mshegolev/kibana-mcp

mshegolev/kibana-mcp

MCP server for Kibana / Elasticsearch — log search, aggregations, index discovery, and dashboard browsing. Hits Elasticsearch REST API directly for log queries; falls back to Kibana Console proxy when no direct ES URL is configured. Supports ApiKey auth (best for agents), Basic auth, and anonymous access. All 5 tools are read-only (readOnlyHint: true). Returns structured JSON (outputSchema).

Category
Visit Server

README

kibana-mcp

<!-- mcp-name: io.github.mshegolev/kibana-mcp -->

PyPI version Python 3.10+ License: MIT Tests

MCP server for Kibana / Elasticsearch — log search, aggregations, index discovery, and dashboard browsing via Claude and any MCP-compatible agent.

Why another Kibana MCP?

Existing integrations require a running Kibana instance with browser-level credentials and often wrap the Kibana UI rather than the stable REST APIs. This server:

  • Hits Elasticsearch REST API directly for log queries (faster, stable across Kibana UI changes)
  • Falls back to the Kibana Console proxy when no direct ES URL is configured (zero extra firewall rules)
  • Supports ApiKey auth (best for agents) as well as Basic auth and anonymous access
  • Returns both structured JSON (outputSchema) and markdown text so it works with any MCP client
  • Is read-only — all tools carry readOnlyHint: true, no data is modified

Tools

Tool API Description
kibana_list_indices GET ES/_cat/indices Discover available indices with health, docs, size
kibana_search_logs POST ES/{index}/_search Full-text log search with time range, sort, size
kibana_aggregate_logs POST ES/{index}/_search Terms grouping with count/avg/sum/min/max metric
kibana_list_dashboards GET Kibana/api/saved_objects/_find List saved dashboards with search + pagination
kibana_get_dashboard GET Kibana/api/saved_objects/dashboard/{id} Fetch one dashboard with panel breakdown

Installation

pip install kibana-mcp

Or run directly with uvx:

uvx kibana-mcp

Configuration

Environment Variables

Variable Required Description
KIBANA_URL Yes Kibana base URL (e.g. https://kibana.example.com)
ELASTICSEARCH_URL No Direct ES endpoint. If unset, ES requests go through Kibana Console proxy
KIBANA_API_KEY No ES API key (ApiKey base64(id:api_key) format). Recommended for agents
KIBANA_USERNAME No HTTP Basic auth username (used if API key not set)
KIBANA_PASSWORD No HTTP Basic auth password
KIBANA_SSL_VERIFY No true (default) or false for self-signed certificates

Auth priority: ApiKey > Basic > anonymous.

Copy .env.example to .env and fill in your values.

MCP Client Configuration (Claude Desktop / claude.app)

{
  "mcpServers": {
    "kibana": {
      "command": "uvx",
      "args": ["kibana-mcp"],
      "env": {
        "KIBANA_URL": "https://kibana.example.com",
        "KIBANA_API_KEY": "your-api-key-here"
      }
    }
  }
}

Or with direct ES access for better performance:

{
  "mcpServers": {
    "kibana": {
      "command": "uvx",
      "args": ["kibana-mcp"],
      "env": {
        "KIBANA_URL": "https://kibana.example.com",
        "ELASTICSEARCH_URL": "https://es.example.com:9200",
        "KIBANA_API_KEY": "your-api-key-here"
      }
    }
  }
}

Docker

docker run --rm -i \
  -e KIBANA_URL=https://kibana.example.com \
  -e KIBANA_API_KEY=your-key \
  ghcr.io/mshegolev/kibana-mcp

Usage Examples

Log Search

Find the last 50 ERROR logs from the API service in the last hour

kibana_search_logs(index="logs-*", query="level:ERROR AND service:api", size=50, time_from="2026-04-18T09:00:00Z")

Show 500 HTTP errors sorted oldest first for incident replay

kibana_search_logs(index="nginx-*", query="status:500", sort_order="asc", size=100)

Aggregations

How many logs per log level in the last hour?

kibana_aggregate_logs(index="logs-*", group_by="level", time_from="2026-04-18T09:00:00Z")

What is the average response time per service?

kibana_aggregate_logs(index="logs-*", group_by="service.keyword", metric="avg", metric_field="response_time_ms")

Index Discovery

What log indices are available?

kibana_list_indices()

Show me all filebeat indices

kibana_list_indices(pattern="filebeat-*")

Dashboards

Find the infrastructure dashboard

kibana_list_dashboards(search="infrastructure")

What panels does dashboard X have?

kibana_get_dashboard(dashboard_id="<id from list_dashboards>")

Performance Characteristics

  • Log search (kibana_search_logs): typically 50-500ms with direct ES URL; add 100-200ms when routing through Kibana Console proxy
  • Aggregations (kibana_aggregate_logs): size:0 queries — no hits transferred, usually 10-100ms
  • Index listing: single _cat/indices call, O(index_count) response, typically <100ms
  • Dashboard APIs: Kibana Saved Objects API, typically 50-200ms; latency is Kibana-side, not network
  • Set ELASTICSEARCH_URL directly if your agent does frequent log searches — eliminates the proxy overhead

Development

git clone https://github.com/mshegolev/kibana-mcp
cd kibana-mcp
pip install -e '.[dev]'
pytest tests/ -v
ruff check src tests
ruff format src tests

License

MIT — see LICENSE.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured