AI log analysis using OpenSearch MCP and Claude
Learn how to connect OpenSearch MCP with Claude Desktop to perform natural-language log analysis.
- Estimated time: 30 minutes
- Recommended OS: macOS, Ubuntu
- Prerequisites
- Create an Advanced Managed Search cluster
- OpenSearch master user account information
- Install Claude Desktop
- Python and uv runtime environment
About this scenario
In production environments, operators often need to write complex queries (DQL or DSL) to analyze incidents or search logs.
This tutorial combines Claude, MCP, and OpenSearch to build an environment where operators can analyze logs in natural language without writing complex queries.
How it works
Claude Desktop runs the OpenSearch MCP server installed in the local environment through MCP (Model Context Protocol). When a user asks a question, the MCP server calls the OpenSearch API to retrieve the required data and passes the result to the Claude model, which returns an analyzed answer to the operator.
Key use cases
- Natural-language log search: Intuitive queries such as "Show authentication-related logs from 2 PM to 4 PM yesterday"
- Incident root cause analysis: Summarize error causes and analyze recurring incident patterns
- Real-time trend analysis: Ask questions about service status based on recent log data
- Improved productivity: Provide an AI-based analysis environment without requiring operators to write DSL queries
What you will learn
- Connect and configure the OpenSearch MCP server in Claude Desktop
- Query OpenSearch index data using MCP tools
- Analyze logs and derive insights using natural language
Before you start
Before starting this tutorial, create an Advanced Managed Search cluster by referring to Create and manage clusters. The master user account information (ID/PW) entered during cluster creation is also used below.
The Advanced Managed Search cluster endpoint in this tutorial uses the public endpoint. Refer to Install and configure nginx to check the nginx proxy endpoint.
Getting started
Step 1. Install Claude Desktop
Install Claude Desktop for your operating system from the link below. After installation is complete, run Claude Desktop.
Step 2. Install OpenSearch MCP Server
Install the MCP server that connects Claude and OpenSearch.
OpenSearch MCP Server is provided as a Python-based package.
pip install uv
After installation, check the uvx path.
which uvx
This path is used later in the Claude configuration.
Step 3. Configure the MCP server in Claude Desktop
-
In Claude Desktop, go to the settings screen:
Claude menu > Settings > Developer > Edit Config -
Edit
claude_desktop_config.json. Add the MCP server settings as shown below.{
"mcpServers": {
"opensearch-mcp-server": {
"command": "${WHICH_UVX_PATH}",
"args": ["opensearch-mcp-server-py"],
"env": {
"OPENSEARCH_URL": "https://${AMS_ENDPOINT}",
"OPENSEARCH_USERNAME": "${MASTER_USERNAME}",
"OPENSEARCH_PASSWORD": "${MASTER_PASSWORD}"
}
}
}
}환경변수 설명 WHICH_UVX_PATH🖌︎ uvx installation path AMS_ENDPOINT🖌︎ Public endpoint of the Advanced Managed Search cluster MASTER_USERNAME🖌︎ Master user ID MASTER_PASSWORD🖌︎ Master user password
Step 4. Restart Claude and verify the connection
Completely quit Claude Desktop and run it again. Then ask Claude a question such as:
Summarize error logs from the last 10 minutes.
If logs are retrieved through the OpenSearch MCP server and Claude analyzes them in its response, the connection is working correctly.
Examples
You can analyze logs by asking questions such as:
- What errors occurred most frequently in the last hour?
- Summarize the cause of 500 errors in a specific service.
- What common patterns appear in today's error logs?
- Analyze the cause of an incident based on logs that contain a specific keyword.