    Log in at [one.newrelic.com](https://one.newrelic.com) and go to the **API keys** page (via the user menu in the lower-left corner, or directly at [one.newrelic.com/api-keys](https://one.newrelic.com/api-keys)).
  </Step>

  <Step title="Create an ingest key">
    Select **Create a key**. For **Key type**, choose **Ingest - License**. Give it a descriptive name (for example, `MCP Manager OTEL Logs`) and select the account the key belongs to.
  </Step>

  <Step title="Copy the key immediately">
    Select **Create a key**, then copy the full key right away. New Relic shows the complete key only once at creation; afterward only the first characters are visible. If you lose it, create a new one.
  </Step>
</Steps>

<Note>
  License (ingest) keys are distinct from User keys. A User key returns `403 Forbidden` on the OTLP ingest endpoint. If you are unsure which you have, create a fresh **Ingest - License** key.
</Note>

## Step 2: Choose your collector URL

New Relic exposes regional OTLP endpoints. Pick the one matching your account's data region, and include the full `/v1/logs` path — MCP Manager sends the URL exactly as entered and appends nothing.

| Region        | Logs collector URL                           |
| ------------- | -------------------------------------------- |
| United States | `https://otlp.nr-data.net:4318/v1/logs`      |
| Europe        | `https://otlp.eu01.nr-data.net:4318/v1/logs` |
| US FedRAMP    | `https://gov-otlp.nr-data.net:4318/v1/logs`  |

The **US** endpoint is `https://otlp.nr-data.net:4318/v1/logs` and the **EU** endpoint is `https://otlp.eu01.nr-data.net:4318/v1/logs`. A few details:

* **Port `4318`** is the standard OTLP/HTTP port. New Relic also accepts traffic on `443` and `4317`, but `4318` is the recommended HTTP port.
* **The `/v1/logs` path is required.** MCP Manager does not append path segments, so the URL must end in `/v1/logs`.
* If you are unsure of your region, check your New Relic URL: `one.newrelic.com` is US, and `one.eu.newrelic.com` is EU.

## Step 3: Connect MCP Manager to New Relic

New Relic authenticates with a custom **`api-key`** header rather than the standard `Authorization` header. Because MCP Manager's **Request headers** field is an open key/value list, you add the `api-key` header directly — no `Bearer` or `Basic` prefix.

<Steps>
  <Step title="Open the OpenTelemetry collector panel">
    In MCP Manager, go to [Logs → Integrations](https://app.mcpmanager.ai/settings/logging/integrations) and find the **OpenTelemetry collector** panel.
  </Step>

  <Step title="Enter the collector URL">
    In **Logs collector URL**, paste your regional endpoint from Step 2, for example `https://otlp.nr-data.net:4318/v1/logs` for a US account. (To also export traces, set **Traces collector URL** to the matching `/v1/traces` endpoint; this guide covers logs.)
  </Step>

  <Step title="Add the api-key request header">
    Under **Request headers**, add one header:

    * **Field name:** `api-key`
    * **Field value:** your License (ingest) key from Step 1

    Paste the key value directly — New Relic expects the raw key, with no `Bearer` or `Basic` prefix.
  </Step>

  <Step title="Save the configuration">
    Select **Save**. MCP Manager stores the configuration and encrypts the header value. Saving confirms storage only — it does not confirm delivery. Continue to verification.
  </Step>
</Steps>

## Step 4: Verify logs are flowing

<Steps>
  <Step title="Trigger an MCP call">
    From a connected MCP client (Claude, Claude Code, Cursor, ChatGPT, and so on), make any call through a gateway — a `tools/list` call is enough.
  </Step>

  <Step title="Check MCP Manager Alerts if nothing arrives">
    Open [Alerts](https://app.mcpmanager.ai/settings/alerts) in MCP Manager. A delivery failure appears as a **"Failed to export telemetry logs to OTEL collector"** alert with the HTTP status code. For New Relic, the common codes are:

    * **`401 Unauthorized`** — the License key is incorrect or expired.
    * **`403 Forbidden`** — the key is likely a User key rather than a License (ingest) key.
    * **`404 Not Found`** — the URL path is wrong (missing `/v1/logs`).
  </Step>

  <Step title="Note the service name MCP Manager is sending">
    The OpenTelemetry collector panel's **Filter your logs by** section shows the `service.name` and `service.version` MCP Manager is sending. Use those values to find your logs in New Relic.
  </Step>
</Steps>

## Step 5: Find your logs in New Relic

Once logs are flowing, open **Logs** in the New Relic left sidebar (under **All Capabilities** if it is not pinned), or query with NRQL:

```sql theme={null}
SELECT * FROM Log SINCE 30 minutes ago
```

You should see records for each MCP request, including `proxy_request_success` and `proxy_response_success` entries with detailed metadata. There may be a short delay (up to a few minutes) before logs appear in New Relic's query interface. From here you can build dashboards and alert conditions alongside the rest of your New Relic telemetry.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Connected in MCP Manager but no logs in New Relic">
    Check [Alerts](https://app.mcpmanager.ai/settings/alerts) in MCP Manager first — a failing export shows the HTTP status code there. Confirm you triggered an MCP call **after** saving (records are only produced when requests flow through a gateway), and that you are looking at **Logs** in New Relic, not APM or Infrastructure. Allow a few minutes for records to appear.
  </Accordion>

  <Accordion title="Export is failing with 401 or 403">
    Verify you are using a **License (ingest) key**, not a User key — a User key returns `403`. Confirm the key belongs to the correct New Relic account, and check in New Relic's **API keys** page that the key has not been revoked.
  </Accordion>

  <Accordion title="Export is failing with 404">
    The most common cause is a missing `/v1/logs` path — MCP Manager appends nothing, so the URL must end in `/v1/logs`. Double-check the host for your region: `otlp.nr-data.net` for US, `otlp.eu01.nr-data.net` for EU.
  </Accordion>

  <Accordion title="Test the connection manually">
    From any machine with outbound HTTPS access:

    ```bash terminal theme={null}
    curl -v -X POST "https://otlp.nr-data.net:4318/v1/logs" \
      -H "api-key: <your-license-key>" \
      -H "Content-Type: application/json" \
      -d '{}'
    ```

    A `400 Bad Request` with a JSON error about an invalid payload means the URL and `api-key` are both correct — New Relic just rejected the empty test body. That is the response you want; it confirms MCP Manager would reach the endpoint on a real request.
  </Accordion>
</AccordionGroup>

## Further reading

<CardGroup cols={2}>
  <Card title="Grafana Cloud" icon="grafana" iconType="brands" href="/enterprise/export-to-siem/grafana-cloud">
    The next per-vendor guide — the /otlp/v1/logs gateway and Basic auth.
  </Card>

  <Card title="Export to SIEM" icon="tower-broadcast" href="/enterprise/export-to-siem">
    What MCP Manager sends, how forwarding behaves, and general troubleshooting.
  </Card>

  <Card title="Self-hosted Collector" icon="server" href="/enterprise/export-to-siem/self-hosted-collector">
    The universal fallback if you'd rather route through your own collector.
  </Card>
</CardGroup>
