Skip to content

FAQ

The MCP Server drives the rest of 10x from a chat session. Install it into Claude Desktop, Claude Code, or Cursor; ask cost questions, generate per-app Helm values, and apply filter caps without leaving the conversation.

Overview

Do I need MCP to use 10x

No. Every 10x app (Dev, Reporter, Receiver, Retriever) has standalone install/deploy docs you can follow manually. MCP just makes adoption faster by knowing your environment and generating tailored configs.

If you prefer a manual workflow, skip MCP entirely and follow each app's Deploy page.

Why start with MCP instead of Dev

Historically you'd start with Dev (download CLI, run on sample logs) to preview savings before deploying anything. That still works. But with MCP installed:

  1. You ask your AI assistant "preview what 10x would do to my logs", and MCP fetches + runs Dev automatically
  2. You don't install a separate CLI; the MCP subprocess handles that
  3. The output comes back as structured answers to questions, not raw terminal output

So Dev is still the underlying tool, MCP is the faster entry point.

What it does

How does MCP know about my cluster

When you ask MCP to discover your environment, it reads your kubeconfig (read-only, same credentials as kubectl get) to identify:

  • Forwarder DaemonSets (Fluent Bit, Fluentd, Datadog Agent, OTel Collector, etc.)
  • Node counts and pod topology
  • Existing logging destinations (Splunk HEC endpoints, Elasticsearch clusters, CloudWatch log groups)

It then proposes a deployment plan tailored to your stack. See Tools for the per-tool reference.

Does MCP apply changes to my infrastructure

No. MCP is an advisor, not an actor:

  • k8s discovery is read-only (kubectl get equivalents only)
  • Generated configs are files, not applied changes. MCP writes my-reporter.yaml; you review and helm install.
  • Filter/compact suggestions are diff-reviewable. MCP proposes mute file entries; you commit.
  • Dependency checks call the log analyzer's API in-process when creds are in the env (read-only, never POST/PUT/DELETE), and fall back to paste-ready bash when they aren't.

You stay the operator. MCP never writes to your cluster, your git repo, or your log analyzer.

What is @apps/mcp and when do I run it

@apps/mcp is an internal tenx engine app the MCP server spawns as a subprocess. Events stream in over stdin and templates, encoded events, and summaries stream back over stdout, keeping log content off disk. Two tools use it: log10x_validate runs @apps/mcp to check a candidate config, and Triage runs the sibling @apps/mcp-file so a pasted batch is processed on-machine by the local 10x engine, templates coming back without events leaving the machine. You almost never invoke it directly; the server handles the subprocess lifecycle.

apps/mcp ships with tenx engine 1.0.22+. On 1.0.21, point TENX_CONFIG and TENX_MODULES at local clones of log-10x/config and log-10x/modules on the apps/mcp branches. See Engine compatibility.

Security

What data does the MCP Server see
  • API calls to your metrics backend (pre-aggregated metrics, no log content). The default hosted endpoint (prometheus.log10x.com) is optional; you can point at your own Prometheus or run air-gapped.
  • kubeconfig read access (only what kubectl get would surface)
  • Your log analyzer credentials (for dependency checks; read-only, local-only)

No log content ever leaves your machine. No data is cached server-side.

Where does the MCP Server run

As a local subprocess of your AI assistant (Claude Desktop, Code, Cursor). It starts when the assistant connects to the MCP and stops when the assistant closes. No cloud hosting, no Lambda, no API Gateway.

Next: Reporter