{"id":"c03d667d-6b3a-41d1-b370-1f93ab2e5e30","shortId":"cQzsxs","kind":"skill","title":"log-dive","tagline":"Unified log search across Loki, Elasticsearch, and CloudWatch. Natural language queries translated to LogQL, ES DSL, or CloudWatch filter patterns. Read-only. Never modifies or deletes logs.","description":"# Log Dive — Unified Log Search 🤿\n\nSearch logs across **Loki**, **Elasticsearch/OpenSearch**, and **AWS CloudWatch** from a single interface. Ask in plain English; the skill translates to the right query language.\n\n> **⚠️ Sensitive Data Warning:** Logs frequently contain PII, secrets, tokens, passwords, and other sensitive data. Never cache, store, or repeat raw log content beyond the current conversation. Treat all log output as confidential.\n\n## Activation\n\nThis skill activates when the user mentions:\n- \"search logs\", \"find in logs\", \"log search\", \"check the logs\"\n- \"Loki\", \"LogQL\", \"logcli\"\n- \"Elasticsearch logs\", \"Kibana\", \"OpenSearch\"\n- \"CloudWatch logs\", \"AWS logs\", \"log groups\"\n- \"error logs\", \"find errors\", \"what happened in [service]\"\n- \"tail logs\", \"follow logs\", \"live logs\"\n- \"log backends\", \"which log sources\", \"log indices\", \"log labels\"\n- Incident triage involving log analysis\n- \"log-dive\" explicitly\n\n## Permissions\n\n```yaml\npermissions:\n  exec: true          # Required to run backend scripts\n  read: true          # Read script files\n  write: false        # Never writes files — logs may contain secrets\n  network: true       # Queries remote log backends\n```\n\n## Example Prompts\n\n1. \"Find error logs from the checkout service in the last 30 minutes\"\n2. \"Search for timeout exceptions across all services\"\n3. \"What log backends do I have configured?\"\n4. \"List available log indices in Elasticsearch\"\n5. \"Show me the labels available in Loki\"\n6. \"Tail the payment-service logs\"\n7. \"Find all 5xx errors in CloudWatch for api-gateway\"\n8. \"Correlate errors between user-service and payment-service\"\n9. \"What happened in production between 2pm and 3pm today?\"\n\n## Backend Configuration\n\nEach backend uses environment variables. Users may have one, two, or all three configured.\n\n### Loki\n| Variable | Required | Description |\n|----------|----------|-------------|\n| `LOKI_ADDR` | Yes | Loki server URL (e.g., `http://loki.internal:3100`) |\n| `LOKI_TOKEN` | No | Bearer token for authentication |\n| `LOKI_TENANT_ID` | No | Multi-tenant header (`X-Scope-OrgID`) |\n\n### Elasticsearch / OpenSearch\n| Variable | Required | Description |\n|----------|----------|-------------|\n| `ELASTICSEARCH_URL` | Yes | Base URL (e.g., `https://es.internal:9200`) |\n| `ELASTICSEARCH_TOKEN` | No | `Basic <base64>` or `Bearer <token>` for auth |\n\n### AWS CloudWatch Logs\n| Variable | Required | Description |\n|----------|----------|-------------|\n| `AWS_PROFILE` or `AWS_ACCESS_KEY_ID` | Yes | Standard AWS credentials |\n| `AWS_REGION` | Yes | AWS region for CloudWatch |\n\n## Agent Workflow\n\nFollow this sequence:\n\n### Step 1: Check Backends\n\nRun the backends check to see what's configured:\n\n```bash\nbash <skill_dir>/scripts/log-dive.sh backends\n```\n\nParse the JSON output. If no backends are configured, tell the user which environment variables to set.\n\n### Step 2: Translate the User's Query\n\nThis is the critical step. Convert the user's natural language request into the appropriate backend-specific query. Use the query language reference below.\n\n**For ALL backends, pass the query through the dispatcher:**\n\n```bash\n# Search across all configured backends\nbash <skill_dir>/scripts/log-dive.sh search --query '<QUERY>' [OPTIONS]\n\n# Search a specific backend\nbash <skill_dir>/scripts/log-dive.sh search --backend loki --query '{app=\"checkout\"} |= \"error\"' --since 30m --limit 200\n\nbash <skill_dir>/scripts/log-dive.sh search --backend elasticsearch --query '{\"query\":{\"bool\":{\"must\":[{\"match\":{\"message\":\"error\"}},{\"match\":{\"service\":\"checkout\"}}]}}}' --index 'app-logs-*' --since 30m --limit 200\n\nbash <skill_dir>/scripts/log-dive.sh search --backend cloudwatch --query '\"ERROR\" \"checkout\"' --log-group '/ecs/checkout-service' --since 30m --limit 200\n```\n\n### Step 3: List Available Targets\n\nBefore searching, you may need to discover what's available:\n\n```bash\n# Loki: list labels and label values\nbash <skill_dir>/scripts/log-dive.sh labels --backend loki\nbash <skill_dir>/scripts/log-dive.sh labels --backend loki --label app\n\n# Elasticsearch: list indices\nbash <skill_dir>/scripts/log-dive.sh indices --backend elasticsearch\n\n# CloudWatch: list log groups\nbash <skill_dir>/scripts/log-dive.sh indices --backend cloudwatch\n```\n\n### Step 4: Tail Logs (Live Follow)\n\n```bash\nbash <skill_dir>/scripts/log-dive.sh tail --backend loki --query '{app=\"checkout\"}'\nbash <skill_dir>/scripts/log-dive.sh tail --backend cloudwatch --log-group '/ecs/checkout-service'\n```\n\nTail runs for a limited time (default 30s) and streams results.\n\n### Step 5: Analyze Results\n\nAfter receiving log output, you MUST:\n\n1. **Identify unique error types** — group similar errors, count occurrences\n2. **Find the root cause** — look for the earliest error, trace dependency chains\n3. **Correlate across services** — if errors in service A mention service B, note the dependency\n4. **Build a timeline** — order events chronologically\n5. **Summarize actionably** — \"The checkout service started returning 500s at 14:23 because the database connection pool was exhausted (max 10 connections, 10 in use). The pool exhaustion was triggered by a slow query in the inventory service.\"\n\n**NEVER dump raw log output to the user.** Always summarize, extract patterns, and present structured findings.\n\n### Discord v2 Delivery Mode (OpenClaw v2026.2.14+)\n\nWhen the conversation is happening in a Discord channel:\n\n- Send a compact incident summary first (backend, query intent, top error types, root-cause hypothesis), then ask if the user wants full detail.\n- Keep the first response under ~1200 characters and avoid dumping raw log lines in the first message.\n- If Discord components are available, include quick actions:\n  - `Show Error Timeline`\n  - `Show Top Error Patterns`\n  - `Run Related Service Query`\n- If components are not available, provide the same follow-ups as a numbered list.\n- Prefer short follow-up chunks (<=15 lines per message) when sharing timelines or grouped findings.\n\n## Query Language Reference\n\n### LogQL (Loki)\n\nLogQL has two parts: a stream selector and a filter pipeline.\n\n**Stream selectors:**\n```\n{app=\"myapp\"}                          # exact match\n{namespace=\"prod\", app=~\"api-.*\"}      # regex match\n{app!=\"debug\"}                         # negative match\n```\n\n**Filter pipeline (chained after selector):**\n```\n{app=\"myapp\"} |= \"error\"              # line contains \"error\"\n{app=\"myapp\"} != \"healthcheck\"         # line does NOT contain\n{app=\"myapp\"} |~ \"error|warn\"          # regex match on line\n{app=\"myapp\"} !~ \"DEBUG|TRACE\"         # negative regex\n```\n\n**Structured metadata (parsed logs):**\n```\n{app=\"myapp\"} | json                   # parse JSON logs\n{app=\"myapp\"} | json | status >= 500   # filter by parsed field\n{app=\"myapp\"} | logfmt                 # parse logfmt\n{app=\"myapp\"} | regexp `(?P<ip>\\d+\\.\\d+\\.\\d+\\.\\d+)` # regex extract\n```\n\n**Common patterns:**\n- Errors in service: `{app=\"checkout\"} |= \"error\" | json | level=\"error\"`\n- HTTP 5xx: `{app=\"api\"} | json | status >= 500`\n- Slow requests: `{app=\"api\"} | json | duration > 5s`\n- Stack traces: `{app=\"myapp\"} |= \"Exception\" |= \"at \"`\n\n### Elasticsearch Query DSL\n\n**Simple match:**\n```json\n{\"query\": {\"match\": {\"message\": \"error\"}}}\n```\n\n**Boolean query (AND/OR):**\n```json\n{\n  \"query\": {\n    \"bool\": {\n      \"must\": [\n        {\"match\": {\"message\": \"error\"}},\n        {\"match\": {\"service.name\": \"checkout\"}}\n      ],\n      \"must_not\": [\n        {\"match\": {\"message\": \"healthcheck\"}}\n      ]\n    }\n  },\n  \"sort\": [{\"@timestamp\": \"desc\"}],\n  \"size\": 200\n}\n```\n\n**Time range filter:**\n```json\n{\n  \"query\": {\n    \"bool\": {\n      \"must\": [{\"match\": {\"message\": \"timeout\"}}],\n      \"filter\": [\n        {\"range\": {\"@timestamp\": {\"gte\": \"now-30m\", \"lte\": \"now\"}}}\n      ]\n    }\n  }\n}\n```\n\n**Wildcard / regex:**\n```json\n{\"query\": {\"regexp\": {\"message\": \"error.*timeout\"}}}\n```\n\n**Common patterns:**\n- Errors in service: `{\"query\":{\"bool\":{\"must\":[{\"match\":{\"message\":\"error\"}},{\"match\":{\"service.name\":\"checkout\"}}]}}}`\n- HTTP 5xx: `{\"query\":{\"range\":{\"http.status_code\":{\"gte\":500}}}}`\n- Aggregate by field: Use `\"aggs\"` — but prefer simple queries for agent use\n\n### CloudWatch Filter Patterns\n\n**Simple text match:**\n```\n\"ERROR\"                              # contains ERROR\n\"ERROR\" \"checkout\"                   # contains ERROR AND checkout\n```\n\n**JSON filter patterns:**\n```\n{ $.level = \"error\" }               # JSON field match\n{ $.statusCode >= 500 }             # numeric comparison\n{ $.duration > 5000 }               # duration threshold\n{ $.level = \"error\" && $.service = \"checkout\" }  # compound\n```\n\n**Negation and wildcards:**\n```\n?\"ERROR\" ?\"timeout\"                  # ERROR OR timeout (any term)\n-\"healthcheck\"                       # does NOT contain (use with other terms)\n```\n\n**Common patterns:**\n- Errors: `\"ERROR\"`\n- Errors in service: `{ $.level = \"error\" && $.service = \"checkout\" }`\n- HTTP 5xx: `{ $.statusCode >= 500 }`\n- Exceptions: `\"Exception\" \"at \"`\n\n## Output Format\n\nWhen presenting search results, use this structure:\n\n```markdown\n## Log Search Results\n\n**Backend:** Loki | **Query:** `{app=\"checkout\"} |= \"error\"`\n**Time range:** Last 30 minutes | **Results:** 47 entries\n\n### Error Summary\n\n| Error Type | Count | First Seen | Last Seen | Service |\n|-----------|-------|------------|-----------|---------|\n| NullPointerException | 23 | 14:02:31 | 14:28:45 | checkout |\n| ConnectionTimeout | 18 | 14:05:12 | 14:29:01 | checkout → db |\n| HTTP 503 | 6 | 14:06:00 | 14:27:33 | checkout → payment |\n\n### Root Cause Analysis\n\n1. **14:02:31** — First `NullPointerException` in checkout service...\n2. **14:05:12** — Database connection timeouts begin...\n\n### Recommended Actions\n\n- [ ] Check database connection pool settings\n- [ ] Review recent deployments to checkout service\n\n---\n*Powered by Anvil AI 🤿*\n```\n\n## Common Workflows\n\n### Incident Triage\n1. Check backends → search for errors in affected service → search upstream/downstream services → correlate → build timeline → recommend actions.\n\n### Performance Investigation\n1. Search for slow requests (`duration > 5s`) → identify common patterns → check for database slow queries → check for external service timeouts.\n\n### Deployment Verification\n1. Search for errors in the deployed service since deploy time → compare error rate with pre-deploy period → flag new error types.\n\n## Limitations\n\n- **Read-only:** This skill can only search and read logs. It cannot delete, modify, or create log entries.\n- **Output size:** Default limit is 200 entries. Log output is pre-filtered to reduce token consumption. For larger investigations, use multiple targeted queries rather than one broad query.\n- **Network access:** Log backends must be reachable from the machine running OpenClaw.\n- **No streaming aggregation:** For complex aggregations (percentiles, rates), consider using your backend's native UI (Grafana, Kibana, CloudWatch Insights).\n\n## Troubleshooting\n\n| Error | Cause | Fix |\n|-------|-------|-----|\n| \"No backends configured\" | No env vars set | Set `LOKI_ADDR`, `ELASTICSEARCH_URL`, or configure AWS CLI |\n| \"logcli not found\" | logcli not installed | Install from https://grafana.com/docs/loki/latest/tools/logcli/ |\n| \"aws: command not found\" | AWS CLI not installed | Install from https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html |\n| \"curl: command not found\" | curl not installed | `apt install curl` or `brew install curl` |\n| \"jq: command not found\" | jq not installed | `apt install jq` or `brew install jq` |\n| \"connection refused\" | Backend unreachable | Check URL, VPN, firewall rules |\n| \"401 Unauthorized\" | Bad credentials | Check `LOKI_TOKEN`, `ELASTICSEARCH_TOKEN`, or AWS credentials |\n\n---\n*Powered by Anvil AI 🤿*","tags":["log","dive","cacheforge","skills","cacheforge-ai","agent-skills","ai-agents","clawhub","devops","discord-v2","kubernetes","openclaw"],"capabilities":["skill","source-cacheforge-ai","skill-log-dive","topic-agent-skills","topic-ai-agents","topic-cacheforge","topic-clawhub","topic-devops","topic-discord-v2","topic-kubernetes","topic-openclaw","topic-prometheus"],"categories":["cacheforge-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/cacheforge-ai/cacheforge-skills/log-dive","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add cacheforge-ai/cacheforge-skills","source_repo":"https://github.com/cacheforge-ai/cacheforge-skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (11,734 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:04.412Z","embedding":null,"createdAt":"2026-05-18T13:14:38.335Z","updatedAt":"2026-05-18T19:09:04.412Z","lastSeenAt":"2026-05-18T19:09:04.412Z","tsv":"'/cli/latest/userguide/getting-started-install.html':1400 '/docs/loki/latest/tools/logcli/':1387 '/ecs/checkout-service':504,583 '/scripts/log-dive.sh':382,449,458,471,494,532,537,547,556,568,576 '00':1166 '01':1158 '02':1145,1177 '05':1154,1186 '06':1165 '1':188,368,605,1175,1213,1232,1254 '10':670,672 '12':1155,1187 '1200':748 '14':660,1144,1147,1153,1156,1164,1167,1176,1185 '15':800 '18':1152 '2':201,402,615,1184 '200':469,492,508,971,1302 '23':661,1143 '27':1168 '28':1148 '29':1157 '2pm':267 '3':209,510,628 '30':199,1127 '30m':467,490,506,988 '30s':591 '31':1146,1178 '33':1169 '3pm':269 '4':217,561,643 '401':1438 '45':1149 '47':1130 '5':224,596,650 '500':888,925,1020,1057,1101 '5000':1061 '500s':658 '503':1162 '5s':932,1238 '5xx':242,920,1014,1099 '6':232,1163 '7':239 '8':250 '9':261 'access':348,1327 'across':7,39,206,444,630 'action':652,767,1193,1229 'activ':93,96 'addr':292,1370 'affect':1220 'agent':362,1031 'agg':1025 'aggreg':1021,1340,1343 'ai':1208,1453 'alway':696 'analysi':151,1174 'analyz':597 'and/or':951 'anvil':1207,1452 'api':248,835,922,929 'api-gateway':247 'app':463,487,542,573,828,834,838,847,853,860,868,878,884,893,898,913,921,928,935,1121 'app-log':486 'appropri':422 'apt':1408,1422 'ask':49,736 'auth':337 'authent':305 'avail':219,229,512,523,764,783 'avoid':751 'aw':43,120,338,344,347,353,355,358,1375,1388,1392,1448 'b':639 'backend':139,164,185,212,271,274,370,373,383,390,424,435,447,456,460,473,496,534,539,549,558,570,578,725,1118,1215,1329,1349,1362,1431 'backend-specif':423 'bad':1440 'base':326 'bash':380,381,442,448,457,470,493,524,531,536,546,555,566,567,575 'basic':333 'bearer':302,335 'begin':1191 'beyond':83 'bool':477,954,977,1005 'boolean':949 'brew':1412,1426 'broad':1324 'build':644,1226 'cach':76 'cannot':1290 'caus':619,733,1173,1359 'chain':627,844 'channel':718 'charact':749 'check':108,369,374,1194,1214,1242,1247,1433,1442 'checkout':194,464,484,500,574,654,914,961,1012,1043,1047,1067,1097,1122,1150,1159,1170,1182,1203 'chronolog':649 'chunk':799 'cli':1376,1393 'cloudwatch':11,21,44,118,245,339,361,497,551,559,579,1033,1355 'code':1018 'command':1389,1402,1416 'common':908,999,1087,1209,1240 'compact':721 'compar':1265 'comparison':1059 'complex':1342 'compon':762,780 'compound':1068 'confidenti':92 'configur':216,272,286,379,392,446,1363,1374 'connect':665,671,1189,1196,1429 'connectiontimeout':1151 'consid':1346 'consumpt':1313 'contain':66,178,851,859,1040,1044,1082 'content':82 'convers':86,712 'convert':413 'correl':251,629,1225 'count':613,1136 'creat':1294 'credenti':354,1441,1449 'critic':411 'curl':1401,1405,1410,1414 'current':85 'd':902,903,904,905 'data':62,74 'databas':664,1188,1195,1244 'db':1160 'debug':839,870 'default':590,1299 'delet':30,1291 'deliveri':706 'depend':626,642 'deploy':1201,1252,1260,1263,1271 'desc':969 'descript':290,322,343 'detail':742 'discord':704,717,761 'discov':520 'dispatch':441 'dive':3,33,154 'docs.aws.amazon.com':1399 'docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html':1398 'dsl':19,941 'dump':689,752 'durat':931,1060,1062,1237 'e.g':297,328 'earliest':623 'elasticsearch':9,114,223,318,323,330,474,543,550,939,1371,1445 'elasticsearch/opensearch':41 'english':52 'entri':1131,1296,1303 'env':1365 'environ':276,397 'error':124,127,190,243,252,465,481,499,608,612,624,633,729,769,773,849,852,862,910,915,918,948,958,997,1001,1009,1039,1041,1042,1045,1052,1065,1072,1074,1089,1090,1091,1095,1123,1132,1134,1218,1257,1266,1275,1358 'es':18 'es.internal:9200':329 'event':648 'exact':830 'exampl':186 'except':205,937,1102,1103 'exec':159 'exhaust':668,677 'explicit':155 'extern':1249 'extract':698,907 'fals':172 'field':892,1023,1054 'file':170,175 'filter':22,824,842,889,974,982,1034,1049,1309 'find':103,126,189,240,616,703,809 'firewal':1436 'first':724,745,758,1137,1179 'fix':1360 'flag':1273 'follow':134,364,565,788,797 'follow-up':787,796 'format':1106 'found':1379,1391,1404,1418 'frequent':65 'full':741 'gateway':249 'grafana':1353 'grafana.com':1386 'grafana.com/docs/loki/latest/tools/logcli/':1385 'group':123,503,554,582,610,808 'gte':985,1019 'happen':129,263,714 'header':313 'healthcheck':855,966,1079 'http':919,1013,1098,1161 'http.status':1017 'hypothesi':734 'id':308,350 'identifi':606,1239 'incid':147,722,1211 'includ':765 'index':485 'indic':144,221,545,548,557 'insight':1356 'instal':1382,1383,1395,1396,1407,1409,1413,1421,1423,1427 'intent':727 'interfac':48 'inventori':686 'investig':1231,1316 'involv':149 'jq':1415,1419,1424,1428 'json':386,880,882,886,916,923,930,944,952,975,993,1048,1053 'keep':743 'key':349 'kibana':116,1354 'label':146,228,527,529,533,538,541 'languag':13,60,418,430,811 'larger':1315 'last':198,1126,1139 'level':917,1051,1064,1094 'limit':468,491,507,588,1277,1300 'line':755,801,850,856,867 'list':218,511,526,544,552,793 'live':136,564 'log':2,5,31,32,35,38,64,81,89,102,105,106,110,115,119,121,122,125,133,135,137,138,141,143,145,150,153,176,184,191,211,220,238,340,488,502,553,563,581,601,691,754,877,883,1115,1288,1295,1304,1328 'log-div':1,152 'log-group':501,580 'logc':113,1377,1380 'logfmt':895,897 'logql':17,112,813,815 'loki':8,40,111,231,287,291,294,299,306,461,525,535,540,571,814,1119,1369,1443 'loki.internal:3100':298 'look':620 'lte':989 'machin':1335 'markdown':1114 'match':479,482,831,837,841,865,943,946,956,959,964,979,1007,1010,1038,1055 'max':669 'may':177,279,517 'mention':100,637 'messag':480,759,803,947,957,965,980,996,1008 'metadata':875 'minut':200,1128 'mode':707 'modifi':28,1292 'multi':311 'multi-ten':310 'multipl':1318 'must':478,604,955,962,978,1006,1330 'myapp':829,848,854,861,869,879,885,894,899,936 'namespac':832 'nativ':1351 'natur':12,417 'need':518 'negat':840,872,1069 'network':180,1326 'never':27,75,173,688 'new':1274 'note':640 'now-30m':986 'nullpointerexcept':1142,1180 'number':792 'numer':1058 'occurr':614 'one':281,1323 'openclaw':708,1337 'opensearch':117,319 'option':452 'order':647 'orgid':317 'output':90,387,602,692,1105,1297,1305 'p':901 'pars':384,876,881,891,896 'part':818 'pass':436 'password':70 'pattern':23,699,774,909,1000,1035,1050,1088,1241 'payment':236,259,1171 'payment-servic':235,258 'per':802 'percentil':1344 'perform':1230 'period':1272 'permiss':156,158 'pii':67 'pipelin':825,843 'plain':51 'pool':666,676,1197 'power':1205,1450 'pre':1270,1308 'pre-deploy':1269 'pre-filt':1307 'prefer':794,1027 'present':701,1108 'prod':833 'product':265 'profil':345 'prompt':187 'provid':784 'queri':14,59,182,407,426,429,438,451,462,475,476,498,572,683,726,778,810,940,945,950,953,976,994,1004,1015,1029,1120,1246,1320,1325 'quick':766 'rang':973,983,1016,1125 'rate':1267,1345 'rather':1321 'raw':80,690,753 'reachabl':1332 'read':25,166,168,1279,1287 'read-on':24,1278 'receiv':600 'recent':1200 'recommend':1192,1228 'reduc':1311 'refer':431,812 'refus':1430 'regex':836,864,873,906,992 'regexp':900,995 'region':356,359 'relat':776 'remot':183 'repeat':79 'request':419,927,1236 'requir':161,289,321,342 'respons':746 'result':594,598,1110,1117,1129 'return':657 'review':1199 'right':58 'root':618,732,1172 'root-caus':731 'rule':1437 'run':163,371,585,775,1336 'scope':316 'script':165,169 'search':6,36,37,101,107,202,443,450,453,459,472,495,515,1109,1116,1216,1222,1233,1255,1285 'secret':68,179 'see':376 'seen':1138,1140 'selector':821,827,846 'send':719 'sensit':61,73 'sequenc':366 'server':295 'servic':131,195,208,237,256,260,483,631,635,638,655,687,777,912,1003,1066,1093,1096,1141,1183,1204,1221,1224,1250,1261 'service.name':960,1011 'set':400,1198,1367,1368 'share':805 'short':795 'show':225,768,771 'similar':611 'simpl':942,1028,1036 'sinc':466,489,505,1262 'singl':47 'size':970,1298 'skill':54,95,1282 'skill-log-dive' 'slow':682,926,1235,1245 'sort':967 'sourc':142 'source-cacheforge-ai' 'specif':425,455 'stack':933 'standard':352 'start':656 'status':887,924 'statuscod':1056,1100 'step':367,401,412,509,560,595 'store':77 'stream':593,820,826,1339 'structur':702,874,1113 'summar':651,697 'summari':723,1133 'tail':132,233,562,569,577,584 'target':513,1319 'tell':393 'tenant':307,312 'term':1078,1086 'text':1037 'three':285 'threshold':1063 'time':589,972,1124,1264 'timelin':646,770,806,1227 'timeout':204,981,998,1073,1076,1190,1251 'timestamp':968,984 'today':270 'token':69,300,303,331,1312,1444,1446 'top':728,772 'topic-agent-skills' 'topic-ai-agents' 'topic-cacheforge' 'topic-clawhub' 'topic-devops' 'topic-discord-v2' 'topic-kubernetes' 'topic-openclaw' 'topic-prometheus' 'trace':625,871,934 'translat':15,55,403 'treat':87 'triag':148,1212 'trigger':679 'troubleshoot':1357 'true':160,167,181 'two':282,817 'type':609,730,1135,1276 'ui':1352 'unauthor':1439 'unifi':4,34 'uniqu':607 'unreach':1432 'up':789 'upstream/downstream':1223 'url':296,324,327,1372,1434 'use':275,427,674,1024,1032,1083,1111,1317,1347 'user':99,255,278,395,405,415,695,739 'user-servic':254 'v2':705 'v2026.2.14':709 'valu':530 'var':1366 'variabl':277,288,320,341,398 'verif':1253 'vpn':1435 'want':740 'warn':63,863 'wildcard':991,1071 'workflow':363,1210 'write':171,174 'x':315 'x-scope-orgid':314 'yaml':157 'yes':293,325,351,357","prices":[{"id":"2880fdcb-6eb8-4a27-8043-f8fdd6aee7eb","listingId":"c03d667d-6b3a-41d1-b370-1f93ab2e5e30","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"cacheforge-ai","category":"cacheforge-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:14:38.335Z"}],"sources":[{"listingId":"c03d667d-6b3a-41d1-b370-1f93ab2e5e30","source":"github","sourceId":"cacheforge-ai/cacheforge-skills/log-dive","sourceUrl":"https://github.com/cacheforge-ai/cacheforge-skills/tree/main/skills/log-dive","isPrimary":false,"firstSeenAt":"2026-05-18T13:14:38.335Z","lastSeenAt":"2026-05-18T19:09:04.412Z"}],"details":{"listingId":"c03d667d-6b3a-41d1-b370-1f93ab2e5e30","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"cacheforge-ai","slug":"log-dive","github":{"repo":"cacheforge-ai/cacheforge-skills","stars":8,"topics":["agent-skills","ai-agents","cacheforge","clawhub","devops","discord-v2","kubernetes","openclaw","prometheus"],"license":"mit","html_url":"https://github.com/cacheforge-ai/cacheforge-skills","pushed_at":"2026-02-22T20:49:48Z","description":"⚡ SOTA agent skills for OpenClaw — observability, security, code quality, incident response, and more. Built by Anvil AI.","skill_md_sha":"ad1f922d72d931f17aa59c00cbeb94a39d39a317","skill_md_path":"skills/log-dive/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/cacheforge-ai/cacheforge-skills/tree/main/skills/log-dive"},"layout":"multi","source":"github","category":"cacheforge-skills","frontmatter":{"name":"log-dive","description":"Unified log search across Loki, Elasticsearch, and CloudWatch. Natural language queries translated to LogQL, ES DSL, or CloudWatch filter patterns. Read-only. Never modifies or deletes logs."},"skills_sh_url":"https://skills.sh/cacheforge-ai/cacheforge-skills/log-dive"},"updatedAt":"2026-05-18T19:09:04.412Z"}}