From betterstack
Guides querying Better Stack logs, managing log sources, structured search, and log-based alerting workflows.
How this skill is triggered — by the user, by Claude, or both
Slash command
/betterstack:loggingWhen to use
When querying logs, managing log sources, structured log search, log-based alerting, and log analysis workflows. Use when: betterstack logs, logtail, log search, log query, log source, search logs, log management, better stack logging, or log analysis.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Better Stack Logs (formerly Logtail) provides centralized log management with structured log ingestion, real-time search, and log-based alerting. MSPs use it to aggregate logs from client infrastructure, investigate incidents, and set up proactive alerting on error patterns.
Better Stack Logs (formerly Logtail) provides centralized log management with structured log ingestion, real-time search, and log-based alerting. MSPs use it to aggregate logs from client infrastructure, investigate incidents, and set up proactive alerting on error patterns.
Sources define where logs come from and how they're ingested:
Logs in Better Stack are structured JSON documents:
dt - Timestamp (ISO 8601)level - Log level (info, warn, error, debug, fatal)message - Log message textBetter Stack supports SQL-like queries for log searching:
level:error, service:api"connection refused"dt:[2026-03-27T00:00:00Z TO 2026-03-27T23:59:59Z]AND, OR, NOThost:prod-*Create alerts that trigger when log patterns match:
betterstack_query_logs
Parameters:
query - Search query string (required)source_id - Filter to a specific sourcefrom - Start time (ISO 8601)to - End time (ISO 8601)batch_size - Number of results to return (default 100)order - Sort order: newest_first or oldest_firstExample response:
{
"data": [
{
"dt": "2026-03-27T10:15:30.123Z",
"level": "error",
"message": "Connection refused to database at 10.0.1.5:5432",
"service": "api-gateway",
"host": "prod-api-01",
"request_id": "req-abc-123"
},
{
"dt": "2026-03-27T10:15:29.456Z",
"level": "error",
"message": "Health check failed for postgres pool",
"service": "api-gateway",
"host": "prod-api-01"
}
]
}
betterstack_list_sources
Parameters:
page - Pagination cursorExample response:
{
"data": [
{
"id": "src-789",
"type": "source",
"attributes": {
"name": "Production API",
"platform": "node",
"token": "xxxx...xxxx",
"ingesting_paused": false,
"records_count": 1500000
}
}
]
}
betterstack_create_source
Parameters:
name - Source name (required)platform - Platform type: node, python, ruby, go, docker, kubernetes, syslog, http, etc.betterstack_query_logs with the service name and time range around the incidentlevel:error over the last hour"authentication failed" OR "invalid token" OR "unauthorized"level:warn AND "rate limit"Cause: Invalid source ID or source was deleted Solution: List sources to verify the correct ID
Cause: Invalid query syntax Solution: Verify query follows the supported syntax (field:value, boolean operators, quotes for phrases)
Cause: No logs match the query for the given time range Solution: Broaden the time range, check source ID, verify logs are being ingested
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin betterstackQueries, filters, and analyzes Dynatrace logs using DQL for troubleshooting. Covers error rate calculation, pattern analysis, and log trends over time.
Guides LogQL query writing, Loki log aggregation pipeline configuration, and log troubleshooting with parsers, metric queries, and label filters.
ELK Stack, structured logging, log query patterns, and centralized log management.