Skip to main content
mcpSource-backed
Grafana logo

Grafana MCP Server for Claude

Connect Claude to Grafana for metrics, logs, dashboards, alerting, incidents, and observability workflows.

by Grafana Labs · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://grafana.com/docs/grafana/latest/developer-resources/mcp/, https://github.com/grafana/mcp-grafana
Brand
Grafana
Brand domain
grafana.com
Brand asset source
brandfetch
Safety notes
Scope the service account token to the smallest set of Grafana permissions needed for your workflow. Broad Editor-style access can query and change many dashboards, alert rules, incidents, annotations, and OnCall resources., Disable write-capable or unused tool groups when you only need investigation. The server can expose operations for creating or updating dashboards, alert rules, incidents, annotations, and other Grafana resources., Treat LLM-generated PromQL, LogQL, SQL, and TraceQL as suggestions. Review expensive or broad time-range queries before running them against production datasources., Large dashboards and broad log queries can consume significant model context and Grafana query capacity. Prefer summaries, narrow time windows, and specific datasource scopes.
Privacy notes
Grafana query results may include production logs, metrics, traces, labels, dashboard JSON, alert rules, annotations, incident details, and OnCall data that become visible to the connected MCP client and model session., Store GRAFANA_SERVICE_ACCOUNT_TOKEN outside prompts and source control. Pass it through MCP environment configuration or your client secret-management flow., Logs and traces often contain user identifiers, request payloads, IP addresses, error messages, and other sensitive operational data; redact or avoid broad queries before sharing transcripts., When routing through Grafana datasources, the MCP server uses Grafana's configured access path. Credential exposure depends on the server configuration, client logs, and what query results are returned.
Author
Grafana Labs
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first.

0/6 ready
Account & credentials1Install & runtime4General110 minutes

Safety & privacy surface

Safety & privacy surface

4 safety and 4 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

5 areas
  • SafetyCredentials & tokensScope the service account token to the smallest set of Grafana permissions needed for your workflow. Broad Editor-style access can query and change many dashboards, alert rules, incidents, annotations, and OnCall resources.
  • SafetyGeneralDisable write-capable or unused tool groups when you only need investigation. The server can expose operations for creating or updating dashboards, alert rules, incidents, annotations, and other Grafana resources.
  • SafetyExecution & processesTreat LLM-generated PromQL, LogQL, SQL, and TraceQL as suggestions. Review expensive or broad time-range queries before running them against production datasources.
  • SafetyPermissions & scopesLarge dashboards and broad log queries can consume significant model context and Grafana query capacity. Prefer summaries, narrow time windows, and specific datasource scopes.
  • PrivacyCredentials & tokensGrafana query results may include production logs, metrics, traces, labels, dashboard JSON, alert rules, annotations, incident details, and OnCall data that become visible to the connected MCP client and model session.
  • PrivacyCredentials & tokensStore GRAFANA_SERVICE_ACCOUNT_TOKEN outside prompts and source control. Pass it through MCP environment configuration or your client secret-management flow.
  • PrivacyNetwork accessLogs and traces often contain user identifiers, request payloads, IP addresses, error messages, and other sensitive operational data; redact or avoid broad queries before sharing transcripts.
  • PrivacyCredentials & tokensWhen routing through Grafana datasources, the MCP server uses Grafana's configured access path. Credential exposure depends on the server configuration, client logs, and what query results are returned.

Safety notes

  • Scope the service account token to the smallest set of Grafana permissions needed for your workflow. Broad Editor-style access can query and change many dashboards, alert rules, incidents, annotations, and OnCall resources.
  • Disable write-capable or unused tool groups when you only need investigation. The server can expose operations for creating or updating dashboards, alert rules, incidents, annotations, and other Grafana resources.
  • Treat LLM-generated PromQL, LogQL, SQL, and TraceQL as suggestions. Review expensive or broad time-range queries before running them against production datasources.
  • Large dashboards and broad log queries can consume significant model context and Grafana query capacity. Prefer summaries, narrow time windows, and specific datasource scopes.

Privacy notes

  • Grafana query results may include production logs, metrics, traces, labels, dashboard JSON, alert rules, annotations, incident details, and OnCall data that become visible to the connected MCP client and model session.
  • Store GRAFANA_SERVICE_ACCOUNT_TOKEN outside prompts and source control. Pass it through MCP environment configuration or your client secret-management flow.
  • Logs and traces often contain user identifiers, request payloads, IP addresses, error messages, and other sensitive operational data; redact or avoid broad queries before sharing transcripts.
  • When routing through Grafana datasources, the MCP server uses Grafana's configured access path. Credential exposure depends on the server configuration, client logs, and what query results are returned.

Prerequisites

  • uv and uvx available, or Docker, Helm, or the mcp-grafana binary installed
  • Grafana 9.0 or later for full functionality
  • Grafana Cloud or self-hosted Grafana instance reachable from the MCP server
  • Grafana service account token with RBAC permissions for the tools you enable
  • Claude Code, Claude Desktop, Cursor, VS Code, or another MCP-capable client
  • Existing Grafana datasources such as Prometheus, Loki, Tempo, CloudWatch, Elasticsearch, OpenSearch, or ClickHouse for query tools

Schema details

Install type
cli
Troubleshooting
Yes
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "grafana": {
    "command": "uvx",
    "args": ["mcp-grafana"],
    "env": {
      "GRAFANA_URL": "https://myinstance.grafana.net",
      "GRAFANA_SERVICE_ACCOUNT_TOKEN": "<your service account token>"
    }
  }
}

About this resource

Content

The Grafana MCP server connects Claude and other MCP-capable clients to a Grafana instance. It gives an assistant a structured way to query observability data, inspect dashboards, work with alerting and incident workflows, and generate accurate deeplinks back into Grafana.

This is a strong fit for teams that already use Grafana as their operations hub. Instead of asking an assistant to guess URLs or invent PromQL, users can give Claude access to Grafana-backed tools with explicit authentication, transport, and RBAC boundaries.

The official quick-start path uses uvx mcp-grafana, but Grafana also documents Docker, downloaded binary, source build, and Helm deployment options. Grafana 9.0 or later is required for full functionality.

Features

  • Query Prometheus metrics through Grafana datasources.
  • Query Loki logs and LogQL-backed metrics.
  • Inspect datasource metadata, labels, metric names, and query examples.
  • Search dashboards and fetch dashboard summaries, properties, panel queries, and datasource details.
  • Generate Grafana deeplinks for dashboards, panels, Explore, time ranges, and datasource-specific views.
  • List and manage Grafana alert rules, notification policies, contact points, and related alerting configuration when permissions allow.
  • Work with Grafana Incident, Sift investigations, and Grafana OnCall resources when those products and permissions are available.
  • Enable or disable tool groups so the MCP surface matches the team's risk tolerance and Grafana setup.
  • Run locally over stdio with uvx, Docker, or a binary, or run as an HTTP server with SSE or streamable HTTP transports.

Use Cases

  • Ask Claude to investigate a recent latency spike using Grafana metrics and narrowed time windows.
  • Search dashboards and retrieve only the panels or JSON paths needed for a specific incident review.
  • Generate Grafana Explore links for a Prometheus or Loki query without relying on hand-built URLs.
  • Review alert rule state, routing, and notification policy context during an incident.
  • Use Grafana Incident or OnCall context alongside logs and metrics when triaging production issues.
  • Give an assistant read-only observability context while keeping dashboard and alert writes disabled or out of scope.

Installation

Claude Code

  1. Install uv and confirm uvx is available.
  2. Create a Grafana service account token with only the permissions needed for the tool groups you plan to use.
  3. Add the MCP server with your Grafana URL and token:
claude mcp add grafana --env GRAFANA_URL=https://myinstance.grafana.net --env GRAFANA_SERVICE_ACCOUNT_TOKEN=YOUR_SERVICE_ACCOUNT_TOKEN -- uvx mcp-grafana
  1. Restart or refresh the MCP client session.
  2. Ask Claude to list available Grafana tools or run a narrow dashboard or datasource lookup.

Claude Desktop

  1. Open the Claude Desktop MCP configuration file.
  2. Add the grafana server configuration shown below.
  3. Replace the placeholder URL and token with your Grafana instance URL and service account token.
  4. Restart Claude Desktop and test with a narrow read-only query first.

Configuration

{
  "grafana": {
    "command": "uvx",
    "args": ["mcp-grafana"],
    "env": {
      "GRAFANA_URL": "https://myinstance.grafana.net",
      "GRAFANA_SERVICE_ACCOUNT_TOKEN": "<your service account token>"
    }
  }
}

Examples

Inspect dashboard context

Ask Claude to find the production API dashboard, summarize its panels, and show which Prometheus and Loki datasources it uses.

Find dashboards related to the production API and summarize the panels and datasources.

Investigate a metric spike

Use the Prometheus tools with a specific datasource, time window, and metric name instead of broad exploratory queries.

For the last 30 minutes, query the production Prometheus datasource for API p95 latency and error rate.

Review log patterns

Use Loki against a bounded time range and service label when looking for common errors.

Check Loki logs for the checkout service over the last 15 minutes and group recurring error messages.

Generate a Grafana deeplink

Ask Claude to create a Grafana Explore link for a specific datasource query and time range.

Create a Grafana Explore link for this Loki query over the incident window.

Security

  • Prefer service account token authentication over username and password for automation.
  • Grant only the RBAC actions and scopes required for your enabled tools. Use datasource, dashboard, folder, and team scopes where possible instead of broad organization-wide access.
  • Start with read-only investigation workflows. Add write-capable dashboard, alerting, incident, or annotation tools only when the operator has a clear approval process.
  • Keep tokens in MCP environment configuration, not in prompts, chat history, or checked-in files.
  • Review generated queries before running them against large production datasources, especially when they include wide time ranges or unbounded label selectors.

Troubleshooting

Claude cannot start the server

Confirm uvx is installed and available in the same environment that launches your MCP client. If you use Docker, a downloaded binary, or Helm instead, update the client configuration to match that runtime.

Authentication fails

Verify GRAFANA_URL points at the correct Grafana instance and that GRAFANA_SERVICE_ACCOUNT_TOKEN belongs to a service account with the required RBAC permissions.

Queries return permission errors

Check the service account role and scopes for the datasource, dashboard, folder, alerting, or incident resource being accessed. A token can authenticate successfully and still lack permission for a specific tool.

Responses are too large

Use dashboard summaries, specific dashboard properties, narrower time windows, and more precise label filters before fetching full dashboard JSON or broad log results.

Source citations

Add this badge to your README

Show that Grafana MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/grafana-mcp-server.svg)](https://heyclau.de/entry/mcp/grafana-mcp-server)

How it compares

Grafana MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Connect Claude to Grafana for metrics, logs, dashboards, alerting, incidents, and observability workflows.

Open dossier

Official AWS Labs MCP server that gives troubleshooting agents task-oriented access to Amazon CloudWatch metrics, alarms, logs, and PromQL queries for AI-assisted root-cause analysis and remediation recommendations.

Open dossier

Direct Prometheus MCP server that lets Claude run PromQL instant and range queries, discover metrics, inspect metadata, and review scrape targets.

Open dossier

Query observability data, manage dashboards, and monitor your systems from Claude — run APL queries against datasets, list metrics, inspect monitors, and retrieve saved queries — with the official Axiom remote MCP server.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1jaso0n0818oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandGrafana logoGrafanaAWS Labs logoAWS Labs
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorGrafana LabsAWS Labspab1it0Axiom, Inc.
Added2026-06-032026-06-202026-06-062026-06-18
Platforms
Harness
Source repo
Safety notesScope the service account token to the smallest set of Grafana permissions needed for your workflow. Broad Editor-style access can query and change many dashboards, alert rules, incidents, annotations, and OnCall resources. Disable write-capable or unused tool groups when you only need investigation. The server can expose operations for creating or updating dashboards, alert rules, incidents, annotations, and other Grafana resources. Treat LLM-generated PromQL, LogQL, SQL, and TraceQL as suggestions. Review expensive or broad time-range queries before running them against production datasources. Large dashboards and broad log queries can consume significant model context and Grafana query capacity. Prefer summaries, narrow time windows, and specific datasource scopes.This server reads CloudWatch telemetry from your AWS account; scope the AWS credentials/profile to read-only CloudWatch access and the intended accounts and regions. It is designed for observability and troubleshooting (metrics, alarms, logs, PromQL) and does not modify resources, but it can issue many CloudWatch read APIs that may incur AWS request costs. Run it only on a trusted host, since it uses the local machine's AWS credentials to reach your account. Some PromQL tooling is region-limited and may require enabling OTel enrichment (`aws cloudwatch start-otel-enrichment`); review the server docs before relying on it.Prometheus MCP executes PromQL instant and range queries against the configured Prometheus endpoint. Broad range queries, high-cardinality metric discovery, or repeated autonomous analysis can load Prometheus, remote storage, and network links. Metrics can describe production systems, incidents, customer traffic, hostnames, Kubernetes namespaces, service names, deployment topology, and security-relevant labels. `PROMETHEUS_URL_SSL_VERIFY=False` disables TLS verification and should not be used for production endpoints. Protect `PROMETHEUS_PASSWORD`, `PROMETHEUS_TOKEN`, client certificate files, client key files, custom headers, and tenant IDs in MCP client configs and logs. For Kubernetes use, review the Helm values, service exposure, ingress, ServiceMonitor, pod security context, and secret handling before deployment.The MCP server includes dashboard management tools (create, update, delete) — review any write operations before confirming. APL queries run against live datasets; complex queries over large time windows may be slow or consume significant dataset quota.
Privacy notesGrafana query results may include production logs, metrics, traces, labels, dashboard JSON, alert rules, annotations, incident details, and OnCall data that become visible to the connected MCP client and model session. Store GRAFANA_SERVICE_ACCOUNT_TOKEN outside prompts and source control. Pass it through MCP environment configuration or your client secret-management flow. Logs and traces often contain user identifiers, request payloads, IP addresses, error messages, and other sensitive operational data; redact or avoid broad queries before sharing transcripts. When routing through Grafana datasources, the MCP server uses Grafana's configured access path. Credential exposure depends on the server configuration, client logs, and what query results are returned.Metric values, alarm states and history, log group contents, namespaces, dimensions, ARNs, and account/region metadata can be returned through tool calls and exposed to the model. Queries and time ranges you ask about are sent to the CloudWatch APIs using your configured credentials; keep account identifiers and credentials out of public prompts, issues, and screenshots.Tool calls can expose PromQL queries, metric names, labels, target metadata, scrape health, tenant IDs, service URLs, and query results to the MCP client and model context. Returned metrics may include usernames, customer IDs, IP addresses, internal routes, hostnames, pod names, error messages, or other sensitive labels if present in Prometheus. Prometheus credentials, authentication variables, and custom headers can appear in local config, shell history, Kubernetes secrets, logs, or crash reports if not handled carefully. Prometheus UI links in query results can reveal internal URLs unless `PROMETHEUS_DISABLE_LINKS=True` is used.Log data, traces, metrics, and monitor configurations from your Axiom datasets and organization are surfaced in Claude's context. OAuth is the recommended authentication method — no API token is stored in your MCP configuration.
Prerequisites
  • uv and uvx available, or Docker, Helm, or the mcp-grafana binary installed
  • Grafana 9.0 or later for full functionality
  • Grafana Cloud or self-hosted Grafana instance reachable from the MCP server
  • Grafana service account token with RBAC permissions for the tools you enable
  • An AWS account with CloudWatch telemetry (metrics, alarms, and/or logs).
  • Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
  • AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) with read access to the CloudWatch APIs you intend to use.
  • An MCP client that supports stdio servers; the server runs locally on the same host as the client.
  • Docker for the recommended container install path, or Kubernetes and Helm for cluster deployment.
  • A reachable Prometheus-compatible API endpoint in `PROMETHEUS_URL`.
  • Optional basic auth, bearer token, mutual TLS certificate, organization ID, or custom headers for protected and multi-tenant Prometheus deployments.
  • Review of Prometheus access policy, metric cardinality, retention, query limits, and incident-data handling before giving an agent query access.
  • An Axiom account — authenticate via OAuth when prompted in Claude Code, or generate an API token in Axiom settings.
  • An MCP client such as Claude Code or Claude Desktop.
Install
claude mcp add grafana --env GRAFANA_URL=https://myinstance.grafana.net --env GRAFANA_SERVICE_ACCOUNT_TOKEN=YOUR_SERVICE_ACCOUNT_TOKEN -- uvx mcp-grafana
uvx awslabs.cloudwatch-mcp-server@latest
docker run -i --rm -e PROMETHEUS_URL ghcr.io/pab1it0/prometheus-mcp-server:latest
claude mcp add --transport http axiom https://mcp.axiom.co/mcp
Config
Manual-only setup:
{
  "grafana": {
    "command": "uvx",
    "args": ["mcp-grafana"],
    "env": {
      "GRAFANA_URL": "https://myinstance.grafana.net",
      "GRAFANA_SERVICE_ACCOUNT_TOKEN": "<your service account token>"
    }
  }
}
{
  "mcpServers": {
    "awslabs.cloudwatch-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.cloudwatch-mcp-server@latest"],
      "env": {
        "AWS_PROFILE": "${AWS_PROFILE}",
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "type": "stdio"
    }
  }
}
{
  "mcpServers": {
    "prometheus": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "PROMETHEUS_URL",
        "ghcr.io/pab1it0/prometheus-mcp-server:latest"
      ],
      "env": {
        "PROMETHEUS_URL": "https://prometheus.example.com"
      },
      "type": "stdio"
    }
  }
}
{
  "mcpServers": {
    "axiom": {
      "type": "http",
      "url": "https://mcp.axiom.co/mcp"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.