MCP server for Kibana / Elasticsearch — log search, aggregations, index discovery, dashboards.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mshegolev from gravatar.com mshegolev

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Mikhail Shchegolev
  • Tags anthropic , claude , elasticsearch , kibana , logs , mcp , observability
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

kibana-mcp

PyPI version Python 3.10+ License: MIT Tests

MCP server for Kibana / Elasticsearch — log search, aggregations, index discovery, and dashboard browsing via Claude and any MCP-compatible agent.

Why another Kibana MCP?

Existing integrations require a running Kibana instance with browser-level credentials and often wrap the Kibana UI rather than the stable REST APIs. This server:

  • Hits Elasticsearch REST API directly for log queries (faster, stable across Kibana UI changes)
  • Falls back to the Kibana Console proxy when no direct ES URL is configured (zero extra firewall rules)
  • Supports ApiKey auth (best for agents) as well as Basic auth and anonymous access
  • Returns both structured JSON (outputSchema) and markdown text so it works with any MCP client
  • Is read-only — all tools carry readOnlyHint: true, no data is modified

Tools

Tool API Description
kibana_list_indices GET ES/_cat/indices Discover available indices with health, docs, size
kibana_search_logs POST ES/{index}/_search Full-text log search with time range, sort, size
kibana_aggregate_logs POST ES/{index}/_search Terms grouping with count/avg/sum/min/max metric
kibana_list_dashboards GET Kibana/api/saved_objects/_find List saved dashboards with search + pagination
kibana_get_dashboard GET Kibana/api/saved_objects/dashboard/{id} Fetch one dashboard with panel breakdown

Installation

pip install kibana-mcp

Or run directly with uvx:

uvx kibana-mcp

Configuration

Environment Variables

Variable Required Description
KIBANA_URL Yes Kibana base URL (e.g. https://kibana.example.com)
ELASTICSEARCH_URL No Direct ES endpoint. If unset, ES requests go through Kibana Console proxy
KIBANA_API_KEY No ES API key (ApiKey base64(id:api_key) format). Recommended for agents
KIBANA_USERNAME No HTTP Basic auth username (used if API key not set)
KIBANA_PASSWORD No HTTP Basic auth password
KIBANA_SSL_VERIFY No true (default) or false for self-signed certificates

Auth priority: ApiKey > Basic > anonymous.

Copy .env.example to .env and fill in your values.

MCP Client Configuration (Claude Desktop / claude.app)

{
  "mcpServers": {
    "kibana": {
      "command": "uvx",
      "args": ["kibana-mcp"],
      "env": {
        "KIBANA_URL": "https://kibana.example.com",
        "KIBANA_API_KEY": "your-api-key-here"
      }
    }
  }
}

Or with direct ES access for better performance:

{
  "mcpServers": {
    "kibana": {
      "command": "uvx",
      "args": ["kibana-mcp"],
      "env": {
        "KIBANA_URL": "https://kibana.example.com",
        "ELASTICSEARCH_URL": "https://es.example.com:9200",
        "KIBANA_API_KEY": "your-api-key-here"
      }
    }
  }
}

Docker

docker run --rm -i \
  -e KIBANA_URL=https://kibana.example.com \
  -e KIBANA_API_KEY=your-key \
  ghcr.io/mshegolev/kibana-mcp

Usage Examples

Log Search

Find the last 50 ERROR logs from the API service in the last hour

kibana_search_logs(index="logs-*", query="level:ERROR AND service:api", size=50, time_from="2026-04-18T09:00:00Z")

Show 500 HTTP errors sorted oldest first for incident replay

kibana_search_logs(index="nginx-*", query="status:500", sort_order="asc", size=100)

Aggregations

How many logs per log level in the last hour?

kibana_aggregate_logs(index="logs-*", group_by="level", time_from="2026-04-18T09:00:00Z")

What is the average response time per service?

kibana_aggregate_logs(index="logs-*", group_by="service.keyword", metric="avg", metric_field="response_time_ms")

Index Discovery

What log indices are available?

kibana_list_indices()

Show me all filebeat indices

kibana_list_indices(pattern="filebeat-*")

Dashboards

Find the infrastructure dashboard

kibana_list_dashboards(search="infrastructure")

What panels does dashboard X have?

kibana_get_dashboard(dashboard_id="<id from list_dashboards>")

Performance Characteristics

  • Log search (kibana_search_logs): typically 50-500ms with direct ES URL; add 100-200ms when routing through Kibana Console proxy
  • Aggregations (kibana_aggregate_logs): size:0 queries — no hits transferred, usually 10-100ms
  • Index listing: single _cat/indices call, O(index_count) response, typically <100ms
  • Dashboard APIs: Kibana Saved Objects API, typically 50-200ms; latency is Kibana-side, not network
  • Set ELASTICSEARCH_URL directly if your agent does frequent log searches — eliminates the proxy overhead

Development

git clone https://github.com/mshegolev/kibana-mcp
cd kibana-mcp
pip install -e '.[dev]'
pytest tests/ -v
ruff check src tests
ruff format src tests

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mshegolev from gravatar.com mshegolev

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Mikhail Shchegolev
  • Tags anthropic , claude , elasticsearch , kibana , logs , mcp , observability
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kibana_mcp-0.1.1.tar.gz (30.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kibana_mcp-0.1.1-py3-none-any.whl (20.8 kB view details)

Uploaded Python 3

File details

Details for the file kibana_mcp-0.1.1.tar.gz.

File metadata

  • Download URL: kibana_mcp-0.1.1.tar.gz
  • Upload date:
  • Size: 30.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for kibana_mcp-0.1.1.tar.gz
Algorithm Hash digest
SHA256 977f7475b1e0f9b386e4f75ba2709371cd9b6a2cbc72438440db600a3640f5d1
MD5 c0c8a8839f4812486917b533e121b07b
BLAKE2b-256 20b44a17f62111577fb5781daf023203efc62e4b3a53d8e68dc9a0c27abd5b69

See more details on using hashes here.

Provenance

The following attestation bundles were made for kibana_mcp-0.1.1.tar.gz:

Publisher: publish.yml on mshegolev/kibana-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file kibana_mcp-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: kibana_mcp-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 20.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for kibana_mcp-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 81c2a382069910f1cc500f86db7c9bcf24daa8d4cc36aa08802809e68a1484dd
MD5 93030c7174f9be656c031ca28d1ebc27
BLAKE2b-256 9ae39ab6a86b757ed811012e92e1a57a4e3cbe315eb0ddfb48b3170c0744077f

See more details on using hashes here.

Provenance

The following attestation bundles were made for kibana_mcp-0.1.1-py3-none-any.whl:

Publisher: publish.yml on mshegolev/kibana-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page