Hey, it would be great to let Claude Code query logs in Grafana via MCP. Is there a way to set this up in a secure way? Thanks!
Hmm… this is a good question! I want to say yes? I believe the best way of going about this would be to export your Fly logs into an observability stack you control, somethingn like Grafana Cloud/Loki or even a self hosted Grafana/Loki. Fly Log Shipper, if I’m not mistaken is the best option for this kind of durable, queryable log export as well. Once the logs are in your own Grafana/Loki setup, you should then be able to configure Grafana’s MCP server with a dedicated service account token. I’d keep that token read-only and limit it to the Loki datasource or the minimum Grafana permissions needed.
I’d also run the MCP server with write operations disabled so Claude can query logs but not modify dashboards, alerts, or incidents.
So in short, it would be something like “Fly logs → Log Shipper → your Grafana/Loki → Claude Code via Grafana MCP,” rather than direct MCP access to Fly’s managed Grafana. I’ve never done this myself, so if you do end up trying it, let me know if it helps/works at all!
what you actually want to do here is have Claude hit our app logs endpoint. it isn’t documented but here is how our CLI uses it: fly-go/resource_logs.go at main · superfly/fly-go · GitHub
otherwise you can have claude run flyctl logs -a yourapp, that works too (but doesn’t fetch the entire history).
ideally both of these would be used with a readonly token: fly tokens create readonly · Fly Docs