AI-Powered MCP server for KQL query execution with intelligent schema memory and context assistance
Project description
MCP KQL Server
AI-Powered KQL Query Execution with Intelligent Schema Memory
A Model Context Protocol (MCP) server that provides intelligent KQL (Kusto Query Language) query execution with AI-powered schema caching and context assistance for Azure Data Explorer clusters.
๐ Features
- ๐ฏ Intelligent KQL Execution: Execute KQL queries against any Azure Data Explorer cluster
- ๐ง AI Schema Memory: Automatic schema discovery and intelligent caching
- ๐ Rich Visualizations: Markdown table output with configurable formatting
- โก Performance Optimized: Smart caching reduces cluster API calls
- ๐ Azure Authentication: Seamless Azure CLI integration
- ๐จ Context-Aware: AI-powered query assistance and error suggestions
๐ Prerequisites
- Python 3.8 or higher
- Azure CLI installed and authenticated (
az login) - Access to Azure Data Explorer cluster(s)
๐ One-Command Installation
Quick Install (Recommended)
pip install mcp-kql-server
That's it! The server automatically:
- โ
Sets up memory directories in
%APPDATA%\KQL_MCP(Windows) or~/.local/share/KQL_MCP(Linux/Mac) - โ Configures optimal defaults for production use
- โ Suppresses verbose Azure SDK logs
- โ No environment variables required
Alternative Installation Methods
From Source
git clone https://github.com/4R9UN/mcp-kql-server.git
cd mcp-kql-server
pip install -e .
Development Setup
git clone https://github.com/4R9UN/mcp-kql-server.git
cd mcp-kql-server
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -e ".[dev]"
Verify Installation
python -c "from mcp_kql_server import __version__; print(f'MCP KQL Server v{__version__} installed successfully! ๐')"
๐ง Quick Start
1. Authenticate with Azure (One-time setup)
az login
2. Start the MCP Server (Zero configuration)
python -m mcp_kql_server.mcp_server
The server starts immediately with:
- ๐ Auto-created memory path:
%APPDATA%\KQL_MCP\cluster_memory - ๐ง Optimized defaults: No configuration files needed
- ๐ Secure setup: Uses your existing Azure CLI credentials
3. Use via MCP Client
The server provides two main tools:
kql_execute - Execute KQL Queries with AI Context
kql_schema_memory - Discover and Cache Cluster Schemas
๐ Tool Execution Flow
KQL Query Execution Flow
graph TD
A[๐ค User Submits KQL Query] --> B{๐ Query Validation}
B -->|โ Invalid| C[๐ Syntax Error Response]
B -->|โ
Valid| D[๐ง Load Schema Context]
D --> E{๐พ Schema Cache Available?}
E -->|โ
Yes| F[โก Load from Memory]
E -->|โ No| G[๐ Discover Schema]
F --> H[๐ฏ Execute Query]
G --> I[๐พ Cache Schema + AI Context]
I --> H
H --> J{๐ฏ Query Success?}
J -->|โ Error| K[๐จ Enhanced Error Message]
J -->|โ
Success| L[๐ Process Results]
L --> M[๐จ Generate Visualization]
M --> N[๐ค Return Results + Context]
K --> O[๐ก AI Suggestions]
O --> N
style A fill:#e1f5fe
style N fill:#e8f5e8
style K fill:#ffebee
Schema Memory Discovery Flow
graph TD
A[๐ค User Requests Schema Discovery] --> B[๐ Connect to Cluster]
B --> C[๐ Enumerate Databases]
C --> D[๐ Discover Tables]
D --> E[๐ Get Table Schemas]
E --> F[๐ค AI Analysis]
F --> G[๐ Generate Descriptions]
G --> H[๐พ Store in Memory]
H --> I[๐ Update Statistics]
I --> J[โ
Return Summary]
style A fill:#e1f5fe
style J fill:#e8f5e8
๐ก Usage Examples
Example 1: Basic KQL Query
# Execute a simple query with visualization
{
"tool": "kql_execute",
"input": {
"query": "cluster('help.kusto.windows.net').database('Samples').StormEvents | take 10",
"visualize": true,
"use_schema_context": true
}
}
Response:
{
"status": "success",
"result": {
"columns": ["StartTime", "EndTime", "State", "EventType"],
"rows": [
["2007-01-01T00:00:00Z", "2007-01-01T05:00:00Z", "FLORIDA", "Waterspout"],
...
],
"row_count": 10,
"visualization": "| StartTime | EndTime | State | EventType |\n|---|---|---|---|\n...",
"schema_context": ["Table: StormEvents - Weather event data...", ...]
}
}
Example 2: Complex Query with JSON Processing
# Query with JSON extraction and filtering
{
"tool": "kql_execute",
"input": {
"query": """
cluster('mycluster.kusto.windows.net').database('mydb').Events
| where Timestamp >= ago(1d)
| extend Properties = parse_json(PropertiesJson)
| extend UserId = tostring(Properties.userId)
| where isnotempty(UserId)
| summarize Count=count() by UserId
| top 10 by Count desc
""",
"visualize": true
}
}
Example 3: Schema Discovery
# Discover and cache cluster schema
{
"tool": "kql_schema_memory",
"input": {
"cluster_uri": "https://mycluster.kusto.windows.net",
"force_refresh": false
}
}
Response:
{
"status": "success",
"result": {
"cluster_uri": "https://mycluster.kusto.windows.net",
"database_count": 5,
"total_tables": 23,
"memory_file_path": "C:/Users/user/AppData/Roaming/KQL_MCP/schema_memory.json",
"discovery_summary": {
"databases": ["Events", "Logs", "Metrics"],
"tables_discovered": ["Events.UserActivity", "Logs.ApplicationLogs", ...],
"message": "Successfully discovered 23 tables across 5 databases"
}
}
}
๐ฏ Key Benefits
For Data Analysts
- โก Faster Query Development: AI-powered autocomplete and suggestions
- ๐จ Rich Visualizations: Instant markdown tables for data exploration
- ๐ง Context Awareness: Understand your data structure without documentation
For DevOps Teams
- ๐ Automated Schema Discovery: Keep schema information up-to-date
- ๐พ Smart Caching: Reduce API calls and improve performance
- ๐ Secure Authentication: Leverage existing Azure CLI credentials
For AI Applications
- ๐ค Intelligent Query Assistance: AI-generated table descriptions and suggestions
- ๐ Structured Data Access: Clean, typed responses for downstream processing
- ๐ฏ Context-Aware Responses: Rich metadata for better AI decision making
๐๏ธ Architecture
graph TD
A[MCP Client<br/>Claude/AI/Custom] <--> B[MCP KQL Server<br/>FastMCP Framework]
B <--> C[Azure Data Explorer<br/>Kusto Clusters]
B <--> D[Schema Memory<br/>Local AI Cache]
style A fill:#e1f5fe
style B fill:#f3e5f5
style C fill:#fff3e0
style D fill:#e8f5e8
๐ Project Structure
mcp-kql-server/
โโโ mcp_kql_server/
โ โโโ __init__.py # Package initialization
โ โโโ mcp_server.py # Main MCP server implementation
โ โโโ execute_kql.py # KQL query execution logic
โ โโโ schema_memory.py # Schema caching and discovery
โ โโโ unified_memory.py # Advanced memory management
โ โโโ kql_auth.py # Azure authentication
โ โโโ utils.py # Utility functions
โ โโโ constants.py # Configuration constants
โโโ docs/ # Documentation
โโโ Example/ # Usage examples
โโโ pyproject.toml # Project configuration
โโโ README.md # This file
โ๏ธ Configuration
Zero-Configuration Setup
The server works out-of-the-box with sensible defaults:
- Memory Path: Automatically created at:
- Windows:
%APPDATA%\KQL_MCP\cluster_memory\ - macOS/Linux:
~/.local/share/KQL_MCP/cluster_memory/
- Windows:
- Authentication: Uses your existing Azure CLI credentials
- Logging: Optimized for production (minimal Azure SDK logs)
- Timeouts: Connection (60s), Query (10min) - suitable for most workloads
Optional Environment Variables
# Optional: Enable debug mode (only if needed)
export KQL_DEBUG=true
Memory Management
Schema intelligence is automatically stored in:
- Schema Memory:
{memory_path}/schema_memory.json - Table Cache:
{memory_path}/clusters/{cluster}/databases/{db}/tables/ - Auto-cleanup: Stale cache entries removed automatically
๐ Advanced Usage
Custom Memory Path
{
"tool": "kql_execute",
"input": {
"query": "...",
"cluster_memory_path": "/custom/memory/path"
}
}
Force Schema Refresh
{
"tool": "kql_schema_memory",
"input": {
"cluster_uri": "mycluster",
"force_refresh": true
}
}
Performance Optimization
{
"tool": "kql_execute",
"input": {
"query": "...",
"use_schema_context": false, # Disable for faster execution
"visualize": false # Disable for minimal response
}
}
๐ Security
- Azure CLI Authentication: Leverages your existing Azure credentials
- No Credential Storage: Server doesn't store authentication tokens
- Query Validation: Built-in protection against malicious queries
- Local Memory: Schema cache stored locally, not transmitted
๐ Troubleshooting
Common Issues
-
Authentication Errors
# Re-authenticate with Azure CLI az login --tenant your-tenant-id
-
Memory Issues
# Clear schema cache if corrupted (automatic backup created) # Windows: del "%APPDATA%\KQL_MCP\schema_memory.json" # macOS/Linux: rm ~/.local/share/KQL_MCP/schema_memory.json
-
Connection Timeouts
- Check cluster URI format
- Verify network connectivity
- Confirm Azure permissions
-
Memory Path Issues
- Server automatically creates fallback directory in
~/.kql_mcp_memoryif default path fails - Check logs for memory path initialization messages
- Server automatically creates fallback directory in
Debug Mode (Optional)
# Enable debug logging if needed
set KQL_DEBUG=true # Windows
export KQL_DEBUG=true # macOS/Linux
python -m mcp_kql_server.mcp_server
๐ค Contributing
We welcome contributions! Please see our Contributing Guide for details.
Development Setup
git clone https://github.com/4R9UN/mcp-kql-server.git
cd mcp-kql-server
python -m venv venv
source venv/bin/activate
pip install -e ".[dev]"
๐ Acknowledgments
- FastMCP - MCP server framework
- Azure Kusto Python SDK - KQL client library
- Model Context Protocol - Protocol specification
- Microsoft Azure Data Explorer - Cloud analytics service
๐ Support
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Documentation: Full Documentation
- PyPI Package: PyPI Project Page
- Author: Arjun Trivedi
๐ Star History
Happy Querying! ๐
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mcp_kql_server-2.0.1.tar.gz
(480.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_kql_server-2.0.1.tar.gz.
File metadata
- Download URL: mcp_kql_server-2.0.1.tar.gz
- Upload date:
- Size: 480.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5657feac92f53c8a4de4f258a9192f422ec80be8fd508231f726be4e16e4edbb
|
|
| MD5 |
7c79cc6b72311257ee02cb77f6609be9
|
|
| BLAKE2b-256 |
e904b9927c7f3ae452e189b1e8d39d1345b23f5de729262218114d651557ccf1
|
File details
Details for the file mcp_kql_server-2.0.1-py3-none-any.whl.
File metadata
- Download URL: mcp_kql_server-2.0.1-py3-none-any.whl
- Upload date:
- Size: 33.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0c517f254b76dbf8443b9e8e154e65ab275b032213cbabf231f1f436ca62fc2
|
|
| MD5 |
ce7ca13cab0fdb90e907004aedf9aa6a
|
|
| BLAKE2b-256 |
9571e8a1af9b109f44295445059fe299e5db780c0c608c7a03f89bb335ce67c6
|
