> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Logging

> Admin API operations for observability: query the MCP call logs with filters and pagination, list and inspect alerts, and configure OpenTelemetry log and trace forwarding.

These operations read the MCP call logs and alerts and configure OpenTelemetry forwarding. Responses are thin by default — request the heavy detail only for the specific rows you need. The call log here is the AI-usage log, distinct from the forthcoming admin audit log.

<Info>
  **Closed beta.** The MCP Manager Admin API and MCP server are available now to a
  limited set of workspaces through the **MCP Manager Admin API** entitlement
  (`ff-mcpm-admin`), ahead of general availability. If you don't see **Settings →
  MCP & API** in your workspace, it isn't enabled for you yet — ask your MCP Manager
  contact to join the beta.
</Info>

## Query Logs

Retrieve MCP call logs, paginated and filterable.

Queries the workspace MCP call logs (the same data behind the Logging view), scoped to the caller's org. Filter by connection, user, gateway, server, host, container, team, log type, or trace/span id, and by a created\_at time range (fromMs/toMs). Returns a page of log rows ordered newest-first by default. Responses are thin by default (no request/response body or headers); pass includeDetail:true to include them (truncated). This is the AI-usage/call log — distinct from the admin audit log.

**MCP tool:** `query_logs` · **REST:** `POST /api/v1/mcpm-admin/logs/query` · **Capability:** View and export logs (`exportLogs`)

**Parameters**

<ParamField body="filters" type="object">
  Flat column -> value equality filters. Allowed columns: gateway\_connection\_guid (a connection), user\_guid, outbound\_gateway\_guid (a gateway), inbound\_server\_guid (a server), host\_guid, server\_container\_guid, team\_guid, type (log type), trace\_id, span\_id. Combine with the time range and pagination below. org scope is always applied automatically. *(a string → string map)*
</ParamField>

<ParamField body="fromMs" type="integer">
  Time-range start as epoch milliseconds (inclusive lower bound on created\_at). Omit for no lower bound.
</ParamField>

<ParamField body="toMs" type="integer">
  Time-range end as epoch milliseconds (inclusive upper bound on created\_at). Omit for no upper bound.
</ParamField>

<ParamField body="orderByColumn" type="string">
  Column to sort by (must be a returned log column). Defaults to created\_at.
</ParamField>

<ParamField body="orderByDirection" type="string">
  Sort direction. Defaults to desc (newest first). One of: `asc`, `desc`.
</ParamField>

<ParamField body="skip" type="integer">
  Number of rows to skip (offset) for pagination. Defaults to 0.
</ParamField>

<ParamField body="take" type="integer">
  Max rows to return this page. Defaults to 100, capped at 1000.
</ParamField>

<ParamField body="includeDetail" type="boolean">
  When true, include the heavy request/response `body` and `headers` fields (truncated). Omitted by default to keep responses small — request detail only for the specific rows you need.
</ParamField>

**Example**

```json theme={null}
{"filters":{"gateway_connection_guid":"MGC-..."},"take":50}
```

## List Alerts

List workspace alerts, paginated and filterable (thin summaries).

Lists alerts for the workspace, newest-first, filterable by code, messageType, related resource, and a created-at time range. Returns a thin summary per alert (`guid, code, messageType, subject, message, createdAt, relatedResourceIds`) — the heavy debug/close context is omitted; use get\_alert for the full record of a single alert.

**MCP tool:** `list_alerts` · **REST:** `POST /api/v1/mcpm-admin/alerts/query` · **Capability:** See all alerts (`seeAllAlerts`)

**Parameters**

<ParamField body="filters" type="object">
  Optional filters: code (exact alert code), messageType (info | warning | error), and/or relatedResourceGuid (matches any related resource on the alert — server, gateway, assignment, identity, policy, or connection). Combine with the time range below. *(a string → string map)*
</ParamField>

<ParamField body="fromMs" type="integer">
  Time-range start as epoch milliseconds (inclusive lower bound on when the alert was created).
</ParamField>

<ParamField body="toMs" type="integer">
  Time-range end as epoch milliseconds (inclusive upper bound on when the alert was created).
</ParamField>

<ParamField body="skip" type="integer">
  Number of alerts to skip (offset) for pagination. Defaults to 0.
</ParamField>

<ParamField body="take" type="integer">
  Max alerts to return this page. Defaults to 50, capped at 250.
</ParamField>

**Example**

```json theme={null}
{"filters":{"messageType":"error"},"take":25}
```

## Get Alert

<Badge color="green">Read-only</Badge>

Get the full record for one alert.

Returns everything about a single alert: the summary fields plus the unresolved dynamicContent (subject/message with placeholders), the debugContext (response status/headers/body and engine details), relatedContext, and closeDetails. Use for debugging a specific alert surfaced by list\_alerts.

**MCP tool:** `get_alert` · **REST:** `GET /api/v1/mcpm-admin/alerts/:alertGuid` · **Capability:** See all alerts (`seeAllAlerts`)

**Parameters**

<ParamField path="alertGuid" type="string" required>
  The guid of the alert to inspect (from list\_alerts).
</ParamField>

**Example**

```json theme={null}
{"alertGuid":"MAM-..."}
```

## Get OpenTelemetry Configuration

<Badge color="green">Read-only</Badge>

Get the workspace OpenTelemetry (OTLP/HTTP) log-forwarding configuration.

Returns the workspace OTLP/HTTP configuration used to forward logs (and optionally traces) to a SIEM: `{ configured, logsCollectorUrl, tracesCollectorUrl, headerNames }`. For security, only the header **names** are returned, never their values (headers often carry a bearer/API token). `configured` is false when no collector is set up yet.

**MCP tool:** `get_otel_configuration` · **REST:** `GET /api/v1/mcpm-admin/otel-configuration` · **Capability:** Manage OpenTelemetry collector (`manageOtelCollector`)

**Parameters:** none.

**Example**

```json theme={null}
{}
```

## Set OpenTelemetry Configuration

Configure the workspace OpenTelemetry (OTLP/HTTP) collector.

Creates or updates the workspace OTLP/HTTP configuration for log (and optional trace) forwarding, mirroring the Logging > Integrations panel. Provide at least one collector URL. URLs are stored exactly as entered (no signal path is appended); each URL is updated independently, so omitting one keeps the currently-stored value rather than clearing it. `headers` is optional: omit to keep existing headers, pass a map to replace them, or an empty map to clear them. Returns the same shape as get\_otel\_configuration (header names only, never values).

**MCP tool:** `set_otel_configuration` · **REST:** `POST /api/v1/mcpm-admin/otel-configuration` · **Capability:** Manage OpenTelemetry collector (`manageOtelCollector`)

**Parameters**

<ParamField body="logsCollectorUrl" type="string">
  OTLP/HTTP endpoint for log export (e.g. [https://collector.example.com:4318/v1/logs](https://collector.example.com:4318/v1/logs)). Sent exactly as given — include the signal path yourself; it is never appended. Omit to keep the currently-stored logs URL unchanged (updating only the traces URL never disables log forwarding). At least one of logsCollectorUrl or tracesCollectorUrl is required.
</ParamField>

<ParamField body="tracesCollectorUrl" type="string">
  OTLP/HTTP endpoint for trace export (e.g. [https://collector.example.com:4318/v1/traces](https://collector.example.com:4318/v1/traces)). Sent exactly as given — include the signal path yourself; it is never appended. Omit to keep the currently-stored traces URL unchanged (updating only the logs URL never disables trace forwarding). At least one of logsCollectorUrl or tracesCollectorUrl is required.
</ParamField>

<ParamField body="headers" type="object">
  HTTP request headers sent with both signals (e.g. an Authorization bearer for the SIEM). OMIT this to keep the existing headers unchanged — important because their values are write-only and cannot be read back to re-supply. Pass a map to REPLACE the full header set, or an empty map to clear all headers. Values are stored encrypted and are never returned by get\_otel\_configuration. *(a string → string map)*
</ParamField>

**Example**

```json theme={null}
{"logsCollectorUrl":"https://collector.example.com:4318/v1/logs","tracesCollectorUrl":"https://collector.example.com:4318/v1/traces","headers":{"Authorization":"Bearer <token>"}}
```

## Further reading

<CardGroup cols={2}>
  <Card title="What's coming" icon="arrow-right" href="/admin-api/roadmap">
    Where to go next in this section.
  </Card>

  <Card title="Authentication & access" icon="shield-halved" href="/admin-api/authentication">
    Tokens, the entitlement, capability gating, and error codes for every operation here.
  </Card>

  <Card title="Tool & endpoint reference" icon="book" href="/admin-api/reference/overview">
    The full reference index across every domain.
  </Card>

  <Card title="Capabilities" icon="key" href="/deployment/rbac-and-roles/capabilities">
    What each capability named on this page actually allows.
  </Card>
</CardGroup>
