sumo-logic-mcp

sumo-logic-mcp

MCP server for Sumo Logic — 37 tools for searching logs, managing monitors, alerts, dashboards, collectors, and metrics. Zero hardcoded org-specific values.

Category
Visit Server

README

sumo-logic-mcp

MCP server for Sumo Logic — 37 tools for searching logs, managing monitors, alerts, dashboards, collectors, and metrics.

Zero hardcoded org-specific values. Any team can plug in their own credentials and start querying immediately.

Quick Start

1. Install

pip install sumo-logic-mcp

2. Get Sumo Logic Credentials

Generate an Access Key in the Sumo Logic UI: Preferences > Security > Access Keys.

You need:

  • Access ID — the key identifier
  • Access Key — the secret (shown only once at creation)
  • API Endpoint — depends on your deployment region (see table below)

3. Configure Your MCP Client

Add to your MCP client configuration (e.g., ~/.cursor/mcp.json or equivalent):

{
  "mcpServers": {
    "sumologic": {
      "command": "python3",
      "args": ["-m", "sumo_logic_mcp"],
      "env": {
        "SUMOLOGIC_ACCESS_ID": "<your-access-id>",
        "SUMOLOGIC_ACCESS_KEY": "<your-access-key>",
        "SUMOLOGIC_ENDPOINT": "https://api.sumologic.com"
      }
    }
  }
}

Or run directly:

export SUMOLOGIC_ACCESS_ID="your-access-id"
export SUMOLOGIC_ACCESS_KEY="your-access-key"
export SUMOLOGIC_ENDPOINT="https://api.sumologic.com"
python3 -m sumo_logic_mcp

API Endpoints by Region

Deployment API Endpoint
US1 https://api.sumologic.com
US2 https://api.us2.sumologic.com
EU https://api.eu.sumologic.com
AU https://api.au.sumologic.com
CA https://api.ca.sumologic.com
DE https://api.de.sumologic.com
IN https://api.in.sumologic.com
JP https://api.jp.sumologic.com
KR https://api.kr.sumologic.com
FED https://api.fed.sumologic.com

Determine yours from your Sumo Logic login URL (e.g., service.us2.sumologic.com → US2).

Tool Reference

Search & Analytics (4 tools)

Tool Description Required Params
search_logs Execute a log search (full lifecycle: create job → poll → fetch → cleanup) query
get_search_status Check status of a running search job job_id
get_search_results Fetch messages or records from a search job job_id
cancel_search Cancel a running search job job_id

search_logs optional params: from_time (default -15m), to_time (default now), timezone (default UTC), limit (default 100), by_receipt_time, timeout (default 300s).

Time formats: ISO 8601 (2024-01-15T09:00:00), relative (-15m, -1h, -2d, -1w), epoch ms (1718745600000), or now.

Monitor Management (10 tools)

Tool Description Required Params
list_monitors List all monitors
search_monitors Search by name or status filter query
get_monitor Get full monitor configuration monitor_id
create_monitor Create a new monitor name, query, threshold
update_monitor Update monitor config (read-modify-write) monitor_id, fields_json
delete_monitor Delete a monitor (irreversible) monitor_id
enable_monitor Enable a disabled monitor monitor_id
disable_monitor Disable a monitor monitor_id
get_monitor_status Get current health/triggering state monitor_id
get_monitor_history Get alert history for a monitor monitor_id

Search filter examples: monitorStatus:Critical, monitorStatus:Warning, monitorStatus:AllTriggered.

Alert Management (3 tools)

Tool Description Required Params
get_active_alerts Get all currently firing alerts
get_alert_details Get detailed alert info for a monitor monitor_id
resolve_alert Resolve an alert by disabling its monitor monitor_id

Dashboard Management (5 tools)

Tool Description Required Params
list_dashboards List dashboards with pagination
get_dashboard Get full dashboard config dashboard_id
create_dashboard Create a dashboard with panels and layout title, panels_json, layout_json
update_dashboard Update dashboard config (read-modify-write) dashboard_id, fields_json
delete_dashboard Delete a dashboard (irreversible) dashboard_id

Collector & Source Management (8 tools)

Tool Description Required Params
list_collectors List all collectors
get_collector Get collector configuration collector_id
create_hosted_collector Create a new Hosted collector name
update_collector Update collector config (with ETag locking) collector_id, fields_json
delete_collector Delete a collector and its sources collector_id
list_sources List sources on a collector collector_id
get_source Get source configuration collector_id, source_id
create_http_source Create an HTTP source (returns endpoint URL) collector_id, name

Metrics (4 tools)

Tool Description Required Params
query_metrics Execute a metrics query query
list_metric_definitions Discover available metric names
get_metric_metadata Get dimensions for a metric metric_name
list_metric_namespaces List metric content types

Utility (3 tools)

Tool Description Required Params
check_connection Verify API connectivity and auth
get_account_usage Get account status and ingestion info
validate_query Check if a query is syntactically valid query

Usage Examples

Once configured, just ask your AI assistant naturally:

"Search for 500 errors in the last hour"
→ AI calls search_logs with appropriate query

"Show me all critical alerts"
→ AI calls get_active_alerts with status=Critical

"Create a monitor for high error rates on our API"
→ AI calls create_monitor with query, threshold, and notification params

"List all hosted collectors"
→ AI calls list_collectors with filter_type=hosted

"What CPU metrics are available?"
→ AI calls list_metric_definitions

Development

git clone https://github.com/rajfirke/sumo-logic-mcp.git
cd sumo-logic-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"

# Lint
ruff check src/ tests/

# Test
pytest -v

# Run locally
export SUMOLOGIC_ACCESS_ID="..."
export SUMOLOGIC_ACCESS_KEY="..."
export SUMOLOGIC_ENDPOINT="https://api.sumologic.com"
python3 -m sumo_logic_mcp

Architecture

src/sumo_logic_mcp/
├── __init__.py          # Exports mcp, triggers tool registration
├── __main__.py          # Entry point: python -m sumo_logic_mcp
├── server.py            # FastMCP instance + lifespan (shared HTTP client)
├── client.py            # Async HTTP client (httpx, Basic Auth, retry, cookies)
├── validation.py        # Time parsing and validation
└── tools/
    ├── __init__.py      # Imports all tool modules
    ├── search.py        # 4 search tools
    ├── monitors.py      # 10 monitor tools
    ├── alerts.py        # 3 alert tools
    ├── dashboards.py    # 5 dashboard tools
    ├── collectors.py    # 8 collector/source tools
    ├── metrics.py       # 4 metrics tools
    └── utils.py         # 3 utility tools

Design Decisions

  • Zero org-specific config — Only 3 env vars needed: access ID, access key, endpoint. No hardcoded indexes, source categories, or query patterns.
  • Cookie persistence — httpx's built-in cookie jar handles Sumo's session routing (requests without cookies get 404/500).
  • Timezone passed through — The timeZone parameter is always sent to the API, defaulting to UTC. The reference implementation silently dropped it.
  • NOT STARTED is valid — Sumo's search API returns "NOT STARTED" as an initial state. We treat it as an intermediate polling state (the reference treated it as fatal).
  • Job cleanup — Search jobs are always deleted in a finally block after fetching results.
  • ETag locking — Collector updates use If-Match headers for optimistic concurrency control.
  • Aware datetimes only — All time operations use datetime.now(timezone.utc), never the deprecated datetime.utcnow().

License

Apache 2.0 — see LICENSE.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured