openobserve-community-mcp

Instructions

Implementation Reference

• openobserve_mcp/server.py:92-121 (handler)

  The `search_logs` function is defined as an MCP tool using `@server.tool()`. It handles the search logic by invoking the OpenObserve client's `search_sql` method and formatting the output using `build_search_logs_result`.

  def search_logs(
      sql: str,
      start_time: int,
      end_time: int,
      limit: int = 100,
      offset: int = 0,
      use_cache: bool = False,
      timeout: int | None = None,
      output_format: str = "records",
      record_profile: str = "generic",
      include_raw: bool = False,
  ) -> dict[str, Any]:
      """Run a full SQL search against OpenObserve logs. Supports WHERE, ORDER BY, GROUP BY, and aggregate functions, e.g. SELECT level, count(*) AS cnt FROM stream_name GROUP BY level ORDER BY cnt DESC. Time values are Unix timestamps in microseconds. Tip: 1 hour = 3_600_000_000 us, 1 day = 86_400_000_000 us. The limit parameter sets the API page size; if your SQL also includes LIMIT, the smaller effective result wins. output_format can be 'records' or 'columns'; 'columns' is especially useful for wide SELECT * queries and can save roughly 35-40% tokens. record_profile can be 'generic' or 'kubernetes_compact'; the Kubernetes compact profile trims common noisy metadata fields such as pod labels and pod IP metadata."""
      client = client_provider.get()
      raw = client.search_sql(
          sql=sql,
          start_time=start_time,
          end_time=end_time,
          offset=offset,
          limit=limit,
          use_cache=use_cache,
          timeout=timeout,
      )
      return build_search_logs_result(
          org_id=client.resolve_org_id(),
          raw=raw,
          output_format=output_format,
          record_profile=record_profile,
          include_raw=include_raw,
      )