ndjson-local-log-triage-mcp
JSON →Streams NDJSON log triage without loading gigabyte files into context
Tools · 8
- query_log_pattern Filter log entries by a field/value match. Returns up to N matching entries, streaming the file without loading it entirely.
- detect_error_anomalies Z-score frequency analysis. Buckets errors by time window, computes mean + stddev, flags windows where the error rate is anomalously high.
- summarize_log_timeline Chronological aggregation of errors, warnings, and info counts per time window. Quick visual of where the incident is.
- correlate_request Reconstructs a distributed trace from multiple NDJSON log files. Given a trace_id, collects all correlated events in chronological order across all files and surfaces the services involved and total duration.
- discover_log_schema Analyze a log file to infer its wrapper format (NDJSON, Syslog, Kubernetes container logs) and extract type schemas, identifying polymorphic keys, timestamp patterns, and severity fields.
- group_semantic_patterns Cluster log messages dynamically using the fixed-depth tree-based Drain parsing algorithm to isolate distinct log templates and analyze their parameter distributions (wildcard variations).
- start_live_triage Start background log tailing with real-time Z-score anomaly alerting on error frequency spikes and heap memory protection limits. Dispatches notifications directly over standard JSON-RPC channels.
- query_external_logs A unified gateway to query central log providers (Datadog, Splunk, Elasticsearch), converting search patterns to vendor-specific dialects and mapping the output into the standardized OpenTelemetry Log Data Model structure.