Grafana MCP Server
Official Grafana MCP server providing access to dashboards, datasources, Prometheus, Loki, alerting, incidents, on-call, and many more Grafana ecosystem tools.
Score Breakdown
Server Info
- Package
- mcp-grafana
- Registry
- npm
- Repository
- grafana/mcp-grafana
- Maintainer
- GrafanaVendor
- Category
- Developer Tools
- Tags
- observabilitydashboardsprometheus
- Last Scanned
- 7 Apr 2026
Findings
4 issuesAuthentication & Identity
MEDIUMHTTP/SSE transport supports per-request credentials
Supports stdio, SSE, and Streamable HTTP transports. Auth via GRAFANA_URL and GRAFANA_SERVICE_ACCOUNT_TOKEN (or deprecated GRAFANA_API_KEY) env vars. For HTTP transports, credentials can also be passed via request headers. No MCP OAuth spec implementation. Service account tokens provide scoped access.
Implement the MCP OAuth spec so users authenticate directly without platform mediation.
Tool Schema Quality
MEDIUMOnly 0 of 70 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Data Exposure
MEDIUM8 list operations lack pagination
Several list operations include limit parameters. Loki queries have a configurable max log limit (--max-loki-log-limit). Dashboard summaries provide compact representations. However, many list operations return full records without explicit pagination controls.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
70 total| Name | Description | Risk |
|---|---|---|
| search_dashboards | Search for dashboards in Grafana | read |
| search_folders | Search for folders in Grafana | read |
| list_datasources | List datasources in Grafana | read |
| get_datasource | Get datasource details by UID or name | read |
| list_incidents | List incidents in Grafana Incident | read |
| get_incident | Get incident details | read |
| create_incident | Create an incident in Grafana Incident | write |
| add_activity_to_incident | Add an activity to an incident | write |
| list_prometheus_metric_metadata | List Prometheus metric metadata | read |
| query_prometheus | Execute a PromQL query | read |
| list_prometheus_metric_names | List Prometheus metric names | read |
| list_prometheus_label_names | List Prometheus label names | read |
| list_prometheus_label_values | List Prometheus label values | read |
| query_prometheus_histogram | Query Prometheus histogram data | read |
| list_loki_label_names | List Loki label names | read |
| list_loki_label_values | List Loki label values | read |
| query_loki_logs | Query Loki for log lines | read |
| query_loki_stats | Query Loki for log statistics | read |
| query_loki_patterns | Query Loki for log patterns | read |
| query_elasticsearch | Query Elasticsearch datasource | read |
| manage_alert_rules | Manage Grafana alert rules (read or read/write based on configuration) | write |
| manage_notification_routing | Manage notification routing policies | write |
| get_dashboard_by_uid | Get dashboard by UID | read |
| update_dashboard | Update or create a dashboard | write |
| get_dashboard_panel_queries | Get panel queries from a dashboard | read |
| get_dashboard_property | Get a property from a dashboard panel | read |
| get_dashboard_summary | Get a summary of a dashboard | read |
| create_folder | Create a folder in Grafana | write |
| list_oncall_schedules | List on-call schedules | read |
| get_oncall_shift | Get on-call shift details | read |
| get_current_oncall_users | Get current on-call users | read |
| list_oncall_teams | List on-call teams | read |
| list_oncall_users | List on-call users | read |
| list_alert_groups | List alert groups | read |
| get_alert_group | Get alert group details | read |
| get_assertions | Get assertions from Grafana Asserts | read |
| get_sift_investigation | Get a Sift investigation | read |
| get_sift_analysis | Get Sift analysis results | read |
| list_sift_investigations | List Sift investigations | read |
| find_error_pattern_logs | Find error patterns in logs via Sift | read |
| find_slow_requests | Find slow requests via Sift | read |
| list_teams | List teams in Grafana | read |
| list_users_by_org | List users by organization | read |
| list_all_roles | List all roles | read |
| get_role_details | Get role details | read |
| get_role_assignments | Get role assignments | read |
| list_user_roles | List roles for a user | read |
| list_team_roles | List roles for a team | read |
| get_resource_permissions | Get resource permissions | read |
| get_resource_description | Get resource description | read |
| list_pyroscope_label_names | List Pyroscope label names | read |
| list_pyroscope_label_values | List Pyroscope label values | read |
| list_pyroscope_profile_types | List Pyroscope profile types | read |
| query_pyroscope | Query Pyroscope for profiling data | read |
| generate_deeplink | Generate a deeplink URL for Grafana resources | read |
| get_annotations | Get annotations from Grafana | read |
| create_annotation | Create an annotation in Grafana | write |
| update_annotation | Update an annotation in Grafana | write |
| get_annotation_tags | Get annotation tags from Grafana | read |
| get_panel_image | Export a dashboard panel as a PNG image | read |
| query_cloudwatch | Query CloudWatch metrics via Grafana | read |
| list_cloudwatch_namespaces | List CloudWatch namespaces | read |
| list_cloudwatch_metrics | List CloudWatch metrics | read |
| list_cloudwatch_dimensions | List CloudWatch dimensions | read |
| get_query_examples | Get query examples for a datasource type | read |
| query_clickhouse | Query ClickHouse datasource via Grafana | read |
| list_clickhouse_tables | List ClickHouse tables | read |
| describe_clickhouse_table | Describe a ClickHouse table schema | read |
| search_logs | Search logs across multiple Loki datasources | read |
| run_panel_query | Execute a dashboard panel query | read |
Deploy Grafana MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow