DEV Community

Cover image for How to Query Tencent Cloud CLS Logs with an MCP Server
Tencent Cloud -Cloud Log Service
Tencent Cloud -Cloud Log Service

Posted on • Edited on

How to Query Tencent Cloud CLS Logs with an MCP Server

#ai #observability #logging #devops

Complex log search often starts with an operational question rather than a finished query: why did a service fail, how many users failed to log in today, or which IP addresses looked suspicious during the past 24 hours? Tencent Cloud Log Service (CLS) MCP Server gives an AI assistant a controlled way to work with CLS log topics. It can help turn natural-language troubleshooting requests into CLS queries, resolve topic and region context, and search operational logs without forcing every user to write the query syntax manually.

Best fit: natural-language CLS log troubleshooting

Use this pattern when the person investigating logs knows the question but does not yet know the exact CLS topic, region, timestamp, or search statement.

Scenario What the user asks What CLS MCP Server helps with
Operations troubleshooting "Analyze the current error logs and find the likely failure point." Generate a query and search the relevant log topic
Business status check "How many user login failures happened today?" Turn a natural-language request into a CLS log search
Security review "Find suspicious IP access records in the past 24 hours." Combine time context, topic context, and query generation

This is useful for operators, SREs, developers, and less technical users who need log answers but do not want to assemble every query parameter by hand.

CLS MCP Server connection model

Model Context Protocol (MCP) Server is a lightweight service that connects a large language model to external resources through a standardized interface. In this case, the external resource is Tencent Cloud CLS.

The workflow is:

  1. The user asks an operations question in an AI client.
  2. The assistant uses the MCP server instead of guessing.
  3. The server provides CLS-related capabilities such as log search, topic lookup, region lookup, and timestamp assistance.
  4. The assistant returns an answer based on queried CLS logs.

CLS capabilities the assistant needs

The source workflow focuses on three capabilities.

Capability What it does Why it matters
Log query Searches log data stored in a CLS log topic Lets the assistant inspect real operational logs
Natural-language query generation Converts everyday language into a more precise CLS query Lowers the barrier for troubleshooting and business checks
Context helper functions Resolves topic IDs from topic names, region aliases from region names, and current timestamps Reduces wrong-topic, wrong-region, and wrong-time-window mistakes

The context helper functions are important because LLMs can otherwise answer from an incomplete resource context. Topic ID lookup and region alias lookup make the log search path more reliable.

Permission preparation for CLS MCP Server

Install Node.js first. Then create a Tencent Cloud sub-account and grant only the permissions needed for this workflow.

{
  "version": "2.0",
  "statement": [
    {
      "effect": "allow",
      "action": [
        "cls:SearchLog",
        "cls:DescribeTopics",
        "cls:ChatCompletions"
      ],
      "resource": ["*"]
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

The credential pair used by the MCP server is:

Credential Purpose
SecretId Tencent Cloud API key ID
SecretKey Tencent Cloud API key secret

For production use, scope credentials according to your own security model. The settings should enable the intended log search workflow without giving the assistant unnecessary cloud access.

Cherry Studio setup for CLS MCP Server

Add a cls-mcp-server entry to the MCP settings. The server runs through npx, uses Tencent Cloud credentials from environment variables, and points to a default CLS region.

{
  "mcpServers": {
    "cls-mcp-server": {
      "isActive": true,
      "name": "cls-mcp-server",
      "type": "stdio",
      "registryUrl": "",
      "command": "npx",
      "args": [
        "-y",
        "cls-mcp-server"
      ],
      "env": {
        "TENCENTCLOUD_SECRET_ID": "YOUR_TENCENT_SECRET_ID",
        "TENCENTCLOUD_SECRET_KEY": "YOUR_TENCENT_SECRET_KEY",
        "TENCENTCLOUD_API_BASE_HOST": "tencentcloudapi.com",
        "TENCENTCLOUD_REGION": "ap-guangzhou",
        "MAX_LENGTH": "15000"
      }
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Configuration fields to verify:

Field Check
command Uses npx
args Runs cls-mcp-server with -y
TENCENTCLOUD_SECRET_ID Set to the Tencent Cloud API key ID
TENCENTCLOUD_SECRET_KEY Set to the Tencent Cloud API key secret
TENCENTCLOUD_API_BASE_HOST Usually tencentcloudapi.com
TENCENTCLOUD_REGION Default CLS region, such as ap-guangzhou
MAX_LENGTH Maximum response length returned through the tool path

Assistant log queries after setup

After the MCP server is active, the user can ask concrete questions:

Check the current error logs for this service and summarize the likely failure point.
Enter fullscreen mode Exit fullscreen mode 
How many user login failures happened today?
Enter fullscreen mode Exit fullscreen mode 
Find suspicious IP access records in the past 24 hours.
Enter fullscreen mode Exit fullscreen mode

The assistant should not skip resource context. A reliable log answer depends on the target topic, region, and time range.

Choosing between CLS MCP Server and a Dify Tool

CLS can also work with Dify through a Dify Tool. Use the MCP path when the operator already works in an MCP-capable AI client or agent environment. Use the Dify Tool path when the CLS log action belongs inside a Dify application workflow.

Option Better fit
CLS MCP Server AI desktop clients, coding assistants, agent tools, and conversation-driven operations workflows that support MCP
Dify Tool Dify application workflows that package CLS access as part of an app experience

Both approaches let a model work with CLS logs. The difference is where the workflow lives.

Common pitfalls when querying CLS logs with an AI assistant

  • Giving the assistant broad cloud credentials when only log search permissions are needed.
  • Asking a log question without a time window such as "today" or "past 24 hours".
  • Forgetting that a correct query against the wrong region still returns the wrong operational view.
  • Letting the assistant guess a topic ID instead of resolving it from the topic name.
  • Treating a generated query as final evidence without reviewing the returned logs during high-impact incidents.

FAQ

When should I use CLS MCP Server for log search?

Use it when an operations question needs CLS data but the user does not already have the exact query, topic ID, region alias, or timestamp. It is especially useful for troubleshooting, business checks, and security review.

What Tencent Cloud permissions does the MCP server need?

The workflow uses cls:SearchLog, cls:DescribeTopics, and cls:ChatCompletions. Start with those actions and narrow the resource scope according to your account policy.

Can CLS MCP Server reduce LLM hallucination during troubleshooting?

It can reduce resource-context mistakes by letting the assistant look up topic IDs, region aliases, and timestamps instead of guessing them. The final answer should still be checked against returned CLS log evidence.

What should I verify before using this in production?

Verify credential scope, default region, target log topics, Node.js availability, MCP client activation, and whether the returned log results match the expected time window.

Final checklist

  • Node.js is installed.
  • The Tencent Cloud sub-account has the required CLS permissions.
  • cls-mcp-server is active in the AI client.
  • TENCENTCLOUD_REGION matches the target CLS region.
  • A test prompt can resolve a log topic and run a CLS query.
  • The assistant response is grounded in returned operational logs.

Top comments (0)