Skip to content

FAQ

The MCP Server is the front door to Log10x — install it into Claude Desktop / Code / Cursor and let it guide you through adopting the rest of the platform.

Overview

Do I need MCP to use Log10x

No. Every 10x app (Dev, Reporter, Regulator, Streamer) has standalone install/deploy docs you can follow manually. MCP just makes adoption faster by knowing your environment and generating tailored configs.

If you prefer a manual workflow, skip MCP entirely and follow each app's Deploy page.

Why start with MCP instead of Dev

Historically you'd start with Dev (download CLI, run on sample logs) to preview savings before deploying anything. That still works. But with MCP installed:

  1. You ask your AI assistant "preview what 10x would do to my logs", and MCP fetches + runs Dev automatically
  2. You don't install a separate CLI; the MCP subprocess handles that
  3. The output comes back as structured answers to questions, not raw terminal output

So Dev is still the underlying tool, MCP is the faster entry point.

What it does

How does MCP know about my cluster

When you ask MCP to discover your environment, it reads your kubeconfig (read-only, same credentials as kubectl get) to identify:

  • Forwarder DaemonSets (Fluent Bit, Fluentd, Datadog Agent, OTel Collector, etc.)
  • Node counts and pod topology
  • Existing logging destinations (Splunk HEC endpoints, Elasticsearch clusters, CloudWatch log groups)

It then proposes a deployment plan tailored to your stack. See Tools for the per-tool reference.

Does MCP apply changes to my infrastructure

No. MCP is an advisor, not an actor:

  • k8s discovery is read-only (kubectl get equivalents only)
  • Generated configs are files, not applied changes. MCP writes my-reporter.yaml; you review and helm install.
  • Filter/compact suggestions are diff-reviewable. MCP proposes mute file entries; you commit.
  • Dependency checks run locally with your own SIEM credentials (read-only).

You stay the operator. MCP never writes to your cluster, your git repo, or your SIEM.

What is @apps/mcp and when do I run it

@apps/mcp is an internal runtime the MCP Server spawns as a subprocess when an agent calls log10x_validate. You almost never invoke it directly — the server handles the subprocess lifecycle. If you need to reproduce a log10x_validate result for debugging, see the Tools page.

Security

What data does the MCP Server see
  • API calls to Log10x Prometheus (pre-aggregated metrics, no log content)
  • kubeconfig read access (only what kubectl get would surface)
  • Your SIEM credentials (for dependency checks; read-only, local-only)

No log content ever leaves your machine. No data is cached server-side.

Where does the MCP Server run

As a local subprocess of your AI assistant (Claude Desktop, Code, Cursor). It starts when the assistant connects to the MCP and stops when the assistant closes. No cloud hosting, no Lambda, no API Gateway.