Logs Sieve MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add logs-sieve -- npx -y mcp-server-logs-sieve@latest --provider gcp
README.md

Query, summarize, and trace logs in plain English across observability backends.

mcp-server-logs-sieve

mcp-server-logs-sieve is an MCP server that lets AI assistants query logs directly from your observability backend.

Ask debugging questions in plain language, and let Logs Sieve pull the exact logs and context for you.

Why this exists

During incidents, a lot of time goes into repetitive steps:

  • finding the right log source
  • narrowing the time window
  • spotting recurring failure patterns
  • following one trace across services

Logs Sieve packages those workflows into four tools: query_logs, summarize_logs, trace_request, and list_log_sources.

Supported providers

  • Google Cloud Logging (gcp)
  • AWS CloudWatch Logs (aws)
  • Azure Monitor Logs (azure)
  • Grafana Loki (loki)
  • Elasticsearch (elasticsearch)

Prerequisites

⚠️ Node.js 20 or above is required.

This package uses ES modules and dependencies that need Node.js 20+. If you see ERR_MODULE_NOT_FOUND errors, check your Node version with node -v and upgrade if needed.

This applies whether you run via npx, install globally, or use from source.

Quick MCP config

Example .mcp.json:

{
  "mcpServers": {
    "logs-sieve": {
      "command": "npx",
      "args": ["-y", "mcp-server-logs-sieve@latest", "--provider", "gcp"]
    }
  }
}

If you are running from this repo source directly, you can still use node ./bin/mcp-server-logs-sieve.js --provider gcp.

First-time setup: On first use, npx needs to download and install the package (~40s). Claude Code may time out waiting for this. Run the following once in your terminal to prime the cache before adding it to your MCP config:

npx mcp-server-logs-sieve@latest --provider gcp
# (Ctrl+C once it starts — you just need the install to complete)

After that, Claude Code will start the server instantly from the npx cache.

After updating config, restart your MCP client and confirm with /mcp.

Provider auth and env vars

See provider-specific setup and auth docs:

For Elasticsearch API compatibility headers:

export ELASTICSEARCH_COMPAT_VERSION=8

CLI usage

The package also includes a CLI for direct terminal usage:

mcp-server-logs-sieve query --provider gcp --scope my-project --last 1h --filter "payment failed"
mcp-server-logs-sieve summarize --provider gcp --scope my-project --last 24h
mcp-server-logs-sieve trace --provider gcp --scope my-project --trace <trace-id>
mcp-server-logs-sieve sources --provider gcp --scope my-project

Documentation

Contributing

Contributions are welcome.

Tools (4)

query_logsQueries logs from the configured observability provider.
summarize_logsSummarizes logs over a specified time window.
trace_requestTraces a specific request across services.
list_log_sourcesLists available log sources for the provider.

Environment Variables

ELASTICSEARCH_COMPAT_VERSIONSets the Elasticsearch API compatibility header version.

Configuration

claude_desktop_config.json
{"mcpServers": {"logs-sieve": {"command": "npx", "args": ["-y", "mcp-server-logs-sieve@latest", "--provider", "gcp"]}}}

Try it

Find all logs from the last hour that contain 'payment failed'.
Summarize the error logs from the last 24 hours for my project.
Trace the request with ID 12345 across my services.
List all available log sources in my GCP project.

Frequently Asked Questions

What are the key features of Logs Sieve?

Natural language log querying without writing filter expressions. Support for multiple providers: GCP, AWS, Azure, Loki, and Elasticsearch. Automated log summarization and failure pattern detection. Cross-service request tracing. Integrated CLI for terminal-based log analysis.

What can I use Logs Sieve for?

Quickly identifying the root cause of production incidents during on-call rotations. Summarizing recurring failure patterns in distributed systems. Tracing a single user request across multiple microservices. Filtering through massive log volumes using plain English queries.

How do I install Logs Sieve?

Install Logs Sieve by running: npx mcp-server-logs-sieve@latest --provider gcp

What MCP clients work with Logs Sieve?

Logs Sieve works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Logs Sieve docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars