logz.io MCP Server

What is an MCP Server #

A Model Context Protocol server is a program you run on your machine that can be used to add functionality to AI tools like Claude and Cursor.

Logzio MCP Server #

logz.io already provides a few pretty nice AI tools for monitoring, searching, and chatting with a bot that can put together complex search queries for you.

These are great, but for investigating logs it has some shortcomings including:

1. You can’t select which model is being used.
2. You can’t access any other context, applications, or MCP servers outside logz.io within these tools.

One of the nice things about adding MCP servers to existing agentic coding tools like Cursor / Claude / Zed is that the LLM acts as a layer of interoperability between those tools and your code, and also and gives you flexibility over what model to choose.

That’s why I ended up making an unofficial logz.io mcp server, for which the source code is over on github:

https://github.com/jklnr/logzio-mcp-server

How to use it #

You’ll need a logzio API token:

https://docs.logz.io/docs/user-guide/admin/authentication-tokens/api-tokens/

And then you add this to your Claude/Cursor/etc configuration file:

{
  "mcpServers": {
    
    # other servers ...
    
    "logzio": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-server-logzio", 
        "apiKey", "YOUR_LOGZIO_API_KEY"
      ]
    }
  }
}

If you aren’t using an instance in the United States you’ll need to set the region like so:

{
  "mcpServers": {
    
    # other servers ...
    
    "logzio": {
      "command": "npx", 
      "args": [
        "-y",
        "mcp-server-logzio",
        "apiKey", "YOUR_LOGZIO_API_KEY",
        "region", "eu" # add this
      ]
    }
  }
}

Full list of regions is in the README.md.

Available tools #

This MCP server comes with just three basic tools. A lot of MCP servers expose too many tools and I think this is a bad idea because managing your context well seems to be important for effective use of LLMs. So I didn’t want to add more than that for now.

So these are the tools your LLM will see:

1. search_logs #

Simple log search with filters.

Parameters:

• query (required): Search query string
• timeRange: Time range (1h, 6h, 12h, 24h, 3d, 7d, 30d)
• from/to: Custom time range (ISO 8601)
• logType: Filter by log type
• severity: Filter by severity level
• limit: Maximum results (1-1000)
• sort: Sort order (asc/desc)

2. query_logs #

For more flexible/advanced Lucene queries.

Parameters:

• luceneQuery (required): Lucene query string
• from/to: Time range (ISO 8601)
• size: Maximum results (1-1000)
• sort: Sort order (asc/desc)

3. get_log_stats #

Mainly for counting logs.

Parameters:

• timeRange: Time range (1h, 6h, 12h, 24h, 3d, 7d, 30d)
• from/to: Custom time range (ISO 8601)
• groupBy: Fields to group by

Results #

My experience so far is that state of the art models for coding like claude-4-sonnet and gemini 2.5 pro tend to follow the same pattern of usage:

1. Use search_logs for an initial search and to understand the structure of logs in your platform
2. Follow up with query_logs and get_log_stats to get more definitive answers to questions you ask about the logs and how they relate to code and other tools.

It works pretty well in my experience, often better than logz.io’s AI chat. Sometimes the models get the tool calls wrong, but I added verbose/helpful error messages in such cases to try to keep them moving along.

I’ll be a little surprised if more than a couple people ever use this but feel free to let me know in the GitHub issues for the project if you have any problems with it or questions about it.

Security #

MCP is not inherently secure. It’s wise to be wary of following guides like this one that ask you to run a program locally (which is what adding a server to your mcp configs does), or to put sensitive data like a logzio token into that program.

My recommendation is to read the code and build from source if you are able, and in general to lean toward only using MCP servers from trusted/official sources.