← Back to Skills Marketplace

Graylog Log Search

Name: Graylog Log Search
Author: pranavj17

by Pranav Jagadish · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ✓ Security Clean

122

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install graylog-log-search

Description

Search and debug production logs via Graylog - absolute/relative time queries, stream filtering, system health checks

README (SKILL.md)

Graylog Log Search Skill

Search Graylog logs directly from your AI agent for production debugging. Query by absolute or relative timestamps, filter by application streams, and check system health.

Quick Start

Install

npm install -g [email protected]

Configure

Add to your OpenClaw or Claude Desktop MCP configuration:

{
  "mcpServers": {
    "graylog": {
      "command": "npx",
      "args": ["-y", "[email protected]"],
      "env": {
        "BASE_URL": "https://your-graylog-instance.example.com",
        "API_TOKEN": "your_graylog_api_token"
      }
    }
  }
}

To get your API token: Graylog Web UI > System > Users > Edit your user > Tokens > Create Token.

Verify

echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0.0"}}}' | BASE_URL=https://your-graylog.example.com API_TOKEN=your_token npx [email protected]

You should see a JSON response with protocolVersion and capabilities.

Overview

This skill provides 4 MCP tools for searching and monitoring Graylog:

Tool	Description
`search_logs_absolute`	Search logs between specific timestamps (ISO 8601)
`search_logs_relative`	Search recent logs (last N seconds, default: 15 min)
`list_streams`	Discover available application streams and their IDs
`get_system_info`	Check Graylog version, health, and processing status

Core Tasks

"Search for ERROR logs in the last 15 minutes"
"Find all 500 errors from the payment service between 2pm and 3pm today"
"List available Graylog streams so I can filter by application"
"Check if Graylog is healthy and processing logs"
"Search for timeout errors in the API stream from the last hour"

Environment Variable Contract

Variable	Required	Description
`BASE_URL`	Yes	Full URL to your Graylog instance (e.g., `https://graylog.example.com`)
`API_TOKEN`	Yes	Graylog API token for authentication (Basic Auth)

Query Syntax

Uses Elasticsearch query syntax:

level:ERROR - Filter by log level
source:api-server - Filter by source
"connection timeout" - Exact phrase match
status:>=500 - Numeric range
message:*exception* - Wildcard match
level:ERROR AND source:payment - Boolean operators

Security & Guardrails

Read-only access: No write operations to Graylog - only searches and listing
Credential isolation: API token stored in environment variables, never in code or logs
Request timeout: 30-second timeout prevents hanging requests
Result limits: Queries capped at 1000 messages maximum, 50 by default
Input validation: All parameters validated before API calls (query, timestamps, stream IDs, limits)
Error sanitization: Error messages never expose API tokens or sensitive internal details
Time range bounds: Relative searches limited to 24 hours maximum

Troubleshooting

Error	Solution
"Missing environment variables"	Set `BASE_URL` and `API_TOKEN` in your MCP config
"Authentication failed"	Verify your API token is valid in Graylog UI
"Cannot reach Graylog"	Check BASE_URL and network/VPN connectivity
"Invalid query"	Check Elasticsearch query syntax
"Endpoint not found"	Verify BASE_URL includes the correct Graylog URL (no trailing `/api`)

Release Notes

v1.0.3 (2026-04-08)

Extracted shared helpers for testable imports
Fixed credential leak in git history
54 tests passing, all MCP protocol verified

v1.0.0 (2025-10-23)

First stable release with 4 tools
Fixed 5 critical bugs from initial implementation
Comprehensive test suite and documentation

Publisher

@Pranavj17

Usage Guidance

This skill appears to be what it claims (Graylog search) but it relies on an external npm package that is not included in the registry. Before installing or running it: (1) inspect the [email protected] package source (GitHub/npm) to ensure it’s trustworthy; (2) prefer installing packages locally under controlled accounts rather than running npx with production credentials; (3) use a least-privilege Graylog API token (short-lived or limited-scope service account) and avoid exposing tokens in shared logs/CI; (4) pin versions and review release notes/releases for the npm package; (5) consider running the connector in an isolated environment (sandbox/VPC) and monitoring its network activity. If you cannot review the external npm package, treat this integration as higher risk.

Capability Tags

cryptocan-make-purchases

Capability Assessment

✓ Purpose & Capability

Name, description, and required env vars (BASE_URL, API_TOKEN) align with a Graylog search/monitoring skill; nothing requested is obviously unrelated to log searching.

ℹ Instruction Scope

SKILL.md stays within log-search and monitoring tasks and does not request unrelated files or secrets, but it instructs the agent/operator to install/run an external MCP server (mcp-server-graylog) via npm/npx which will execute code outside the skill bundle.

⚠ Install Mechanism

The registry package contains no code and the README directs users to npm/npx ([email protected]). That means runtime code will be fetched and executed from the public npm registry (moderate risk); the registry did not include or vet that package content.

✓ Credentials

Only BASE_URL and API_TOKEN are required, which are appropriate and proportional for connecting to a Graylog instance; primary credential is API_TOKEN as declared.

✓ Persistence & Privilege

Skill is not always-enabled and does not request modifying global agent settings; no persistence or elevated privileges are requested by the skill manifest.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install graylog-log-search
After installation, invoke the skill by name or use /graylog-log-search
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

- Extracted shared helpers to enable better testability - Fixed credential leak in code history - All MCP protocol tests passing (54 tests) - Enhanced documentation and troubleshooting sections

Metadata

Slug graylog-log-search

Version 1.0.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Graylog Log Search?

Search and debug production logs via Graylog - absolute/relative time queries, stream filtering, system health checks. It is an AI Agent Skill for Claude Code / OpenClaw, with 122 downloads so far.

How do I install Graylog Log Search?

Run "/install graylog-log-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Graylog Log Search free?

Yes, Graylog Log Search is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Graylog Log Search support?

Graylog Log Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Graylog Log Search?

It is built and maintained by Pranav Jagadish (@pranavj17); the current version is v1.0.3.

More Skills