sumo-mcp
The sumo-mcp server exposes a single search_logs tool to query Sumo Logic logs for investigating production systems.
Query logs using Sumo Logic search expressions (e.g.,
_sourceCategory=prod/api error)Specify time ranges via ISO 8601 timestamps, epoch milliseconds, or relative shorthands like
-15m,-1h,-7d, ornow(default:-15mtonow)Control result size with
max_results(default 100, max 1000)Set timezone context using IANA timezone names (e.g.,
UTC,Europe/London), defaulting toUTCRetrieve structured log data including
_messageTime,_sourceCategory,_sourceHost,_sourceName, and_rawlog contentDesigned for real-time log investigation: finding errors, tracing events, and auditing activity; hard timeout of 60 seconds per search
Allows searching logs in Sumo Logic using the search_logs tool, supporting query, time range, max results, and timezone parameters, returning JSON messages with fields such as _messageTime, _sourceCategory, _sourceHost, _sourceName, and _raw.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@sumo-mcpsearch for recent errors in my app logs"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
sumo-mcp
Minimal MCP server that exposes a single search_logs tool for Sumo Logic.
Build
npm install
npm run buildConfigure in Claude Code
API Key
In Sumo:
Click on your username and select
Personal Access KeysClick
Add New Access KeyEnter a name, e.g.
Claude LocalSelect
Customunder scopeCheck
Run Log Searchunder theLog SearchsectionSave the key
Install
The commands below prompt for the access ID and key interactively so the secrets never appear on the command line or in shell history.
SUMO_ENDPOINT must match https://api.*.sumologic.com. Pick the host for your Sumo deployment region (US2, EU, AU, etc.).
PowerShell
$accessId = Read-Host "Sumo Access ID"
$accessKey = [System.Net.NetworkCredential]::new('', (Read-Host "Sumo Access Key" -AsSecureString)).Password
claude mcp add --scope user sumo `
--env SUMO_ACCESS_ID=$accessId `
--env SUMO_ACCESS_KEY=$accessKey `
--env SUMO_ENDPOINT=https://api.us2.sumologic.com `
-- node C:\Source\SumoMcp\dist\index.js
Remove-Variable accessId, accessKeyBash
read -r -p "Sumo Access ID: " SUMO_ACCESS_ID
read -r -s -p "Sumo Access Key: " SUMO_ACCESS_KEY
echo
SUMO_ACCESS_ID="$SUMO_ACCESS_ID" SUMO_ACCESS_KEY="$SUMO_ACCESS_KEY" \
claude mcp add --scope user sumo \
--env SUMO_ACCESS_ID="$SUMO_ACCESS_ID" \
--env SUMO_ACCESS_KEY="$SUMO_ACCESS_KEY" \
--env SUMO_ENDPOINT=https://api.us2.sumologic.com \
-- node /path/to/sumo-mcp/dist/index.js
unset SUMO_ACCESS_ID SUMO_ACCESS_KEYTool
search_logs(query, from?, to?, max_results?, timezone?)
query— Sumo search expressionfrom/to— ISO 8601 without timezone designator (2026-05-07T10:00:00), epoch milliseconds, or relative shorthandnow/-<N><unit>where unit iss|m|h|d|w(e.g.-15m,-1h,-7d). Relative values are translated to epoch milliseconds before being sent to Sumo. Default-15m/nowmax_results— default 100, capped at 1000timezone— IANA name, defaultUTC(used whenfrom/toare ISO 8601 without an explicit offset)
Returns a JSON array of messages with _messageTime, _sourceCategory, _sourceHost, _sourceName, _raw.
Hard timeout 60s — narrow the time range or query if you hit it.
Design
See docs/superpowers/specs/2026-05-07-sumo-mcp-design.md.
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/droyad/sumo-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server