Azure Log Analytics Workspace

Azure Log Analytics Workspace MCP Connector for Claude

F

This MCP does exactly one thing: it queries logs from a single Azure Log Analytics table. That's its only function, and nothing else. Incredible for giving your AI secure observability.

1 tools Official Updated Jun 28, 2026 Official Vinkius Partner

This server strips away dangerous global Azure permissions. It gives your AI agent one surgical superpower: the ability to run KQL queries on one specific Log Analytics table.

By strictly scoping access, your AI can safely troubleshoot application errors, analyze traffic spikes, and monitor infrastructure without ever gaining access to sensitive audit trails globally.

The Superpowers

  • Absolute Containment: The agent is strictly locked to query a single table. It cannot search across all workspace logs.
  • Native KQL Power: Supports full Kusto Query Language syntax, allowing the AI to filter, parse JSON payloads, and extract insights.
  • Plug & Play Troubleshooting: Instantly gives your agent the eyes and ears it needs to debug production issues autonomously.
kqllog-queryingcloud-monitoringtelemetrytroubleshootingscoped-access

1 tools expose this connector's capabilities to your AI agent.

query_logs

Do NOT include the table name in your query operations. The engine automatically prepends the authorized table name. Just provide the KQL operations (e.g., "| where TimeGenerated > ago(1h) | limit 10"). Execute a Kusto (KQL) query against the configured Log Analytics table

See how to talk to your AI agent using Azure Log Analytics Workspace.

Fetch the last 10 error logs.

I queried the logs using `| where SeverityLevel == 'Error' | sort by TimeGenerated desc | limit 10`. Here are the results...

Find logs where the user ID was 'admin' in the last 24 hours.

I used `| where TimeGenerated > ago(24h) | where UserId == 'admin'` and found 3 relevant log entries.

To enforce zero-trust security. A Workspace often contains sensitive audit trails (like AzureActivity or SecurityEvents). By locking the agent to a specific table (e.g., 'AppExceptions'), you prevent it from reading global infrastructure access logs.

Related Connectors