sumo-logic-mcp
MCP server for Sumo Logic — 37 tools for searching logs, managing monitors, alerts, dashboards, collectors, and metrics. Zero hardcoded org-specific values.
README
sumo-logic-mcp
MCP server for Sumo Logic — 37 tools for searching logs, managing monitors, alerts, dashboards, collectors, and metrics.
Zero hardcoded org-specific values. Any team can plug in their own credentials and start querying immediately.
Quick Start
1. Install
pip install sumo-logic-mcp
2. Get Sumo Logic Credentials
Generate an Access Key in the Sumo Logic UI: Preferences > Security > Access Keys.
You need:
- Access ID — the key identifier
- Access Key — the secret (shown only once at creation)
- API Endpoint — depends on your deployment region (see table below)
3. Configure Your MCP Client
Add to your MCP client configuration (e.g., ~/.cursor/mcp.json or equivalent):
{
"mcpServers": {
"sumologic": {
"command": "python3",
"args": ["-m", "sumo_logic_mcp"],
"env": {
"SUMOLOGIC_ACCESS_ID": "<your-access-id>",
"SUMOLOGIC_ACCESS_KEY": "<your-access-key>",
"SUMOLOGIC_ENDPOINT": "https://api.sumologic.com"
}
}
}
}
Or run directly:
export SUMOLOGIC_ACCESS_ID="your-access-id"
export SUMOLOGIC_ACCESS_KEY="your-access-key"
export SUMOLOGIC_ENDPOINT="https://api.sumologic.com"
python3 -m sumo_logic_mcp
API Endpoints by Region
| Deployment | API Endpoint |
|---|---|
| US1 | https://api.sumologic.com |
| US2 | https://api.us2.sumologic.com |
| EU | https://api.eu.sumologic.com |
| AU | https://api.au.sumologic.com |
| CA | https://api.ca.sumologic.com |
| DE | https://api.de.sumologic.com |
| IN | https://api.in.sumologic.com |
| JP | https://api.jp.sumologic.com |
| KR | https://api.kr.sumologic.com |
| FED | https://api.fed.sumologic.com |
Determine yours from your Sumo Logic login URL (e.g., service.us2.sumologic.com → US2).
Tool Reference
Search & Analytics (4 tools)
| Tool | Description | Required Params |
|---|---|---|
search_logs |
Execute a log search (full lifecycle: create job → poll → fetch → cleanup) | query |
get_search_status |
Check status of a running search job | job_id |
get_search_results |
Fetch messages or records from a search job | job_id |
cancel_search |
Cancel a running search job | job_id |
search_logs optional params: from_time (default -15m), to_time (default now), timezone (default UTC), limit (default 100), by_receipt_time, timeout (default 300s).
Time formats: ISO 8601 (2024-01-15T09:00:00), relative (-15m, -1h, -2d, -1w), epoch ms (1718745600000), or now.
Monitor Management (10 tools)
| Tool | Description | Required Params |
|---|---|---|
list_monitors |
List all monitors | — |
search_monitors |
Search by name or status filter | query |
get_monitor |
Get full monitor configuration | monitor_id |
create_monitor |
Create a new monitor | name, query, threshold |
update_monitor |
Update monitor config (read-modify-write) | monitor_id, fields_json |
delete_monitor |
Delete a monitor (irreversible) | monitor_id |
enable_monitor |
Enable a disabled monitor | monitor_id |
disable_monitor |
Disable a monitor | monitor_id |
get_monitor_status |
Get current health/triggering state | monitor_id |
get_monitor_history |
Get alert history for a monitor | monitor_id |
Search filter examples: monitorStatus:Critical, monitorStatus:Warning, monitorStatus:AllTriggered.
Alert Management (3 tools)
| Tool | Description | Required Params |
|---|---|---|
get_active_alerts |
Get all currently firing alerts | — |
get_alert_details |
Get detailed alert info for a monitor | monitor_id |
resolve_alert |
Resolve an alert by disabling its monitor | monitor_id |
Dashboard Management (5 tools)
| Tool | Description | Required Params |
|---|---|---|
list_dashboards |
List dashboards with pagination | — |
get_dashboard |
Get full dashboard config | dashboard_id |
create_dashboard |
Create a dashboard with panels and layout | title, panels_json, layout_json |
update_dashboard |
Update dashboard config (read-modify-write) | dashboard_id, fields_json |
delete_dashboard |
Delete a dashboard (irreversible) | dashboard_id |
Collector & Source Management (8 tools)
| Tool | Description | Required Params |
|---|---|---|
list_collectors |
List all collectors | — |
get_collector |
Get collector configuration | collector_id |
create_hosted_collector |
Create a new Hosted collector | name |
update_collector |
Update collector config (with ETag locking) | collector_id, fields_json |
delete_collector |
Delete a collector and its sources | collector_id |
list_sources |
List sources on a collector | collector_id |
get_source |
Get source configuration | collector_id, source_id |
create_http_source |
Create an HTTP source (returns endpoint URL) | collector_id, name |
Metrics (4 tools)
| Tool | Description | Required Params |
|---|---|---|
query_metrics |
Execute a metrics query | query |
list_metric_definitions |
Discover available metric names | — |
get_metric_metadata |
Get dimensions for a metric | metric_name |
list_metric_namespaces |
List metric content types | — |
Utility (3 tools)
| Tool | Description | Required Params |
|---|---|---|
check_connection |
Verify API connectivity and auth | — |
get_account_usage |
Get account status and ingestion info | — |
validate_query |
Check if a query is syntactically valid | query |
Usage Examples
Once configured, just ask your AI assistant naturally:
"Search for 500 errors in the last hour"
→ AI calls search_logs with appropriate query
"Show me all critical alerts"
→ AI calls get_active_alerts with status=Critical
"Create a monitor for high error rates on our API"
→ AI calls create_monitor with query, threshold, and notification params
"List all hosted collectors"
→ AI calls list_collectors with filter_type=hosted
"What CPU metrics are available?"
→ AI calls list_metric_definitions
Development
git clone https://github.com/rajfirke/sumo-logic-mcp.git
cd sumo-logic-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
# Lint
ruff check src/ tests/
# Test
pytest -v
# Run locally
export SUMOLOGIC_ACCESS_ID="..."
export SUMOLOGIC_ACCESS_KEY="..."
export SUMOLOGIC_ENDPOINT="https://api.sumologic.com"
python3 -m sumo_logic_mcp
Architecture
src/sumo_logic_mcp/
├── __init__.py # Exports mcp, triggers tool registration
├── __main__.py # Entry point: python -m sumo_logic_mcp
├── server.py # FastMCP instance + lifespan (shared HTTP client)
├── client.py # Async HTTP client (httpx, Basic Auth, retry, cookies)
├── validation.py # Time parsing and validation
└── tools/
├── __init__.py # Imports all tool modules
├── search.py # 4 search tools
├── monitors.py # 10 monitor tools
├── alerts.py # 3 alert tools
├── dashboards.py # 5 dashboard tools
├── collectors.py # 8 collector/source tools
├── metrics.py # 4 metrics tools
└── utils.py # 3 utility tools
Design Decisions
- Zero org-specific config — Only 3 env vars needed: access ID, access key, endpoint. No hardcoded indexes, source categories, or query patterns.
- Cookie persistence — httpx's built-in cookie jar handles Sumo's session routing (requests without cookies get 404/500).
- Timezone passed through — The
timeZoneparameter is always sent to the API, defaulting to UTC. The reference implementation silently dropped it. - NOT STARTED is valid — Sumo's search API returns "NOT STARTED" as an initial state. We treat it as an intermediate polling state (the reference treated it as fatal).
- Job cleanup — Search jobs are always deleted in a
finallyblock after fetching results. - ETag locking — Collector updates use
If-Matchheaders for optimistic concurrency control. - Aware datetimes only — All time operations use
datetime.now(timezone.utc), never the deprecateddatetime.utcnow().
License
Apache 2.0 — see LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.