Streams through massive NDJSON log files without loading them into memory, which matters when your service crashes and the log is 2GB. Exposes query_log_pattern for field filtering, detect_error_anomalies for Z-score spike detection, and summarize_log_timeline for chronological severity bucketing. Also includes correlate_request for distributed trace reconstruction across multiple files, discover_log_schema for format inference, and group_semantic_patterns using the Drain algorithm for clustering message templates. The start_live_triage tool tails logs with real-time anomaly alerts, and query_external_logs bridges to Datadog, Splunk, and Elasticsearch with OpenTelemetry output mapping. Reach for this when you need to triage production incidents without waiting for your editor to choke on gigabyte files.
claude mcp add --transport stdio vola-trebla-ndjson-local-log-triage-mcp uvx ndjson-local-log-triage-mcp