Skip to main content
Glama
droyad

sumo-mcp

by droyad
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

search_logs

Run Sumo Logic searches to diagnose production issues, find errors, and trace events with time range and filter support.

Instructions

Run a Sumo Logic search and return matching log lines. Use this to investigate production issues, find errors, trace events, or look up activity in logs. Returns trimmed messages with timestamp, source category, host, source name, and raw log line.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
queryYesSumo Logic search expression (e.g. `_sourceCategory=prod/api error`).
fromNoStart time. ISO 8601 (e.g. "2026-05-07T10:00:00") or Sumo relative ("-15m", "-1h", "-1d", "now"). Default "-15m".
toNoEnd time. Same format as `from`. Default "now".
max_resultsNoMax messages to return. Default 100, capped at 1000.
timezoneNoIANA timezone name for the search (e.g. "UTC", "Europe/London"). Default "UTC".

Implementation Reference

  • src/index.ts:170-251 (handler)
    The main handler function for the search_logs tool. Creates a Sumo Logic search job, polls until results are gathered (up to 60s), fetches messages, and returns trimmed log entries. Cleans up the job via DELETE on completion.
    async function searchLogs(
  config: Config,
  input: SearchInput,
): Promise<TrimmedMessage[]> {
  const max = Math.min(input.max_results ?? 100, MAX_RESULTS_LIMIT);
  const jobBody = {
    query: input.query,
    from: input.from ?? '-15m',
    to: input.to ?? 'now',
    timeZone: input.timezone ?? 'UTC',
  };

  const create = await sumoFetchWithRetry(
    config,
    'POST',
    '/api/v1/search/jobs',
    jobBody,
  );
  if (create.status >= 400) throw mapError(create.status, create.body);

  const createBody = create.body as { id?: string } | null;
  const jobId = createBody?.id;
  if (!jobId) {
    throw new SumoError(
      `Sumo did not return a job id. Response: ${JSON.stringify(create.body)}`,
    );
  }

  try {
    const start = Date.now();
    while (true) {
      if (Date.now() - start > MAX_SEARCH_DURATION_MS) {
        throw new SumoError(
          'Search did not complete within 60s. Try a smaller time range or simpler query.',
        );
      }
      const status = await sumoFetchWithRetry(
        config,
        'GET',
        `/api/v1/search/jobs/${jobId}`,
      );
      if (status.status >= 400) throw mapError(status.status, status.body);

      const statusBody = status.body as { state?: string } | null;
      if (statusBody?.state === 'DONE GATHERING RESULTS') break;
      if (statusBody?.state === 'CANCELLED') {
        throw new SumoError('Search job was cancelled by Sumo.');
      }

      const elapsed = Date.now() - start;
      const pollIntervalMs = elapsed < 10_000 ? 1000 : 5000;
      await sleep(pollIntervalMs);
    }

    const results = await sumoFetchWithRetry(
      config,
      'GET',
      `/api/v1/search/jobs/${jobId}/messages?offset=0&limit=${max}`,
    );
    if (results.status >= 400) throw mapError(results.status, results.body);

    const resultsBody = results.body as { messages?: unknown[] } | null;
    const rawMessages = resultsBody?.messages ?? [];
    return rawMessages.map((msg) => {
      const wrapper = msg as { map?: Record<string, string> } | null;
      const map = wrapper?.map ?? (msg as Record<string, string>) ?? {};
      return {
        _messageTime: map._messageTime ?? '',
        _sourceCategory: map._sourceCategory,
        _sourceHost: map._sourceHost,
        _sourceName: map._sourceName,
        _raw: map._raw ?? '',
      };
    });
  } finally {
    try {
      await sumoFetch(config, 'DELETE', `/api/v1/search/jobs/${jobId}`);
    } catch {
      // best-effort cleanup; intentionally swallowed
    }
  }
}
  • src/index.ts:154-160 (schema)
    Input interface for the search_logs tool: query, from/to time range, max_results, timezone.
    interface SearchInput {
  query: string;
  from?: string;
  to?: string;
  max_results?: number;
  timezone?: string;
}
  • src/index.ts:162-168 (schema)
    Output interface for search_logs: trimmed message fields (_messageTime, _sourceCategory, _sourceHost, _sourceName, _raw).
    interface TrimmedMessage {
  _messageTime: string;
  _sourceCategory?: string;
  _sourceHost?: string;
  _sourceName?: string;
  _raw: string;
}
  • src/index.ts:260-307 (registration)
    Registers the search_logs tool with the MCP server using server.tool(), including Zod schema definitions for input validation and the async handler that calls searchLogs().
    server.tool(
  'search_logs',
  'Run a Sumo Logic search and return matching log lines. Use this to investigate production issues, find errors, trace events, or look up activity in logs. Returns trimmed messages with timestamp, source category, host, source name, and raw log line.',
  {
    query: z.string().describe('Sumo Logic search expression (e.g. `_sourceCategory=prod/api error`).'),
    from: z
      .string()
      .optional()
      .describe('Start time. ISO 8601 (e.g. "2026-05-07T10:00:00") or Sumo relative ("-15m", "-1h", "-1d", "now"). Default "-15m".'),
    to: z
      .string()
      .optional()
      .describe('End time. Same format as `from`. Default "now".'),
    max_results: z
      .number()
      .int()
      .positive()
      .max(MAX_RESULTS_LIMIT)
      .optional()
      .describe(`Max messages to return. Default 100, capped at ${MAX_RESULTS_LIMIT}.`),
    timezone: z
      .string()
      .optional()
      .describe('IANA timezone name for the search (e.g. "UTC", "Europe/London"). Default "UTC".'),
  },
  async (args) => {
    try {
      const messages = await searchLogs(config, args);
      return {
        content: [
          {
            type: 'text',
            text: JSON.stringify(messages, null, 2),
          },
        ],
      };
    } catch (err) {
      const message =
        err instanceof SumoError
          ? err.userMessage
          : `Unexpected error: ${err instanceof Error ? err.message : String(err)}`;
      return {
        isError: true,
        content: [{ type: 'text', text: message }],
      };
    }
  },
);
  • src/index.ts:111-128 (helper)
    Helper function sumoFetchWithRetry used by searchLogs to make HTTP requests with rate-limit retry logic.
    async function sumoFetchWithRetry(
  config: Config,
  method: string,
  path: string,
  body?: unknown,
): Promise<SumoResponse> {
  let attempt = 0;
  while (true) {
    const result = await sumoFetch(config, method, path, body);
    if (result.status !== 429) return result;
    if (attempt >= RATE_LIMIT_RETRIES) {
      throw new SumoError('Rate limited by Sumo.');
    }
    const backoffMs = 1000 * Math.pow(2, attempt);
    await sleep(backoffMs);
    attempt++;
  }
}

Tool Definition Quality

A4.4/5.0
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description discloses the return format: 'Returns trimmed messages with timestamp, source category, host, source name, and raw log line.' Since no annotations exist, the description sufficiently informs about the tool's read-only nature and output structure.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise, consisting of only two sentences. The first sentence states the core function, and the second provides use cases and return fields. No redundant information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has 5 parameters and no output schema, the description covers the purpose, usage timing, and return structure. It is sufficiently complete for an agent to understand when and how to use it.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, with each parameter described. The tool description does not add extra semantic detail beyond the schema; however, the schema descriptions are adequate. Baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Run a Sumo Logic search and return matching log lines', specifying the exact action and resource. It also lists specific use cases like investigating production issues, finding errors, and tracing events.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states when to use the tool: 'Use this to investigate production issues, find errors, trace events, or look up activity in logs.' This provides clear context for usage.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/droyad/sumo-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server