Which integrations are available for this server?

Provides tools for querying, summarizing, and tracing logs stored in Elasticsearch, enabling AI assistants to analyze observability data directly. Provides tools for querying, summarizing, and tracing logs stored in Elasticsearch, enabling AI assistants to analyze observability data directly. Enables AI assistants to query, summarize, and trace logs from Google Cloud Logging to accelerate incident response and debugging. Allows AI assistants to interact with Grafana Loki to query, summarize, and trace logs, helping to identify failure patterns and follow traces across services.

mcp-server-logs-sieve

npm version npm downloads license mcp-server-logs-sieve MCP server

mcp-server-logs-sieve is an MCP server that lets AI assistants query logs directly from your observability backend.

Ask debugging questions in plain language, and let Logs Sieve pull the exact logs and context for you.

Why this exists

During incidents, a lot of time goes into repetitive steps:

finding the right log source
narrowing the time window
spotting recurring failure patterns
following one trace across services

Logs Sieve packages those workflows into four tools: query_logs, summarize_logs, trace_request, and list_log_sources.

Supported providers

Google Cloud Logging (gcp)
AWS CloudWatch Logs (aws)
Azure Monitor Logs (azure)
Grafana Loki (loki)
Elasticsearch (elasticsearch)

Prerequisites

⚠️ Node.js 20 or above is required.
This package uses ES modules and dependencies that need Node.js 20+. If you see ERR_MODULE_NOT_FOUND errors, check your Node version with node -v and upgrade if needed.
This applies whether you run via npx, install globally, or use from source.

Quick MCP config

Example .mcp.json:

{
  "mcpServers": {
    "logs-sieve": {
      "command": "npx",
      "args": ["-y", "mcp-server-logs-sieve@latest", "--provider", "gcp"]
    }
  }
}

If you are running from this repo source directly, you can still use node ./bin/mcp-server-logs-sieve.js --provider gcp.

First-time setup: On first use, npx needs to download and install the package (~40s). Claude Code may time out waiting for this. Run the following once in your terminal to prime the cache before adding it to your MCP config:

npx mcp-server-logs-sieve@latest --provider gcp
# (Ctrl+C once it starts — you just need the install to complete)

After that, Claude Code will start the server instantly from the npx cache.

After updating config, restart your MCP client and confirm with /mcp.

Provider auth and env vars

See provider-specific setup and auth docs:

For Elasticsearch API compatibility headers:

export ELASTICSEARCH_COMPAT_VERSION=8

CLI usage

The package also includes a CLI for direct terminal usage:

mcp-server-logs-sieve query --provider gcp --scope my-project --last 1h --filter "payment failed"
mcp-server-logs-sieve summarize --provider gcp --scope my-project --last 24h
mcp-server-logs-sieve trace --provider gcp --scope my-project --trace <trace-id>
mcp-server-logs-sieve sources --provider gcp --scope my-project