# Logflare (Log Management Analytics) MCP

> Logflare (Log Management Analytics) lets your AI agent monitor and manage log data instantly. Send event batches, execute complex ad-hoc SQL queries against BigQuery/PostgreSQL logs, or pull structured reports by calling specific endpoints—all through natural language chat.

## Overview
- **Category:** data-analytics
- **Price:** Free
- **Tags:** logging, bigquery, sql-analytics, observability, real-time-logs

## Description

Logflare's MCP Server lets your AI agent manage log data and run analytics right through natural conversation. Forget digging into dashboards—you just chat with your agent, and it handles the connection to your BigQuery-backed logs.

**Ingesting Log Batches**

You can get new log events recorded in your system using two methods. If you know the exact source identifier, call `ingest_logs_by_id`—you just feed it a batch of log events and the unique UUID for that specific data stream. Need to send logs but you only know the friendly name? Use `ingest_logs_by_name`; this tool takes those same log events and sends them to the source using a simple, human-readable label.

**Running Custom Queries**

Need to find something specific in your archives? You don't need to write complex SQL yourself. Your agent runs an ad-hoc query via `management_query`. This tool lets you hit up your logs directly with custom BigQuery or PostgreSQL queries, which is huge for pattern detection. Just remember: you gotta include a timestamp filter in the request; otherwise, the query won't run right.

**Fetching Structured Reports**

If what you need isn't a live ad-hoc search, you can pull pre-configured analytical reports. For this, you have two ways to call the data: first, if you know the report’s unique identifier, use `query_endpoint_by_id`. This tool fetches structured analytics from an endpoint using its specific UUID. If that ID is too much hassle, you can just give your agent the report's common name and invoke `query_endpoint_by_name` to pull in those pre-set metrics.

***

When you use this server, your AI client takes your natural language request and translates it into one of these five specific tool calls. Whether you’re sending a batch of events by ID or querying performance data by name, the data comes back straight to your chat context. You'll get the raw log records, the SQL results set, or the structured report data—whatever you need to act on immediately. It's direct, fast, and it keeps all the heavy lifting off your shoulders.

## Tools

### ingest_logs_by_id
Takes log events and sends them to a specified source using its unique UUID.

### ingest_logs_by_name
Takes log events and sends them to a specified source using a human-readable name.

### management_query
Runs an ad-hoc SQL query against your logs. You must include a timestamp filter in the request.

### query_endpoint_by_id
Fetches structured analytical data from a log endpoint using its unique UUID.

### query_endpoint_by_name
Fetches structured analytical data from a log endpoint using the report's friendly name.

## Prompt Examples

**Prompt:** 
```
Send a log to 'api-logs' saying 'Connection timeout' with metadata {'service': 'auth'}.
```

**Response:** 
```
I've successfully ingested the log event into the 'api-logs' source using `ingest_logs_by_name`. The event is now available for analysis.
```

**Prompt:** 
```
Run a SQL query to find the top 5 IP addresses from the 'web-traffic' source in the last hour.
```

**Response:** 
```
I've executed the `management_query`. Here are the top 5 IP addresses found: [List of IPs]. I included the required timestamp filter for the last 60 minutes.
```

**Prompt:** 
```
Query the endpoint 'daily-summary' with the parameter 'date' set to '2023-10-27'.
```

**Response:** 
```
I've retrieved the data from the 'daily-summary' endpoint using `query_endpoint_by_name`. The summary for that date shows 15,420 total events.
```

## Capabilities

### Ingest Logs by UUID
Sends a batch of log events to a specific source using its unique ID.

### Ingest Logs by Name
Sends a batch of log events to a specific source using a friendly, human-readable name.

### Run Ad-hoc SQL Queries
Executes custom BigQuery or PostgreSQL queries against your logs data set (requires a time filter).

### Fetch Report Data by UUID
Queries pre-configured analytical reports using the report's unique identifier.

### Fetch Report Data by Name
Queries pre-configured analytical reports using the report's friendly name.

## Use Cases

### Finding the root cause of a 500 error
An engineer sees an alert for 'Connection Timeout'. Instead of manually checking three different dashboards, they prompt their agent: 'Show me all logs from service X in the last 15 minutes.' The agent runs `management_query` and immediately pinpoints which specific microservice generated the timeout error.

### Generating a usage report for Q3
A data analyst needs to know how many users accessed the billing page last month. They prompt their agent: 'Get me the daily summary report for billing.' The agent runs `query_endpoint_by_name`, retrieving the total event count and formatted data instantly.

### Debugging a new feature
A backend dev finishes coding a new API endpoint. Instead of running manual CURL commands, they use `ingest_logs_by_name` to pipe test logs into the system. They then ask the agent to analyze those specific ingested logs for flow anomalies.

### Auditing access patterns
Security team needs to check if any IPs accessed a sensitive endpoint last Tuesday. The prompt goes: 'Run an SQL query on web traffic logs from 2023-10-17.' The agent executes `management_query` and returns the filtered list of IP addresses.

## Benefits

- Run complex queries instantly. You can ask the agent to execute a `management_query` for top IP addresses in the last hour without writing SQL or leaving the interface.
- Centralized logging control. Use `ingest_logs_by_name` to send debug logs from your local machine directly into production sources, keeping track of flow easily.
- Structured reporting via API. Instead of building custom dashboards, you can pull pre-calculated summaries by name or UUID using `query_endpoint_by_name`. It’s faster.
- No context switching needed. You don't have to jump between the terminal, BigQuery console, and Slack. Everything—from running a query to getting results—happens in one conversation.
- Immediate debugging power. When an issue pops up, you can use `ingest_logs_by_id` to pinpoint exactly which log stream is causing the problem.

## How It Works

The bottom line is that your AI client talks to Logflare's APIs using structured tools, so you don't have to copy-paste API calls or run complex commands manually.

1. Subscribe to this server and provide your Logflare Access Token (API Key).
2. Your AI client determines which action is needed—querying, ingesting, or fetching a report.
3. The agent calls the appropriate tool (e.g., `management_query`) with specific parameters, and you get the results back in context.

## Frequently Asked Questions

**How do I send logs using the Logflare (Log Management Analytics) MCP Server?**
You use one of two ingestion tools. If you know the log source's UUID, call `ingest_logs_by_id`. Otherwise, use `ingest_logs_by_name` with the readable name.

**Do I need to write complex SQL for every query?**
No. For standard metrics, you just call `query_endpoint_by_name`. Only when you need a unique, custom data intersection do you run an ad-hoc query using `management_query`.

**Is there a difference between UUID and Name for querying endpoints?**
Yes. Use `query_endpoint_by_id` when you have the exact, unique technical ID of the report. Use `query_endpoint_by_name` if you know the common name the team gave the report.

**What scope does Logflare (Log Management Analytics) MCP Server require for log ingestion?**
You'll need the 'ingest scope' to use `ingest_logs_by_id` or `ingest_logs_by_name`. This gives your agent permission to write new logs into the system.

**What should I do if my `management_query` fails when using the Logflare (Log Management Analytics) MCP Server?**
The server returns a detailed error message identifying the problem. This tells you whether it's a syntax issue in your SQL or a scope limitation. You can then adjust your query and try again to fix it.

**Are there rate limits when I use the Logflare (Log Management Analytics) MCP Server?**
While Vinkius manages basic throughput, continuous high-volume querying should be managed. If you hit a wall of requests, try scheduling your analysis as batch jobs instead of real-time chat interactions.

**How does the Logflare (Log Management Analytics) MCP Server handle different types of log data?**
It processes both structured and unstructured logs. You can use `ingest_logs` to dump raw text, then run SQL queries against those events to extract metrics from specific fields.

**How do I authenticate the Logflare (Log Management Analytics) MCP Server connection?**
You must provide a valid Logflare Access Token when subscribing. This API key authorizes your agent to perform all actions, including running `ingest_logs_by_id` and querying endpoints.

**What are the requirements for running a management query?**
You must provide a valid BigQuery SQL string. Crucially, Logflare requires a WHERE filter on the timestamp field to optimize the query. You can also optionally provide a PostgreSQL version of the query using the `management_query` tool.

**Can I ingest logs using just the source name instead of a UUID?**
Yes! You can use the `ingest_logs_by_name` tool. Simply provide the human-readable name of your source and the array of log events you wish to send.

**How do I pass parameters to a pre-configured Logflare Endpoint?**
Use the `query_endpoint_by_name` or `query_endpoint_by_id` tools and provide a JSON object in the `params` field. For example: `{"user_id": "123", "status": "active"}`.