# Logstash MCP

> Logstash (Server-side Log Pipeline API) lets you monitor and troubleshoot your data pipelines directly through conversation. Check node health, inspect JVM usage, find performance bottlenecks using `get_hot_threads`, or audit plugin versions—all without running manual commands on port 9600. It's deep system diagnostics for your AI agent.

## Overview
- **Category:** devops-cicd
- **Price:** Free
- **Tags:** logstash, elastic-stack, observability, pipeline-monitoring, node-metrics

## Description

You shouldn't have to run manual `curl` commands or mess around with port 9600 just to see if your data pipeline is actually working. This server lets you talk to your Logstash instance, letting your agent act like a dedicated SRE who keeps an eye on everything. Forget the console; you just ask it, and it gives you the diagnostics.

**Checking Pipeline Status:** To get an immediate read on how things are running, you'll use `get_health_report`. This spits out a quick, overall status report for the entire Logstash node and all its connected pipelines. It tells you right away if everything's green or if you need to worry about it.

**Analyzing Performance Metrics:** Need deep stats? You run `get_node_stats` when you wanna see detailed metrics on the JVM heap usage, plus how many events are actually getting processed per second. This tool gives you a full picture of your throughput rates and failure counts. When you're digging into system details, `get_node_info` pulls general operational data—you get the OS environment info and basic node configuration settings. For even deeper root access, `get_root` returns general root information about the actual underlying system where Logstash is running.

**Diagnosing Bottlenecks:** If your pipeline slows down or you suspect a CPU spike, you run `get_hot_threads`. This analyzes the current process threads and tells you exactly which component's hogging the high CPU resources. When you wanna verify what plugins are installed across the board, you use `get_plugins_info`, which lists every single plugin name and confirms its version across the entire Logstash environment.

## Tools

### get_health_report
Retrieves a quick, overall status report for the entire Logstash pipeline instance.

### get_hot_threads
Analyzes and returns information about threads currently consuming high CPU resources in the process.

### get_node_info
Gathers general operational details, including OS environment and basic configuration settings for the Logstash node.

### get_plugins_info
Lists all installed plugins and their associated versions within the Logstash environment.

### get_root
Returns general root information about the underlying system where Logstash is running.

### get_node_stats
Retrieves detailed metrics on JVM memory usage (heap) and event processing rates per second.

## Prompt Examples

**Prompt:** 
```
What is the current health status of my Logstash instance?
```

**Response:** 
```
I've checked the health report. Your Logstash instance is currently 'green'. All pipelines are functioning normally and no issues were detected in the latest report.
```

**Prompt:** 
```
Show me the JVM and event statistics for this node.
```

**Response:** 
```
Fetching node statistics... The JVM heap usage is at 45%, and the event pipeline is processing approximately 1,200 events per second with zero failures in the last 5 minutes.
```

**Prompt:** 
```
Are there any hot threads causing performance issues right now?
```

**Response:** 
```
I've analyzed the hot threads. There is one thread related to the 'elasticsearch' output plugin consuming 15% CPU, but overall the process looks stable. No critical bottlenecks detected.
```

## Capabilities

### Check Pipeline Status
Runs `get_health_report` to get an immediate status report on the entire Logstash node and its pipelines.

### Analyze Performance Metrics
Gathers detailed statistics using `get_node_stats`, showing JVM heap consumption, event throughput rates, and failure counts.

### Diagnose Bottlenecks
Uses `get_hot_threads` to analyze the current process threads and identify which component is consuming excessive CPU or causing slowdowns.

### Audit Configuration
Retrieves deep system details with `get_node_info`, providing OS environment and general node configuration settings.

### Verify Plugins
Runs `get_plugins_info` to list every installed plugin and confirm its version across the entire Logstash instance.

## Use Cases

### Investigating a Sudden Slowdown
A Data Engineer notices that log ingestion has slowed down. They prompt their agent: 'What's wrong with the pipeline?' The agent first runs `get_health_report` (to confirm status) and then calls `get_hot_threads`. The resulting data shows a specific output plugin is hogging 90% CPU, solving the mystery in minutes.

### Pre-Deployment Compliance Check
A DevOps team member needs to ensure all staging nodes have the correct version of their custom geo-ip filter. They run `get_plugins_info` on three different nodes, verifying that every single node reports the required plugin version before deployment.

### Memory Leak Investigation
An SRE suspects a gradual memory leak. They prompt for system statistics, triggering `get_node_stats`. The output shows steadily increasing JVM heap usage over time, confirming the suspected memory pressure and narrowing down the source.

### Initial System Handshake
A new team member joins and needs to know what's running. They ask their agent for general system context, triggering `get_node_info` and `get_root`, giving them a full picture of the operating environment without needing access to multiple shell tabs.

## Benefits

- See real-time performance metrics. Instead of digging through Grafana dashboards, run `get_node_stats` and instantly get JVM heap usage and event throughput rates for the node.
- Pinpoint bottlenecks fast. If latency spikes, use `get_hot_threads`. It tells you which specific thread or plugin is spiking the CPU, so you don't waste time guessing.
- Audit configuration easily. Need to check if all environments are running the same version of a filter plugin? Just run `get_plugins_info` and compare the output.
- Get immediate status checks. Don't know if things are green or red? A single prompt calling `get_health_report` gives you the overall status instantly.
- Save time on manual commands. You skip running `curl localhost:9600/...`. Your AI client handles the API calls, passing structured data back to your chat window.

## How It Works

The bottom line is: you talk to your AI client like a teammate, and it runs the necessary diagnostic code on your Logstash instance for you.

1. Subscribe to this server on Vinkius, providing your specific Logstash API URL and credentials.
2. Direct your AI client (Claude, Cursor, etc.) to the MCP Server endpoint. The agent will now have access to all diagnostic tools.
3. Prompt your agent with a natural language query (e.g., 'Check node health' or 'Show me hot threads') and get an immediate, structured response.

## Frequently Asked Questions

**How do I check if my Logstash node is healthy using get_health_report?**
You simply ask your agent to run `get_health_report`. It provides an immediate status, telling you in plain English if the overall pipeline status is green (good), yellow (warning), or red (down).

**What's the difference between get_node_stats and getting node info?**
`get_node_stats` gives you live, numerical metrics like JVM heap usage and event processing rates. `get_node_info`, by contrast, provides static details about the OS environment and general configuration settings.

**Should I use get_hot_threads every time there's a slowdown?**
Yes, when you suspect performance issues or CPU spikes, `get_hot_threads` is your best bet. It tells you exactly which thread—and thus which part of the pipeline—is consuming too much processing power.

**What if I forget to check plugin versions? Is it safe?**
No, relying only on overall health isn't enough. Always run `get_plugins_info` before major changes to verify that all installed plugins match the documented version and are consistent across environments.

**What credentials or connection details must I provide when using any tool like get_node_stats?**
You need a valid Logstash API URL and the necessary authentication tokens. The AI agent handles passing these credentials securely to the server endpoint, so you just need to ensure your client has access to them.

**Using get_node_info, what specific configuration details can I pull for a pipeline?**
You retrieve the active configuration files and environmental settings used by the node. This lets you verify if changes were made outside of the standard deployment process.

**If I use get_node_stats, how do I interpret JVM heap usage versus event flow rate?**
JVM heap usage tracks memory consumption; event flow rate measures throughput (events per second). High heap usage paired with low throughput suggests a potential memory leak or bottleneck.

**How does get_root help me diagnose environmental drift across different Logstash deployments?**
It provides baseline system information, including the OS version and environment variables. This allows you to compare environments quickly to find unexpected differences that affect performance.

**How can I check if my Logstash pipelines are running correctly?**
You can use the `get_health_report` tool. It returns a status report (green, yellow, or red) for the Logstash instance and its active pipelines, allowing you to quickly identify any operational issues.

**Can the AI help me find performance bottlenecks in my Logstash node?**
Yes! Use `get_node_stats` to see detailed JVM and event metrics, or `get_hot_threads` to see which parts of the process are consuming the most CPU. This helps pinpoint exactly where the slowdown is occurring.

**Is it possible to list all installed plugins and their versions?**
Absolutely. The `get_plugins_info` tool retrieves a complete list of all currently installed Logstash plugins along with their specific version numbers.