{"id":"5e4b47fc-7eb7-44bd-85d8-d0a0111d6020","shortId":"zvSmqw","kind":"skill","title":"pilot-log-analytics-setup","tagline":"Deploy a log analytics system with 4 agents for collection, parsing, alerting, and visualization. Use this skill when: 1. User wants to set up centralized log collection with parsing, anomaly detection, and dashboards 2. User is configuring agents for log aggregation, error patt","description":"# Log Analytics Setup\n\nDeploy 4 agents: collector, parser, alerter, and dashboard.\n\n## Roles\n\n| Role | Hostname | Skills | Purpose |\n|------|----------|--------|---------|\n| collector | `-collector` | pilot-stream-data, pilot-archive, pilot-compress | Aggregates logs from servers, containers, apps; normalizes formats |\n| parser | `-parser` | pilot-event-filter, pilot-task-router, pilot-dataset | Extracts structured fields, parses stack traces, identifies patterns |\n| alerter | `-alerter` | pilot-alert, pilot-metrics, pilot-cron | Detects log spikes, error rate anomalies, fires alerts |\n| dashboard | `-dashboard` | pilot-webhook-bridge, pilot-slack-bridge, pilot-announce | Search, visualization, drill-down, and report generation |\n\n## Setup Procedure\n\n**Step 1:** Ask the user which role this agent should play and what prefix to use.\n\n**Step 2:** Install the skills for the chosen role:\n```bash\n# For collector:\nclawhub install pilot-stream-data pilot-archive pilot-compress\n# For parser:\nclawhub install pilot-event-filter pilot-task-router pilot-dataset\n# For alerter:\nclawhub install pilot-alert pilot-metrics pilot-cron\n# For dashboard:\nclawhub install pilot-webhook-bridge pilot-slack-bridge pilot-announce\n```\n\n**Step 3:** Set the hostname:\n```bash\npilotctl --json set-hostname -\n```\n\n**Step 4:** Write the setup manifest:\n```bash\nmkdir -p ~/.pilot/setups\ncat > ~/.pilot/setups/log-analytics.json << 'MANIFEST'\n\nMANIFEST\n```\n\n**Step 5:** Tell the user to initiate handshakes with direct communication peers.\n\n## Manifest Templates Per Role\n\n### collector\n```json\n{\n \"setup\": \"log-analytics\", \"setup_name\": \"Log Analytics\",\n \"role\": \"collector\", \"role_name\": \"Log Collector\",\n \"hostname\": \"-collector\",\n \"description\": \"Aggregates logs from servers, containers, and applications. Normalizes formats.\",\n \"skills\": {\"pilot-stream-data\": \"Ingest log streams from multiple sources in real time.\", \"pilot-archive\": \"Archive raw logs for retention and forensic analysis.\", \"pilot-compress\": \"Compress high-volume log batches before transmission.\"},\n \"peers\": [{\"role\": \"parser\", \"hostname\": \"-parser\", \"description\": \"Receives raw normalized logs\"}],\n \"data_flows\": [{\"direction\": \"send\", \"peer\": \"-parser\", \"port\": 1002, \"topic\": \"raw-log\", \"description\": \"Raw normalized logs from all sources\"}],\n \"handshakes_needed\": [\"-parser\"]\n}\n```\n\n### parser\n```json\n{\n \"setup\": \"log-analytics\", \"setup_name\": \"Log Analytics\",\n \"role\": \"parser\", \"role_name\": \"Log Parser\",\n \"hostname\": \"-parser\",\n \"description\": \"Extracts structured fields, parses stack traces, identifies error patterns.\",\n \"skills\": {\"pilot-event-filter\": \"Filter noise, deduplicate, and normalize log events.\", \"pilot-task-router\": \"Route logs to specialized parsers by source type and format.\", \"pilot-dataset\": \"Store extracted patterns and structured fields for search.\"},\n \"peers\": [{\"role\": \"collector\", \"hostname\": \"-collector\", \"description\": \"Sends raw logs\"}, {\"role\": \"alerter\", \"hostname\": \"-alerter\", \"description\": \"Receives parsed events\"}],\n \"data_flows\": [{\"direction\": \"receive\", \"peer\": \"-collector\", \"port\": 1002, \"topic\": \"raw-log\", \"description\": \"Raw normalized logs from all sources\"}, {\"direction\": \"send\", \"peer\": \"-alerter\", \"port\": 1002, \"topic\": \"parsed-event\", \"description\": \"Parsed events with structured fields and severity\"}],\n \"handshakes_needed\": [\"-collector\", \"-alerter\"]\n}\n```\n\n### alerter\n```json\n{\n \"setup\": \"log-analytics\", \"setup_name\": \"Log Analytics\",\n \"role\": \"alerter\", \"role_name\": \"Anomaly Alerter\",\n \"hostname\": \"-alerter\",\n \"description\": \"Detects log spikes, error rate anomalies, and novel error patterns. Fires alerts.\",\n \"skills\": {\"pilot-alert\": \"Fire alerts when error rates or log volumes breach thresholds.\", \"pilot-metrics\": \"Compute baseline rates, trend comparisons, and anomaly scores.\", \"pilot-cron\": \"Run scheduled anomaly scans over rolling time windows.\"},\n \"peers\": [{\"role\": \"parser\", \"hostname\": \"-parser\", \"description\": \"Sends parsed events\"}, {\"role\": \"dashboard\", \"hostname\": \"-dashboard\", \"description\": \"Receives anomaly alerts\"}],\n \"data_flows\": [{\"direction\": \"receive\", \"peer\": \"-parser\", \"port\": 1002, \"topic\": \"parsed-event\", \"description\": \"Parsed events with structured fields\"}, {\"direction\": \"send\", \"peer\": \"-dashboard\", \"port\": 1002, \"topic\": \"anomaly-alert\", \"description\": \"Anomaly alerts with context and baseline comparisons\"}],\n \"handshakes_needed\": [\"-parser\", \"-dashboard\"]\n}\n```\n\n### dashboard\n```json\n{\n \"setup\": \"log-analytics\", \"setup_name\": \"Log Analytics\",\n \"role\": \"dashboard\", \"role_name\": \"Log Dashboard\",\n \"hostname\": \"-dashboard\",\n \"description\": \"Provides search, visualization, and drill-down into log data. Generates reports.\",\n \"skills\": {\"pilot-webhook-bridge\": \"Forward reports to external dashboards and monitoring tools.\", \"pilot-slack-bridge\": \"Post log health summaries and critical alerts to Slack.\", \"pilot-announce\": \"Broadcast periodic log health reports to subscribers.\"},\n \"peers\": [{\"role\": \"alerter\", \"hostname\": \"-alerter\", \"description\": \"Sends anomaly alerts\"}],\n \"data_flows\": [{\"direction\": \"receive\", \"peer\": \"-alerter\", \"port\": 1002, \"topic\": \"anomaly-alert\", \"description\": \"Anomaly alerts with context and baselines\"}, {\"direction\": \"send\", \"peer\": \"external\", \"port\": 443, \"topic\": \"log-report\", \"description\": \"Log reports to dashboards and Slack channels\"}],\n \"handshakes_needed\": [\"-alerter\"]\n}\n```\n\n## Data Flows\n\n- `collector -> parser` : raw-log events from all sources (port 1002)\n- `parser -> alerter` : parsed-event with structured fields and severity (port 1002)\n- `alerter -> dashboard` : anomaly-alert with context and baselines (port 1002)\n- `dashboard -> external` : log-report via webhooks and Slack (port 443)\n\n## Handshakes\n\n```bash\n# collector <-> parser:\npilotctl --json handshake -parser \"setup: log-analytics\"\npilotctl --json handshake -collector \"setup: log-analytics\"\n# parser <-> alerter:\npilotctl --json handshake -alerter \"setup: log-analytics\"\npilotctl --json handshake -parser \"setup: log-analytics\"\n# alerter <-> dashboard:\npilotctl --json handshake -dashboard \"setup: log-analytics\"\npilotctl --json handshake -alerter \"setup: log-analytics\"\n```\n\n## Workflow Example\n\n```bash\n# On collector -- publish raw log:\npilotctl --json publish -parser raw-log '{\"source\":\"nginx-prod-01\",\"level\":\"error\",\"message\":\"upstream timed out\"}'\n# On parser -- publish parsed event:\npilotctl --json publish -alerter parsed-event '{\"pattern_id\":\"NGINX-TIMEOUT-001\",\"level\":\"error\",\"occurrences_1h\":47}'\n# On alerter -- publish anomaly alert:\npilotctl --json publish -dashboard anomaly-alert '{\"alert_id\":\"ALR-7829\",\"type\":\"error_spike\",\"severity\":\"critical\",\"current_rate\":47,\"baseline_rate\":3}'\n# On dashboard -- publish log report:\npilotctl --json publish -dashboard log-report '{\"period\":\"2026-04-09T15:00Z/PT1H\",\"errors\":1290,\"anomalies_detected\":2}'\n```\n\n## Dependencies\n\nRequires `pilot-protocol` skill, `pilotctl` binary, `clawhub` binary, and a running daemon.","tags":["pilot","log","analytics","setup","skills","teoslayer","agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network"],"capabilities":["skill","source-teoslayer","skill-pilot-log-analytics-setup","topic-agent-skills","topic-ai-agents","topic-clawhub","topic-networking","topic-openclaw","topic-overlay-network","topic-p2p","topic-pilot-protocol"],"categories":["pilot-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/TeoSlayer/pilot-skills/pilot-log-analytics-setup","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add TeoSlayer/pilot-skills","source_repo":"https://github.com/TeoSlayer/pilot-skills","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 6 github stars · SKILL.md body (7,348 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:14:57.661Z","embedding":null,"createdAt":"2026-05-18T13:22:43.149Z","updatedAt":"2026-05-18T19:14:57.661Z","lastSeenAt":"2026-05-18T19:14:57.661Z","tsv":"'-04':924 '-09':925 '-7829':898 '/.pilot/setups':251 '/.pilot/setups/log-analytics.json':253 '001':877 '00z/pt1h':927 '01':853 '1':24,149 '1002':353,457,474,582,598,698,743,755,766 '1290':929 '1h':881 '2':39,165,932 '2026':923 '3':232,909 '4':12,53,243 '443':715,777 '47':882,906 '5':257 'agent':13,43,54,156 'aggreg':46,77,291 'alert':17,57,106,107,110,124,204,209,443,445,472,490,491,502,506,508,521,525,527,574,602,605,669,684,686,690,696,702,705,730,745,756,760,799,803,816,829,868,884,887,894,895 'alr':897 'analysi':324 'analyt':4,9,50,277,281,373,377,496,500,620,624,789,797,807,815,825,833 'announc':137,230,674 'anomali':35,122,505,515,545,552,573,601,604,689,701,704,759,886,893,930 'anomaly-alert':600,700,758,892 'app':82 'applic':297 'archiv':73,184,316,317 'ask':150 'baselin':540,609,709,764,907 'bash':173,236,248,779,836 'batch':333 'binari':940,942 'breach':534 'bridg':130,134,223,227,650,662 'broadcast':675 'cat':252 'central':30 'channel':727 'chosen':171 'clawhub':176,190,205,218,941 'collect':15,32 'collector':55,65,66,175,272,283,287,289,435,437,455,489,733,780,793,838 'communic':266 'comparison':543,610 'compress':76,187,327,328 'comput':539 'configur':42 'contain':81,295 'context':607,707,762 'critic':668,903 'cron':116,215,549 'current':904 'daemon':946 'dashboard':38,59,125,126,217,568,570,596,614,615,626,630,632,655,724,757,767,817,821,891,911,918 'data':70,181,304,346,450,575,643,691,731 'dataset':97,202,424 'dedupl':403 'depend':933 'deploy':6,52 'descript':290,341,358,386,438,446,462,479,509,563,571,587,603,633,687,703,720 'detect':36,117,510,931 'direct':265,348,452,469,577,593,693,710 'drill':141,639 'drill-down':140,638 'error':47,120,394,513,518,529,855,879,900,928 'event':89,194,399,407,449,478,481,566,586,589,738,748,864,871 'exampl':835 'extern':654,713,768 'extract':98,387,426 'field':100,389,430,484,592,751 'filter':90,195,400,401 'fire':123,520,526 'flow':347,451,576,692,732 'forens':323 'format':84,299,421 'forward':651 'generat':145,644 'handshak':263,365,487,611,728,778,784,792,802,810,820,828 'health':665,678 'high':330 'high-volum':329 'hostnam':62,235,241,288,339,384,436,444,507,561,569,631,685 'id':873,896 'identifi':104,393 'ingest':305 'initi':262 'instal':166,177,191,206,219 'json':238,273,369,492,616,783,791,801,809,819,827,843,866,889,916 'level':854,878 'log':3,8,31,45,49,78,118,276,280,286,292,306,319,332,345,357,361,372,376,382,406,413,441,461,465,495,499,511,532,619,623,629,642,664,677,718,721,737,770,788,796,806,814,824,832,841,848,913,920 'log-analyt':275,371,494,618,787,795,805,813,823,831 'log-report':717,769,919 'manifest':247,254,255,268 'messag':856 'metric':113,212,538 'mkdir':249 'monitor':657 'multipl':309 'name':279,285,375,381,498,504,622,628 'need':366,488,612,729 'nginx':851,875 'nginx-prod':850 'nginx-timeout':874 'nois':402 'normal':83,298,344,360,405,464 'novel':517 'occurr':880 'p':250 'pars':16,34,101,390,448,477,480,565,585,588,747,863,870 'parsed-ev':476,584,746,869 'parser':56,85,86,189,338,340,351,367,368,379,383,385,416,560,562,580,613,734,744,781,785,798,811,845,861 'patt':48 'pattern':105,395,427,519,872 'peer':267,336,350,433,454,471,558,579,595,682,695,712 'per':270 'period':676,922 'pilot':2,68,72,75,88,92,96,109,112,115,128,132,136,179,183,186,193,197,201,208,211,214,221,225,229,302,315,326,398,409,423,524,537,548,648,660,673,936 'pilot-alert':108,207,523 'pilot-announc':135,228,672 'pilot-arch':71,182,314 'pilot-compress':74,185,325 'pilot-cron':114,213,547 'pilot-dataset':95,200,422 'pilot-event-filt':87,192,397 'pilot-log-analytics-setup':1 'pilot-metr':111,210,536 'pilot-protocol':935 'pilot-slack-bridg':131,224,659 'pilot-stream-data':67,178,301 'pilot-task-rout':91,196,408 'pilot-webhook-bridg':127,220,647 'pilotctl':237,782,790,800,808,818,826,842,865,888,915,939 'play':158 'port':352,456,473,581,597,697,714,742,754,765,776 'post':663 'prefix':161 'procedur':147 'prod':852 'protocol':937 'provid':634 'publish':839,844,862,867,885,890,912,917 'purpos':64 'rate':121,514,530,541,905,908 'raw':318,343,356,359,440,460,463,736,840,847 'raw-log':355,459,735,846 'real':312 'receiv':342,447,453,572,578,694 'report':144,645,652,679,719,722,771,914,921 'requir':934 'retent':321 'role':60,61,154,172,271,282,284,337,378,380,434,442,501,503,559,567,625,627,683 'roll':555 'rout':412 'router':94,199,411 'run':550,945 'scan':553 'schedul':551 'score':546 'search':138,432,635 'send':349,439,470,564,594,688,711 'server':80,294 'set':28,233,240 'set-hostnam':239 'setup':5,51,146,246,274,278,370,374,493,497,617,621,786,794,804,812,822,830 'sever':486,753,902 'skill':22,63,168,300,396,522,646,938 'skill-pilot-log-analytics-setup' 'slack':133,226,661,671,726,775 'sourc':310,364,418,468,741,849 'source-teoslayer' 'special':415 'spike':119,512,901 'stack':102,391 'step':148,164,231,242,256 'store':425 'stream':69,180,303,307 'structur':99,388,429,483,591,750 'subscrib':681 'summari':666 'system':10 't15':926 'task':93,198,410 'tell':258 'templat':269 'threshold':535 'time':313,556,858 'timeout':876 'tool':658 'topic':354,458,475,583,599,699,716 'topic-agent-skills' 'topic-ai-agents' 'topic-clawhub' 'topic-networking' 'topic-openclaw' 'topic-overlay-network' 'topic-p2p' 'topic-pilot-protocol' 'trace':103,392 'transmiss':335 'trend':542 'type':419,899 'upstream':857 'use':20,163 'user':25,40,152,260 'via':772 'visual':19,139,636 'volum':331,533 'want':26 'webhook':129,222,649,773 'window':557 'workflow':834 'write':244","prices":[{"id":"211bf7a2-43c6-484e-b166-e83b7fb2229d","listingId":"5e4b47fc-7eb7-44bd-85d8-d0a0111d6020","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"TeoSlayer","category":"pilot-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:22:43.149Z"}],"sources":[{"listingId":"5e4b47fc-7eb7-44bd-85d8-d0a0111d6020","source":"github","sourceId":"TeoSlayer/pilot-skills/pilot-log-analytics-setup","sourceUrl":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-log-analytics-setup","isPrimary":false,"firstSeenAt":"2026-05-18T13:22:43.149Z","lastSeenAt":"2026-05-18T19:14:57.661Z"}],"details":{"listingId":"5e4b47fc-7eb7-44bd-85d8-d0a0111d6020","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"TeoSlayer","slug":"pilot-log-analytics-setup","github":{"repo":"TeoSlayer/pilot-skills","stars":6,"topics":["agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network","p2p","pilot-protocol"],"license":"agpl-3.0","html_url":"https://github.com/TeoSlayer/pilot-skills","pushed_at":"2026-05-13T06:08:49Z","description":"80+ agent skills for Pilot Protocol — communication, file transfer, trust, task routing, swarm coordination, and more","skill_md_sha":"ca44e6b1781c8cd00d9ead74396b44abedd851b2","skill_md_path":"skills/pilot-log-analytics-setup/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-log-analytics-setup"},"layout":"multi","source":"github","category":"pilot-skills","frontmatter":{"name":"pilot-log-analytics-setup","license":"AGPL-3.0","description":"Deploy a log analytics system with 4 agents for collection, parsing, alerting, and visualization. Use this skill when: 1. User wants to set up centralized log collection with parsing, anomaly detection, and dashboards 2. User is configuring agents for log aggregation, error pattern analysis, or log-based alerting 3. User asks about log pipelines, anomaly detection on logs, or log visualization across agents Do NOT use this skill when: - User wants to stream a single data feed (use pilot-stream-data instead) - User wants to set a one-off alert (use pilot-alert instead) - User only needs event filtering (use pilot-event-filter instead)"},"skills_sh_url":"https://skills.sh/TeoSlayer/pilot-skills/pilot-log-analytics-setup"},"updatedAt":"2026-05-18T19:14:57.661Z"}}