Sumo Logic MCP Server (closed preview)

[kimsauce]

Purpose of this pull request

Pending SME approval from MCP team - do not merge.

External MCP server - Closed Beta. Est. publish: week of 2/23.

Select the type of change

• Minor Changes - Typos, formatting, slight revisions
• Update Content - Revisions, updating sections
• New Content - New features, sections, pages, tutorials
• Site and Tools - .clabot, version updates, maintenance, dependencies, new packages for the site (Docusaurus, Gatsby, React, etc.)

Ticket (if applicable)

https://sumologic.atlassian.net/browse/DOCS-1237

[DDeC7]

Hi @kimsauce - Comments include the following:

• Recommended removing "Platform Services" from titile
• Recommend removing the following from cost section:
  "

What to monitor

Track these metrics per request, per identity, and per tool:

• Cost per request (not just request volume).
• Tool calls per request.
• Agent step count.
• Retry frequency.
• Retrieval scope (top-k values, cross-namespace queries).
• Endpoints ranked by cost, not just traffic.

Recommended controls

• Hard budgets. Set per-request, per-identity, per-tool, and per-tenant spending limits.
• Validation gates. Implement authentication, input validation, size limits, and retrieval caps before LLM processing begins.
• Progressive trust. Start with restricted capabilities for new or untrusted identities. Expand access based on usage patterns.
• Per-tool quotas. Limit or disable expensive tools for untrusted traffic.
• Kill switches. Maintain the ability to disable high-cost tools or operations within seconds.
• Disconnect handling. Ensure workflows terminate when clients disconnect to prevent billing for abandoned requests."

[kimsauce]

hat to monitor

@DDeC7 done!

[DDeC7]

@kimsauce - MCP is closed preview and will be followed by an open/public preview later.

[jpipkin1]

Suggested change

	The Sumo Logic MCP Server, now in closed beta, lets you use Sumo tools for alerts, insights, dashboards, log searches and users in natural language in VS Code and Terminal.
	The Sumo Logic MCP Server, now in closed beta, lets you use Sumo Logic tools for alerts, insights, dashboards, log searches and users in natural language in VS Code and Terminal.

[jpipkin1]

Suggested change

	It enables external copilots and proprietary models to securely query logs, investigate SIEM insights, manage alerts and dashboards, and work with existing Dojo AI agents using natural language from IDEs and chat platforms.
	It enables external copilots and proprietary models to securely query logs, investigate Cloud SIEM insights, manage alerts and dashboards, and work with existing Dojo AI agents using natural language from IDEs and chat platforms.

[jpipkin1]

Suggested change

	<p><a href={useBaseUrl('docs/beta')}><span className="beta">Beta</span></a></p>

[jpipkin1]

I recommend that you add the beta label.

[jpipkin1]

This image is broken because the image is in the /platform-services folder and not in the /platform services/mcp subfolder.

[jpipkin1]

Suggested change

	If you've previously configured other MCP servers here, this should be an additive process (i.e., do not delete existing ones you still intend to use).
	If you've previously configured other MCP servers here, this should be an additive process (that is, do not delete existing ones you still intend to use).

[jpipkin1]

Suggested change

	`Show me all active alerts from the last 24 hours`
	`Get the history for alert ID <id>`
	`Find alerts related to <id>`
	`Resolve alert <id>`
	* `Show me all active alerts from the last 24 hours`
	* `Get the history for alert ID <id>`
	* `Find alerts related to <id>`
	* `Resolve alert <id>`

[jpipkin1]

Suggested change

	`Create a new dashboard called "System Overview" that uses the previous query to power a dashboard panel called "Total Log Count Per Minute"`
	`Add a second panel called "Error Logs Count Per Minute" that is a similar query but only has logs in it that contain the keyword "error" in them`
	* `Create a new dashboard called "System Overview" that uses the previous query to power a dashboard panel called "Total Log Count Per Minute"`
	* `Add a second panel called "Error Logs Count Per Minute" that is a similar query but only has logs in it that contain the keyword "error" in them`

[jpipkin1]

Suggested change

	`Show triage details for INSIGHT-1234`
	`Retrieve the triage details`
	`What are all of the related entities?`
	`Add a comment to this insight: "This warrants deeper investigation"`
	`Show recommended next steps for INSIGHT-1234`
	`Update INSIGHT-1234 status to In Progress`
	* `Show triage details for INSIGHT-1234`
	* `Retrieve the triage details`
	* `What are all of the related entities?`
	* `Add a comment to this insight: "This warrants deeper investigation"`
	* `Show recommended next steps for INSIGHT-1234`
	* `Update INSIGHT-1234 status to In Progress`

[jpipkin1]

Suggested change

	`Run a log search for the last 5 minutes across all of my data that counts the data by 1-minute buckets and plots the result as a line graph`
	`Run a 2-day search on _sourcecategory=*proofpoint*, count by recipient and senderip`
	* `Run a log search for the last 5 minutes across all of my data that counts the data by 1-minute buckets and plots the result as a line graph`
	* `Run a 2-day search on _sourcecategory=*proofpoint*, count by recipient and senderip`

[jpipkin1]

Suggested change

	`List the users in my org and format as an ASCII table`
	`Show users who have never logged in`
	`Delete those users`
	`List all users and their roles`
	* `List the users in my org and format as an ASCII table`
	* `Show users who have never logged in`
	* `Delete those users`
	* `List all users and their roles`

[jpipkin1]

Wow, @kimsauce! This article is amazing! What an incredible amount of work you've put into it. I'm impressed. I have only a few minor suggestions.