Stats
Actions
Tags
From graylog-log-search
Use when the user wants to search, query, or investigate production logs via Graylog. Covers concepts (streams, trace_id, log levels, query syntax) and routes to specialty skills for deeper debugging flows. Triggers on "graylog", "check logs", "search logs", "find the log for", "what does graylog say", "grep logs".
How this skill is triggered — by the user, by Claude, or both
Slash command
/graylog-log-search:graylogThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You have access to a Graylog MCP server with 8 tools for log search, distributed tracing, and incident investigation. This skill teaches you which tool to reach for and when to hand off to a specialty skill.
You have access to a Graylog MCP server with 8 tools for log search, distributed tracing, and incident investigation. This skill teaches you which tool to reach for and when to hand off to a specialty skill.
| If the user says... | Reach for | And then... |
|---|---|---|
| "I have a trace_id, what happened" | trace_request | If >200 lines or >5 services, dispatch the graylog-trace-analyzer agent. Otherwise see trace-debugging skill. |
| "Errors are spiking" / "something just broke" | aggregate_logs (group_by: service, query: logger_level:error) | See incident-triage skill. |
| "What was happening around time T on host H" | get_surrounding_logs | Center timestamp + source filter. |
| "Show me logs matching X in the last N minutes" | search_logs_relative | Default fields are fine for most cases. |
| "Show me logs between timestamps A and B" | search_logs_absolute | Use UTC ISO 8601. |
| "What streams / applications exist" | list_streams | Use IDs returned to filter subsequent searches. |
| "Is Graylog reachable" | get_system_info | Always run this first if other tools fail (see troubleshooting skill). |
list_streams to discover IDs, then pass streamId to filter.span_id identifies a unit of work within the trace.error, warn, info, debug. Filter via logger_level:error.from/to ISO 8601 UTC) for known incidents; relative (rangeSeconds) for "the last N minutes."Graylog uses Elasticsearch query string syntax:
logger_level:error, service:foologger_level:error AND service:foo"GET /api/v1/users" (quoted)service:foo-*NOT service:health-checkaggregate_logs, if truncated: true appears in the response, the matched window exceeded fetchLimit (default 5000) — narrow the time range.trace-debugging skill (single-service inline) or graylog-trace-analyzer agent (multi-service, log-heavy)incident-triage skilltroubleshooting skillmessage,timestamp,source,level,logger_level,trace_id,span_id,pod,service,container_name by default. That covers most debugging without needing *.fields: '*' only when you need a field outside the default set — it increases response size significantly.Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub pranavj17/mcp-server-graylog --plugin graylog-log-search