Skip to main content
Glama
jerrelblankenship

Kibana MCP Server

by jerrelblankenship
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

search_logs

Search Elasticsearch logs and data using query DSL to retrieve specific records from specified indices for analysis and troubleshooting.

Instructions

Search Elasticsearch data through Kibana using Elasticsearch query DSL

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
indexYesIndex pattern or name to search
queryNoElasticsearch query DSL (e.g., {"match_all": {}} or {"term": {"field": "value"}})
sizeNoNumber of results to return (default: 10, max: 100)
fromNoStarting offset for pagination (default: 0)
sortNoSort specification (e.g., [{"@timestamp": "desc"}])

Implementation Reference

  • src/tools/index.ts:306-348 (handler)
    Handler for the 'search_logs' tool in MCP, which processes the request parameters and calls the Kibana client.
    case 'search_logs': {
  const { index, query, size = 10, from = 0, sort } = args as {
    index: string;
    query?: Record<string, unknown>;
    size?: number;
    from?: number;
    sort?: unknown[];
  };

  const searchParams = {
    index,
    body: {
      query: query || { match_all: {} },
      size: Math.min(size, 100),
      from,
      ...(sort && { sort }),
    },
  };

  const result = await kibanaClient.searchLogs(searchParams);

  return {
    content: [
      {
        type: 'text' as const,
        text: JSON.stringify(
          {
            took: result.took,
            total: result.hits.total,
            hits: result.hits.hits.map((hit) => ({
              _id: hit._id,
              _index: hit._index,
              _score: hit._score,
              _source: hit._source,
            })),
          },
          null,
          2
        ),
      },
    ],
  };
}
  • src/kibana/client.ts:221-237 (handler)
    Actual API implementation of searchLogs in the KibanaClient that executes the search request against the Kibana backend.
    async searchLogs(
  params: ElasticsearchSearchParams
): Promise<ElasticsearchSearchResponse> {
  // Use Kibana's internal Elasticsearch proxy
  const response = await this.axiosInstance.post(
    `/internal/search/es`,
    {
      params: {
        index: params.index,
        body: params.body || {},
      },
    }
  );

  // Kibana wraps the ES response under rawResponse
  return response.data.rawResponse ?? response.data;
}
  • src/tools/index.ts:127-160 (schema)
    Schema registration for the 'search_logs' tool, defining input requirements and descriptions.
      name: 'search_logs',
  description:
    'Search Elasticsearch data through Kibana using Elasticsearch query DSL',
  inputSchema: {
    type: 'object',
    properties: {
      index: {
        type: 'string',
        description: 'Index pattern or name to search',
      },
      query: {
        type: 'object',
        description:
          'Elasticsearch query DSL (e.g., {"match_all": {}} or {"term": {"field": "value"}})',
      },
      size: {
        type: 'number',
        description: 'Number of results to return (default: 10, max: 100)',
        default: 10,
      },
      from: {
        type: 'number',
        description: 'Starting offset for pagination (default: 0)',
        default: 0,
      },
      sort: {
        type: 'array',
        description:
          'Sort specification (e.g., [{"@timestamp": "desc"}])',
      },
    },
    required: ['index'],
  },
},
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jerrelblankenship/jb-kibana-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server