VictoriaLogs MCP Server

Search documentation resources for the given search query, returning the URIs of the resources that match the search criteria sorted by relevance. This tool can help to get context for any VictoriaLogs related question.

The most frequent values per each log field seen in the logs returned by the given <query> on the given [<start> ... <end>] time range. This tool uses `/select/logsql/facets` endpoint of VictoriaLogs API.

Get field names from results of the given <query> on the given [<start> ... <end>] time range. The response also contains the number of log results per every field name. This tool uses `/select/logsql/field_names` endpoint of VictoriaLogs API.

Get unique values for the given <fieldName> field from results of the given <query> on the given [<start> ... <end>] time range. The response also contains the number of log results per every field value. This tool uses `/select/logsql/field_values` endpoint of VictoriaLogs API.

List of non-default flags (parameters) of the VictoriaLogs instance. This tools uses `/flags` endpoint of VictoriaLogs API.

Search by VictoriaLogs documentation or give context for answering questions

# Alerting with Logs [vmalert](https://docs.victoriametrics.com/victoriametrics/vmalert/){{% available_from “v1.106.0” %}} integrates with VictoriaLogs {{% available_from “v0.36.0” “logs” %}} via stats APIs [`/select/logsql/stats_query`](https://docs.victoriametrics.com/victorialogs/querying/#querying-log-stats) and [`/select/logsql/stats_query_range`](https://docs.victoriametrics.com/victorialogs/querying/#querying-log-range-stats). These endpoints return log stats in a format compatible with the [Prometheus querying API](https://prometheus.io/docs/prometheus/latest/querying/api/#instant-queries). This allows using VictoriaLogs as the datasource in vmalert and creating alerting and recording rules via [LogsQL](https://docs.victoriametrics.com/victorialogs/logsql/). > This page provides only integration instructions for vmalert and VictoriaLogs. See the full textbook for vmalert [here](https://docs.victoriametrics.com/victoriametrics/vmalert/).

# Alerting with Logs ## Configuration

# Alerting with Logs ## Configuration ### Flags For a complete list of command-line flags, visit [https://docs.victoriametrics.com/victoriametrics/vmalert/#flags](https://docs.victoriametrics.com/victoriametrics/vmalert/#flags) or execute the `./vmalert --help` command. The following are key flags related to integration with VictoriaLogs: ```shellhelp -datasource.url string Datasource address supporting log stats APIs, which can be a single VictoriaLogs node or a proxy in front of VictoriaLogs. Supports an address in the form of an IP address with a port (e.g., http://127.0.0.1:8428) or a DNS SRV record. -notifier.url array Prometheus Alertmanager URL, e.g., http://127.0.0.1:9093. List all Alertmanager URLs if it runs in cluster mode to ensure high availability. Supports an array of values separated by commas or specified via multiple flags. Values can contain commas inside a single-quoted or double-quoted string, and inside {}, [] and () braces. -remoteWrite.url string Optional URL to VictoriaMetrics or vminsert where to persist alerts state and recording rule results as time series. Supports an address in the form of an IP address with a port (e.g., http://127.0.0.1:8428) or a DNS SRV record. For example, if -remoteWrite.url=http://127.0.0.1:8428 is specified, then the alerts state will be written to http://127.0.0.1:8428/api/v1/write. See also '-remoteWrite.disablePathAppend', '-remoteWrite.showURL'. -remoteRead.url string Optional URL to a datasource compatible with MetricsQL. It can be a single-node VictoriaMetrics or vmselect. Remote read is used to restore alerts state. This configuration makes sense only if vmalert was configured with '-remoteWrite.url' before and has successfully persisted its state. Supports an address in the form of an IP address with a port (e.g., http://127.0.0.1:8428) or a DNS SRV record. See also '-remoteRead.disablePathAppend', '-remoteRead.showURL'. -rule array Path to the files or HTTP URL with alerting and/or recording rules in YAML format. Supports hierarchical patterns and regular expressions. Examples: -rule="/path/to/file". Path to a single file with alerting rules. -rule="http://<some-server-addr>/path/to/rules". HTTP URL to a page with alerting rules. -rule="dir/*.yaml" -rule="/*.yaml" -rule="gcs://vmalert-rules/tenant_%{TENANT_ID}/prod". -rule="dir/**/*.yaml". Includes all the .yaml files in "dir" subfolders recursively. Rule files support multi-document YAML. Files may contain %{ENV_VAR} placeholders, which are substituted by the corresponding env vars. The enterprise version of vmalert supports S3 and GCS paths to rules. For example: gs://bucket/path/to/rules, s3://bucket/path/to/rules S3 and GCS paths support only matching by prefix, e.g. s3://bucket/dir/rule_ matches all files with prefix rule_ in folder dir. Supports an array of values separated by commas or specified via multiple flags. Values can contain commas inside a single-quoted or double-quoted string, and inside {}, [] and () braces. -rule.defaultRuleType The default type for rule expressions; can be overridden by the 'type' parameter inside the rule group. Supported values: "graphite", "prometheus" and "vlogs". The default is "prometheus"; change it to "vlogs" if all rules are written with LogsQL. -rule.evalDelay time Adjustment of the time parameter for rule evaluation requests to compensate for intentional data delay from the datasource. Normally, it should be equal to `-search.latencyOffset` (command-line flag configured for VictoriaMetrics single-node or vmselect). Since there is no intentional search delay in VictoriaLogs, `-rule.evalDelay` can be reduced to a few seconds to accommodate network and ingestion time. ``` See the full list of configuration options [here](https://docs.victoriametrics.com/victoriametrics/vmalert/#configuration).

# Alerting with Logs ## Configuration ### Groups See the complete group attributes [here](https://docs.victoriametrics.com/victoriametrics/vmalert/#groups).

# Alerting with Logs ## Configuration ### Groups #### Alerting rules Examples: ```yaml groups: - name: ServiceLog type: vlogs interval: 5m rules: - alert: HasErrorLog expr: 'env: "prod" AND status:~"error|warn" | stats by (service, kubernetes.pod) count() as errorLog | filter errorLog:>0' annotations: description: 'Service {{$labels.service}} (pod {{ index $labels "kubernetes.pod" }}) generated {{$labels.errorLog}} error logs in the last 5 minutes' - name: ServiceRequest type: vlogs interval: 5m rules: - alert: TooManyFailedRequest expr: '* | extract "ip=<ip> " | extract "status_code=<code>;" | stats by (ip) count() if (code:~4.*) as failed, count() as total| math failed / total as failed_percentage| filter failed_percentage :> 0.01 | fields ip,failed_percentage' annotations: description: "Connection from address {{$labels.ip}} has {{$value}}% failed requests in the last 5 minutes" ```