Works alongside the broader ELK Stack, providing diagnostics and monitoring capabilities that complement Elastic's ecosystem for log management and analysis.
Supports integration with Elasticsearch clusters, helping monitor Logstash performance feeding into Elasticsearch, identify pipeline bottlenecks that may affect indexing, and optimize configurations for better cluster performance.
Provides tools for monitoring and diagnosing Logstash instances, including connectivity checks, node statistics, pipeline performance analysis, health assessments, plugin management, and JVM metrics visualization.
IMPORTANT
This repository is vibe coded, AI generated and not tested properly. Use it with your own risk.
Logstash MCP Server
A Model Context Protocol (MCP) server for interacting with Logstash instances. This server provides comprehensive tools for monitoring and defining Logstash instance performance bottleneck.
Web UI
The project includes a web-based user interface for easy interaction with your Logstash instance.
Running the Web UI
Start the web interface:
Open your browser and navigate to:
Web UI Features
The web interface provides:
Interactive Dashboard: Visual interface to access all Logstash monitoring tools
Real-time Monitoring: Check connectivity, node stats, and pipeline performance
Health Analysis: Comprehensive health checks with visual feedback
Pipeline Management: View statistics for individual or all pipelines
Performance Debugging: Hot threads analysis and JVM statistics
Plugin Management: Browse installed Logstash plugins
Web UI Configuration
The web UI uses the same configuration as the MCP server:
Default Logstash URL:
http://localhost:9600
Override with:
LOGSTASH_API_BASE
environment variableWeb interface runs on:
http://localhost:5001
Example with custom Logstash URL:
Features
Monitoring Tools
Node Information: Get Logstash version, build info, and settings
Node Statistics: JVM, process, and pipeline metrics
Pipeline Statistics: Monitor individual or all pipeline performance
Hot Threads: Debug performance issues with thread analysis
Health Check: Comprehensive health assessment with recommendations
Connectivity Check: Verify connection to Logstash with detailed diagnostics
Management Tools
Pipeline Reload: Reload specific pipeline configurations
Plugin Listing: View all installed Logstash plugins
JVM Statistics: Detailed memory and garbage collection metrics
Grok Patterns: List available Grok patterns for log parsing
Installation
Install dependencies:
Set up environment variables (optional):
Configuration
The server uses the following default configuration:
Logstash Host: localhost
Logstash Port: 9600
API Base URL: http://localhost:9600
You can override the API base URL using the LOGSTASH_API_BASE
environment variable.
Available Tools (12 Total)
logstash_check_connectivity
Check connectivity to the Logstash instance with detailed connection status, response times, and error handling.
Returns: Connection status, URL, version, host, response time, error details, and troubleshooting suggestions
logstash_node_info
Get Logstash node information including version, build info, and settings.
logstash_node_stats
Get comprehensive node statistics including JVM, process, and pipeline metrics.
Parameters:
human
(boolean, default: true)
logstash_pipelines_stats
Get statistics for all Logstash pipelines.
Parameters:
human
(boolean, default: true)
logstash_pipeline_stats
Get statistics for a specific pipeline.
Parameters:
id
(string, required),human
(boolean, default: true)
logstash_hot_threads
Get hot threads information for debugging performance issues.
Parameters:
threads
(integer, default: 3),human
(boolean, default: true)
logstash_plugins
List all installed Logstash plugins.
check_backpressure
Check queue backpressure metrics to monitor pipeline performance and congestion.
Parameters:
human
(boolean, default: true)
logstash_health_check
Perform comprehensive health check with analysis and recommendations.
logstash_jvm_stats
Get detailed JVM statistics for memory analysis.
Parameters:
human
(boolean, default: true)
logstash_health_report
Get detailed health report from Logstash.
flow_metrics
Get detailed flow metrics including throughput, backpressure, and worker concurrency.
Parameters:
human
(boolean, default: true)
Health Check Analysis
The health check tool analyzes:
Connectivity Verification: Tests connection to Logstash before other checks
JVM Memory Usage: Warns if heap usage exceeds 80%
Pipeline Performance: Detects pipelines with filtered but no output events
Queue Usage: Identifies large queue sizes that may impact performance
Quick Start Commands
After starting the server with python3 logstash_mcp_server.py
, use these JSON-RPC commands:
1. Initialize (Required First)
2. Check Connectivity
3. Health Check
4. List All Tools
5. Get Node Info
Usage Examples
Basic Health Check
Pipeline Monitoring
Performance Debugging
Integration with ELK Stack
This MCP server is designed to work alongside Elasticsearch diagnostics and can help:
Monitor Logstash performance feeding into your Elasticsearch cluster
Identify pipeline bottlenecks that may contribute to indexing delays
Optimize Logstash configuration for better cluster performance
Based on your Elasticsearch cluster analysis showing high shard counts, ensure your Logstash pipelines are optimized for efficient indexing patterns.
Error Handling
The server includes comprehensive error handling for:
Connection failures to Logstash API
Invalid pipeline IDs
API response errors
Network timeouts
Detailed error messages with troubleshooting suggestions
Testing
Run the test suite to verify everything works:
The test suite includes:
Server initialization tests
Tool listing verification
Mocked health check tests
Error handling validation
Security Considerations
The server connects to Logstash API endpoints
Ensure proper network security between MCP server and Logstash
Consider authentication if your Logstash instance requires it
Monitor API access logs for security auditing
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A Model Context Protocol server that provides comprehensive tools for monitoring and identifying performance bottlenecks in Logstash instances through an interactive web UI and JSON-RPC interface.
Related MCP Servers
- -securityFlicense-qualityA Model Context Protocol server that enables LLMs to interact with Elasticsearch clusters, allowing them to manage indices and execute search queries using natural language.Last updated -2
Logfire MCP Serverofficial
AsecurityAlicenseAqualityA Model Context Protocol server that enables LLMs to retrieve and analyze OpenTelemetry traces and metrics from Logfire, supporting exception tracking and custom SQL queries against telemetry data.Last updated -4109MIT License- AsecurityAlicenseAqualityA Model Context Protocol server that provides LLMs with real-time network traffic analysis capabilities, enabling tasks like threat hunting, network diagnostics, and anomaly detection through Wireshark's tshark.Last updated -7226MIT License
- -securityFlicense-qualityA lightweight Model Context Protocol server that enables creating, managing, and querying model contexts with integrated Datadog metrics and monitoring.Last updated -