An MCP (Model Context Protocol) server that exposes Graylog log management functionality to AI assistants like Claude.
- Search logs with keyword timeranges ("last 5 minutes") or absolute timestamps
- List and inspect streams for filtering searches
- View alert conditions configured in Graylog
- Get system/cluster info for monitoring
- Browse dashboards and their widgets
# Using uv (recommended)
uv sync
# Or using pip
pip install -e .Set environment variables:
export GRAYLOG_URL="http://your-graylog-server:9000/api"
export GRAYLOG_TOKEN="your-api-token"
export GRAYLOG_TIMEOUT="30" # optional, default 30s- Log into Graylog web interface
- Go to System → Users and Teams → your user
- Click "Edit Tokens"
- Create a new token and copy it
Add to your Claude Desktop config (~/.config/Claude/claude_desktop_config.json on Linux/Mac):
{
"mcpServers": {
"graylog": {
"command": "uv",
"args": ["run", "--directory", "/path/to/graylog-mcp", "python", "graylog_mcp.py"],
"env": {
"GRAYLOG_URL": "http://your-graylog-server:9000/api",
"GRAYLOG_TOKEN": "your-api-token"
}
}
}
}export GRAYLOG_URL="http://your-graylog-server:9000/api"
export GRAYLOG_TOKEN="your-api-token"
mcp dev graylog_mcp.py| Tool | Description |
|---|---|
search_logs |
Search logs with keyword timerange (e.g., "last 5 minutes") |
search_logs_absolute |
Search logs with ISO 8601 timestamps |
list_streams |
List all available streams |
get_stream_details |
Get details of a specific stream |
list_alerts |
List all alert conditions |
get_system_info |
Get cluster/system information |
list_dashboards |
List all dashboards |
get_dashboard_details |
Get dashboard widgets and config |
Once connected, you can ask Claude things like:
- "Search for ERROR logs in the last hour"
- "Show me all available streams"
- "Find logs from nginx with status 500 in the last 5 minutes"
- "What alert conditions are configured?"
- "Get system cluster status"