playbooks

home / mcp / kibana mcp server

Kibana MCP Server

Provides unified access to Kibana and Periscope logs across 9 indexes with fast search and analytics.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "gaharivatsa-kibana_server": {
      "url": "http://localhost:8000",
      "headers": {
        "OPENAI_API_KEY": "YOUR_OPENAI_API_KEY",
        "GOOGLE_AI_API_KEY": "YOUR_GOOGLE_AI_API_KEY"
      }
    }
  }
}

You run a modular MCP server that provides fast, unified access to Kibana and Periscope logs through a single API. It supports multiple indexes, in-memory caching, HTTP/2, OpenTelemetry tracing, and timezone-aware searches, making it practical for production-grade log analytics and cross-system correlation.

How to use

You connect to the Kibana MCP Server using its HTTP API or run it locally via a supported startup script. Use the exposed endpoints to discover available indexes, set the active index, run searches in Kibana (KQL) or Periscope (SQL), and optionally enable AI-assisted analysis. Authentication is performed via tokens that you store and refresh as needed. All actions can be performed through your MCP client with straightforward calls to the API.

How to install

Prerequisites are required to run the server locally.

1. Install Python 3.8 or newer.

2. Create and activate a virtual environment.

3. Install dependencies from the requirements file.

4. Make the start script executable.

5. Optionally set up AI-powered log analysis by providing an AI provider API key.

Configuration examples and startup

elasticsearch:
  host: ""  # Set via API or environment
  timestamp_field: "timestamp"  # āœ… Works for ALL 9 indexes
  verify_ssl: true

mcp_server:
  host: "0.0.0.0"
  port: 8000
  log_level: "info"

periscope:
  host: ""

timeouts:
  kibana_request_timeout: 30

Running the server

Start the server using the provided start script. The server will be available at http://localhost:8000.

Health checks can be performed to verify status.

Security and authentication

Authenticate through tokens for both Kibana and Periscope. Store tokens securely and refresh as needed.

API references and usage patterns

Discover indexes, select an index, and perform searches via Kibana (KQL) or Periscope (SQL). Use the AI-powered analysis endpoints to summarize results when needed.

Troubleshooting and notes

If you encounter timestamp field errors or authentication issues, adjust settings via the dynamic configuration endpoint or refresh tokens.

Performance and architecture notes

The server features in-memory caching, HTTP/2 support, connection pooling, and OpenTelemetry tracing for observability. Timezone support is available for all indices.

Examples of common workflows

Discover available indexes, set the active index, and run a search across Kibana or Periscope logs. Use the AI endpoints to generate summaries or insights from the results.

Available tools

discover_indexes

List available indexes for querying and identify total counts across 9 indexes.

set_current_index

Choose which index pattern to search against for subsequent queries.

search_logs

Main endpoint for Kibana KQL-based log searches across the selected index.

get_recent_logs

Retrieve the most recent logs from the active index.

extract_errors

Extract error records from logs to surface issues quickly.

summarize_logs

AI-powered analysis to generate summaries and key insights from logs.

search_periscope_logs

Main endpoint for Periscope SQL-based log searches.

search_periscope_errors

Query for HTTP error patterns across Periscope streams.

set_auth_token

Set the Kibana authentication token used by the MCP server.

set_periscope_auth_token

Set the Periscope authentication token used by the MCP server.

set_config

Dynamically update server configuration at runtime.