Which integrations are available for this server?

Provides access to query [Elasticsearch](/mcp/servers/integrations/elasticsearch) data through Kibana's API, enabling log searches and data retrieval with support for custom queries, sorting, and filtering. Enables AI assistants to interact with [Kibana](/mcp/servers/integrations/kibana) dashboards, visualizations, data views, and saved searches, with tools for executing searches, exporting dashboards, and querying Elasticsearch data through Kibana's REST API.

Kibana MCP Server

A Model Context Protocol (MCP) server that enables AI assistants to interact with Kibana dashboards, visualizations, and Elasticsearch data through a standardized interface.

Features

Resources: Read-only access to Kibana dashboards, visualizations, data views, and saved searches
Tools: Execute searches, export dashboards, and query Elasticsearch data
Dual Transport: Supports both stdio (local) and HTTP/SSE (containerized) transports
Docker Support: Production-ready containerization with Docker and Podman
Authentication: API key and username/password authentication
Type-Safe: Built with TypeScript for enhanced reliability

Architecture

┌─────────────────┐ │ AI Assistant │ │ (Claude, etc.) │ └────────┬────────┘ │ MCP Protocol │ ┌────────▼────────┐ ┌─────────────┐ │ MCP Server │─────▶│ Kibana │ │ (This Server) │ │ REST API │ └─────────────────┘ └──────┬──────┘ │ ┌──────▼──────┐ │Elasticsearch│ └─────────────┘

Quick Start

Using Docker/Podman (Recommended)

Clone and configure:
git clone <repository-url> cd kibana-mcp-poc cp .env.example .env # Edit .env with your Kibana credentials
Run with Docker Compose:
docker-compose up --build
Or with Podman:
podman build -t kibana-mcp . podman run -p 3000:3000 --env-file .env kibana-mcp
Verify it's running:
curl http://localhost:3000/health

Local Development

Install dependencies:
npm install
Configure environment:
cp .env.example .env # Edit .env with your Kibana credentials
Run in development mode:
# Stdio mode (for Claude Desktop) npm run dev # HTTP mode (for testing) npm run dev:http
Build and run production:
npm run build npm start # stdio mode npm start:http # HTTP mode

Configuration

Environment Variables

Create a .env file based on .env.example:

# Kibana Configuration (required) KIBANA_URL=https://your-kibana-instance.com KIBANA_API_KEY=your_api_key_here # Alternative: Username/Password Authentication # KIBANA_USERNAME=your_username # KIBANA_PASSWORD=your_password # Server Configuration MCP_TRANSPORT=http # or stdio HTTP_PORT=3000 # Port for HTTP server LOG_LEVEL=info # debug, info, warn, error

Authentication Methods

API Key (Recommended):

KIBANA_URL=https://kibana.example.com KIBANA_API_KEY=your_base64_encoded_api_key

Username/Password:

KIBANA_URL=https://kibana.example.com KIBANA_USERNAME=admin KIBANA_PASSWORD=your_password

MCP Capabilities

Resources (Read-Only Data)

kibana://dashboards - List all dashboards
kibana://dashboard/{id} - Get specific dashboard
kibana://visualizations - List all visualizations
kibana://data-views - List all data views
kibana://saved-searches - List saved searches

Tools (Executable Functions)

`list_dashboards`

List dashboards with optional search and pagination.

{ "search": "security", "page": 1, "perPage": 20 }

`get_dashboard`

Get detailed information about a specific dashboard.

{ "id": "dashboard-id-here" }

`export_dashboard`

Export dashboard with all dependencies.

{ "id": "dashboard-id-here", "includeReferences": true }

`search_logs`

Query Elasticsearch data through Kibana.

{ "index": "logs-*", "query": { "match": { "message": "error" } }, "size": 10, "sort": [{"@timestamp": "desc"}] }

Other Tools

list_visualizations - List visualizations
get_visualization - Get visualization details
list_data_views - List available data views

Connecting to AI Assistants

Claude Code

Claude Code connects to MCP servers running over HTTP/SSE. You have two options:

Option 1: Using Docker (Recommended)

Start the server:
docker-compose up -d
Add to Claude Code settings (~/.config/claude-code/settings.json on Linux/macOS or %APPDATA%\claude-code\settings.json on Windows):
{ "mcpServers": { "kibana": { "url": "http://localhost:3000" } } }
Restart Claude Code to load the new MCP server.

Option 2: Direct Configuration with Environment Variables

{ "mcpServers": { "kibana": { "url": "http://localhost:3000", "env": { "KIBANA_URL": "https://your-kibana.com", "KIBANA_API_KEY": "your-api-key", "MCP_TRANSPORT": "http", "HTTP_PORT": "3000" } } } }

Then start the server manually:

npm run start:http

Verification: In Claude Code, type /mcp to see available servers. You should see "kibana" in the list with resources and tools.

Amazon Q Developer

Amazon Q Developer also supports MCP servers via HTTP/SSE transport.

Setup with Docker

Start the Kibana MCP server:
docker run -d \ --name kibana-mcp \ -p 3000:3000 \ -e KIBANA_URL=https://your-kibana.com \ -e KIBANA_API_KEY=your-api-key \ -e MCP_TRANSPORT=http \ kibana-mcp:latest
Configure Amazon Q Developer:
Edit your Amazon Q configuration file (location varies by IDE):
VS Code (settings.json):
{ "amazonQ.mcp.servers": { "kibana": { "url": "http://localhost:3000/sse" } } }
JetBrains IDEs (Settings → Tools → Amazon Q):
- Add MCP Server
- Name: kibana
- URL: http://localhost:3000/sse
Restart your IDE to activate the connection.

Alternative: MCP Proxy for stdio

If your tool requires stdio transport, use mcp-proxy to bridge:

# Install mcp-proxy globally npm install -g @modelcontextprotocol/mcp-proxy # Start the HTTP server docker-compose up -d # Run proxy in stdio mode mcp-proxy stdio http://localhost:3000/sse

Then configure Amazon Q to use the proxy as a stdio command:

{ "command": "mcp-proxy", "args": ["stdio", "http://localhost:3000/sse"] }

Claude Desktop (stdio mode)

For local Claude Desktop app (not Claude Code), use stdio transport:

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{ "mcpServers": { "kibana": { "command": "node", "args": ["/path/to/kibana-mcp-poc/dist/index.js"], "env": { "KIBANA_URL": "https://your-kibana.com", "KIBANA_API_KEY": "your-api-key" } } } }

Generic HTTP/SSE Clients

Connect any MCP client to the HTTP server at:

http://localhost:3000/sse

The server exposes these endpoints:

GET /health - Health check
GET /info - Server information
GET /sse - SSE connection endpoint for MCP protocol

Docker Deployment

Build Image

docker build -t kibana-mcp:latest .

Run Container

docker run -d \ --name kibana-mcp \ -p 3000:3000 \ -e KIBANA_URL=https://your-kibana.com \ -e KIBANA_API_KEY=your-api-key \ kibana-mcp:latest

Docker Compose

# Start docker-compose up -d # View logs docker-compose logs -f # Stop docker-compose down

Development

Project Structure

kibana-mcp-poc/ ├── src/ │ ├── index.ts # Stdio entry point │ ├── http-server.ts # HTTP/SSE entry point │ ├── server.ts # Core MCP server logic │ ├── kibana/ │ │ ├── client.ts # Kibana API client │ │ ├── types.ts # TypeScript types │ │ └── auth.ts # Authentication │ ├── resources/ │ │ └── index.ts # MCP resources │ └── tools/ │ └── index.ts # MCP tools ├── Dockerfile ├── docker-compose.yml └── package.json

Adding New Tools

Define the tool schema in src/tools/index.ts
Implement the handler in the tools/call request handler
Add corresponding Kibana client method if needed

Testing

# Health check curl http://localhost:3000/health # Server info curl http://localhost:3000/info # Test with MCP Inspector npx @modelcontextprotocol/inspector dist/index.js

Security

Container Isolation: Runs as non-root user (mcpuser)
Minimal Base Image: Uses node:20-slim to reduce attack surface
Secret Management: Environment variables for credentials
API Authentication: Supports API keys and basic auth
RBAC: Respects Kibana's role-based access control

Troubleshooting

Connection Issues

# Check if Kibana is accessible curl -I https://your-kibana.com/api/status # Verify authentication curl -H "Authorization: ApiKey YOUR_KEY" \ -H "kbn-xsrf: true" \ https://your-kibana.com/api/status

Container Issues

# View logs docker logs kibana-mcp-server # Shell into container docker exec -it kibana-mcp-server /bin/sh # Rebuild without cache docker-compose build --no-cache

Contributing

Contributions are welcome! Please follow these guidelines:

Use TypeScript for all new code
Follow existing code style
Add tests for new features
Update documentation

License

MIT