.png)
Unlocking log data for AI
With the rise of agentic workloads, the need for agents to access data is growing rapidly. MCP has emerged as the standard for equipping agents with the necessary tools. These tools not only enable agents to take actions but also allow them to access data that may reside in external systems.
At Bronto we believe that successful enterprise AI will need access to log data and makes increased demands on the capabilities of logging platforms. Which is why we have developed the Bronto MCP server, a local server designed to help integrate with existing agentic systems that benefit from access to log data.
In this post I want to highlight two specific use cases. First we will show sample requests that the Bronto MCP server helps answer. Then we consider a scenario where Bronto’s MCP server is integrated with Claude Code, a popular code assistant. In this scenario we will get Claude Code to suggest code changes based on warnings observed in log data.
What can the Bronto MCP Server do?
The Bronto MCP server offers a suite of tools focused on accessing and extracting insights from log data. These tools are designed to help users identify relevant datasets, query log events, and compute meaningful metrics. The main tools provided by the MCP server are:
- search_logs: Retrieves log events based on user-defined filters.
- compute_metrics: Computes metric values from log data, e.g. calculating average response time from web access logs.
- get_datasets: list datasets present in the Bronto account, including their name, ID, the collection that they are part of as well as the list of tags associated with them.
- get_keys: provide the list of keys present in datasets.
- get_values: provide the list of values present in datasets for the specified key.
- get_timestamp_as_unix_epoch: a utility tool to convert human readable time ranges into the format required by Bronto’s search API.
The tools get_datasets, get_keys, and get_values help users discover which datasets and fields are relevant for a particular query. This is especially useful for users unfamiliar with the structure or content of the logs. It also helps scope queries more effectively, for example, by excluding logs from staging environments when investigating production issues.
Example Usage
Bronto’s MCP server can be used to retrieve information about log data, including the selection of relevant datasets. To illustrate this, we are using Claude Code as the client and Claude Sonnet 4 as the model, but most of the examples below can be performed with any client and model. In the last example however, we consider the case where code changes are suggested based on log events. For this, an AI coding assistant such as Claude Code is required.
Example 1: Listing Production Datasets for a Specific Team
Bronto supports tagging of datasets, providing descriptive metadata or context, such as ownership or data type. For example, a team tag can indicate which team owns a given dataset.
Prompt: "Can you list datasets containing production log data of systems owned by the X team?"
Response: Claude returns a list of 19 datasets tagged as owned by the X team, including dataset names, collections, and log IDs, e.g.:

Example 2: Identifying Datasets Related to HTTP Response Times
This example illustrates how datasets can be selected based on the keys that their log data contains.
Prompt: "Can you list datasets that contain a key related to HTTP response time?"
Response:
Claude identifies 14 relevant datasets, such as AWS Application Load Balancer logs, and highlights key fields like:
- request_processing_time
- response_processing_time
- target_processing_time
- duration_millis
- time_taken_ms

This example demonstrates the model’s ability to infer relevant fields based on general concepts such as “HTTP response time”, even when the exact field name is not provided. It also highlights a common challenge in observability: inconsistent naming of similar metrics across sources. While standards like OpenTelemetry Semantic Conventions exist, many systems have not adopted them yet. AI models really help overcome this issue.
Example 1 and 2 illustrate data discoverability where datasets and keys can be selected based on a prompt. This provides a cornerstone to log search, since searching first requires identifying relevant datasets and keys. Examples 3 and 4 illustrate the searching of log data via prompting.
Example 3: Metric Extraction
This example illustrates the models ability to answer complex questions by orchestrating the invocations of various tools made available by the Bronto’s MCP server.
Prompt: "Can you provide the average response time based on CDN logs, between ‘2025-09-01 02:23:47’ and ‘2025-09-01 03:23:47’?"
Response: “Based on the CDN logs analysis for the time period between '2025-09-01 02:23:47' and '2025-09-01 03:23:47', here are the average response times:
Average Response Time Results:
- Time period with data (02:47:47 - 02:53:47): 0.109 seconds (109ms)
- Time period with data (03:05:07 - 03:11:07): 0.197 seconds (197ms)
- Overall average for periods with data: ~0.153 seconds (153ms)”
In order to determine the result, the model chained the following tools:
- get_datasets in order to identify the one containing CDN logs
- get_keys in order to identify keys present in the datasets selected in the previous step and that would relate to “response time”
- get_timestamp_as_unix_epoch in order to convert human readable time ranges into unix timestamp since epoch ones (which is the format required by Bronto’s search API)
- compute_metrics to finally compute “AVG(response_time)” on the datasets selected above
In this example, we specify a time range. If none is specified, a default time range corresponding to the Last 20 Minutes is used instead.
Finally, in the example below, log events are retrieved using Bronto's MCP server in a real-world integration with Claude Code.
Example 4: Searching for Recent Errors or Warnings and correcting code to mitigate the observed issues.
In this example, we first ask whether issues are found in log data and then ask Claude Code to suggest code changes that would mitigate these issues.
Prompt: "Can you look for errors or warnings in the search monitor lambda logs for the last hour?"
The screenshot below shows how Claude Code works out the filter to apply in order to search for errors or warnings in the logs, it rightly relies on the key representing log levels and filters events to only retrieve the ones whose level value is ERROR or WARNING:

Response: Warnings were found in relation to an OpenTelemetry configuration issue. More specifically, the warnings indicate that an exporter has already been shut down and that the MeterProvider objects are unexpectedly being overridden.
Example log entry:
Level: WARNING
Message: Exporter already shutdown, ignoring batch
Logger: opentelemetry.exporter.otlp.proto.http.metric_exporter”
From here, we ask Claude Code what recommendation it would make in order to mitigate the issue found in logs.
Prompt: "The current folder contains the search monitor project. Can you suggest changes we could make to mitigate the issues reported in the logs?"

Response: The response provided by Claude Code comes with code suggestions as well. In a nutshell,
- For the first issue, we could simply flush the Opentelemetry metrics and not shutdown the exporter.
- For the second warning, we were able to use a different construct that avoids attempting to overwrite the meter provider on each invocation.
The changes suggested by Claude Code needed to be amended in order to fully solve the issue. However, they were clearly pointers in the right direction. Below is a screenshot of the lambda logs in Bronto. The chart shows the number of INFO and WARNING messages, before and after the suggested changes. We can see that the changes did solve the problem as WARNING messages are no longer present.

Where to get the Bronto MCP Server?
The Bronto MCP server is available on Github. The project README.md file indicates how to set it up and shows an example of how to integrate it with a client such as Claude Code. The same principle applies to other clients.
The server is available to use for any Bronto user. Access to Bronto data is achieved using an API key with enough permissions to perform searches and access log metadata.
Please let us know if you find it useful and which other tools you would like to be provided by the server!