Evaluation record ยท mcp-server-grafana

MCP Grafana Server

v0.17.1

Grafana Labs

MCPmonitoringobservabilitygrafanaprometheus
82
Strong
About This MCP

Official Grafana Labs MCP server (grafana/mcp-grafana, Apache-2.0, Go) with 40+ tools: query metrics/logs/traces across Prometheus, Loki, and many other datasources, search and update dashboards, manage alert rules, and drive Incident, Sift, and OnCall. Supports stdio, SSE, and streamable HTTP with service-account token auth, category-level tool enablement, and a --disable-write read-only mode; also powers Grafana Assistant, with a hosted Grafana Cloud MCP endpoint in preview.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
metrics query reliability

Review of PromQL query tools and underlying Grafana datasource API maturity

Evidence
mcp-grafana README - Prometheus tools โ€” Dedicated Prometheus toolset (query_prometheus, list_prometheus_metric_metadata, label names/values) built on Grafana's mature datasource proxy APIs; requires Grafana 9.0+ for full functionality
highVerified: 2026-07-09
log search accuracy

Log query tool review against Loki API capabilities

Evidence
mcp-grafana README - Loki tools โ€” LogQL query tools (query_loki_logs, query_loki_stats, label APIs) expose Grafana's Loki log search with stats endpoints to gauge result volume before querying
highVerified: 2026-07-09
datasource coverage

Feature inventory of datasource-specific toolsets in the repository

Evidence
mcp-grafana README - toolsets โ€” Tool categories span Prometheus, Loki, InfluxDB, ClickHouse, CloudWatch, Elasticsearch/OpenSearch, Graphite, Athena, Snowflake, Quickwit, and Pyroscope profiling, plus dashboards, alerting, incidents, Sift, and OnCall
highVerified: 2026-07-09
dashboard management reliability

Review of dashboard read/write tool design and Grafana API versioning behavior

Evidence
mcp-grafana README - dashboard tools โ€” Dashboard search, get, update, and panel-level tools with JSON-patch style updates; write operations reuse Grafana's versioned dashboard API so failed saves do not corrupt existing dashboards
mediumVerified: 2026-07-09
error recovery

Error-path and observability feature review

Evidence
mcp-grafana repository โ€” Errors from Grafana APIs are returned as structured tool errors; slow-request diagnostics, Prometheus metrics, and OpenTelemetry tracing help operators diagnose failures, though retry behavior is left to the client
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
authentication security

Authentication mechanism review across self-hosted and Grafana Cloud modes

Evidence
mcp-grafana README - authentication โ€” Authenticates with a Grafana service-account token (GRAFANA_SERVICE_ACCOUNT_TOKEN); tokens can be read from files for rotation in Kubernetes; TLS client/server certificates and host/origin validation supported for HTTP transports
Grafana Cloud MCP server docs โ€” Hosted Grafana Cloud MCP server (public preview) uses OAuth 2.1 over streamable HTTP, removing long-lived tokens for cloud users
highVerified: 2026-07-09
write action control

Capability analysis of write-capable tools and available restriction flags

Evidence
mcp-grafana README - configuration flags โ€” Mixed read/write surface (dashboards, alert rules, incidents, annotations, snapshots are writable) but a --disable-write flag provides read-only mode, and --enabled-tools / --disable-<category> flags allow fine-grained allowlisting; admin tools disabled by default
highVerified: 2026-07-09
credential exposure risk

Credential storage and scoping analysis for the stdio/local deployment model

Evidence
mcp-grafana README - setup โ€” Default local setup places a long-lived service-account token in client configuration or environment variables; scope depends on the roles granted to the service account rather than per-tool permissions
mediumVerified: 2026-07-09
infrastructure visibility risk

Visibility risk assessment of aggregated observability access

Evidence
Security analysis of observability MCP access โ€” An agent with datasource, dashboard, and alerting access can map infrastructure topology, service names, and alert thresholds; observability data frequently contains internal hostnames, IPs, and occasionally secrets leaked into logs
mediumVerified: 2026-07-09
audit logging

Audit and traceability review of server-side and Grafana-side logging

Evidence
mcp-grafana README - observability โ€” Server exposes Prometheus metrics and OpenTelemetry tracing/logging (OTLP) for MCP operations; actions performed via the Grafana API are attributable to the service account, with full audit logs available in Grafana Enterprise/Cloud
mediumVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
observability data exposure

Data flow analysis of query tool outputs

Evidence
MCP data flow architecture โ€” Metric series, log lines, trace spans, and dashboard definitions returned by tools are sent to the LLM provider as tool results
highVerified: 2026-07-09
log data privacy

Log privacy assessment; no built-in scrubbing identified

Evidence
Privacy analysis of Loki/Elasticsearch log access โ€” Application logs queried via Loki or Elasticsearch tools may contain PII, tokens, API keys, and other secrets accidentally logged by applications; the server performs no redaction
highVerified: 2026-07-09
self hosted data control

Deployment model and data residency review

Evidence
mcp-grafana README - deployment โ€” Server runs locally or in-cluster (binary, Docker, Helm chart) against self-hosted Grafana; no data passes through Grafana Labs infrastructure unless using Grafana Cloud
highVerified: 2026-07-09
third party data sharing

Data sharing pathway analysis

Evidence
MCP client documentation โ€” Observability data is shared only with the connected LLM provider per that provider's privacy policy; the open-source server itself sends no telemetry to Grafana Labs
mediumVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review

Evidence
mcp-grafana README and Grafana docs โ€” Full tool reference, per-category enablement flags, transport configuration, RBAC permission documentation, and client setup guides maintained in both the repo and official Grafana documentation
highVerified: 2026-07-09
open source transparency

Source code and license review

Evidence
grafana/mcp-grafana repository โ€” Fully open source under Apache-2.0 with ~3.2k stars and 397 forks; public issue tracker and release notes; v0.17.1 released 2026-07-07
highVerified: 2026-07-09
operation visibility

Logging and traceability assessment

Evidence
mcp-grafana README - observability features โ€” Every action is an explicit named tool call; server ships Prometheus metrics, OpenTelemetry traces/logs, health checks, and slow-request diagnostics for inspecting agent behavior
highVerified: 2026-07-09
vendor credibility

Maintainer reputation and project health analysis

Evidence
Grafana Labs โ€” Officially maintained by Grafana Labs and embedded as the tool layer of Grafana Assistant in Grafana Cloud; frequent releases through July 2026
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of setup

Setup complexity assessment across deployment options

Evidence
mcp-grafana README - installation โ€” Install via release binary, Docker image, uvx, Go build, or Kubernetes Helm chart; requires creating a Grafana service account and token, adding some friction versus hosted OAuth servers
highVerified: 2026-07-09
feature coverage

Feature completeness assessment against observability workflow needs

Evidence
mcp-grafana tool reference โ€” 40+ tools covering dashboards, datasource queries (Prometheus, Loki, InfluxDB, ClickHouse, CloudWatch, Elasticsearch, Graphite, Athena, Snowflake, Quickwit, Pyroscope), alerting, Incident, Sift investigations, OnCall, annotations, snapshots, rendering, and deeplinks
highVerified: 2026-07-09
maintenance activity

Release cadence and commit activity analysis

Evidence
mcp-grafana releases โ€” v0.17.1 released 2026-07-07 with a rapid release cadence; active issue triage by the Grafana Labs team
highVerified: 2026-07-09
integration flexibility

Deployment and integration option review

Evidence
mcp-grafana README - transports โ€” Three transports (stdio, SSE, streamable HTTP), Helm chart for in-cluster deployment, category-selectable tool enablement to control context size, and Grafana Cloud embedding via Grafana Assistant
highVerified: 2026-07-09
performance

Implementation and latency characteristics review

Evidence
mcp-grafana repository โ€” Go implementation with low overhead; response times dominated by underlying Grafana/datasource query latency; tool-category selection keeps context windows manageable
mediumVerified: 2026-07-09
Strengths
  • +Official Grafana Labs server, Apache-2.0, ~3.2k stars, rapid releases (v0.17.1 on 2026-07-07)
  • +40+ tools spanning Prometheus, Loki, and 9 more datasource types plus Incident, Sift, and OnCall
  • +Category-selectable tool enablement and --disable-write read-only mode limit blast radius
  • +Three transports (stdio, SSE, streamable HTTP) with TLS, Helm chart, and Kubernetes token rotation
  • +Self-hostable end to end: observability data need never transit vendor infrastructure
  • +Strong server-side observability: Prometheus metrics, OpenTelemetry traces, health checks
  • +Also embedded in Grafana Cloud as the tool layer for Grafana Assistant (OAuth 2.1 hosted preview)
Limitations
  • !Metric, log, and trace data flows into the LLM context and may contain secrets or PII
  • !Default write access to dashboards, alert rules, and incidents unless --disable-write is set
  • !Long-lived service-account token in client config for local setups (no OAuth outside Grafana Cloud)
  • !Agent can map internal infrastructure topology, hostnames, and alert thresholds
  • !No built-in redaction of sensitive values returned by log and trace queries
  • !Requires Grafana 9.0+; some datasource tools unavailable on older versions
  • !40+ tools can crowd the context window unless categories are pruned
Metadata
license: Apache-2.0
supported platforms
0: macOS, Linux, Windows (binary)
1: Docker
2: Kubernetes (Helm chart)
programming languages
0: Go
mcp version: 1.0
github repo: https://github.com/grafana/mcp-grafana
github stars: 3200
package version: 0.17.1
release date: 2026-07-07
api dependency: Grafana HTTP API (Grafana 9.0+)
authentication: Grafana service-account token (env var or file); OAuth 2.1 on hosted Grafana Cloud MCP (public preview)
remote endpoint: https://mcp.grafana.com/mcp (Grafana Cloud, public preview)
security controls
0: --disable-write read-only mode
1: --enabled-tools allowlist and per-category disable flags
2: TLS client/server certificates
3: host/origin validation for HTTP transports
first release: 2025
maintained by: Grafana Labs
status: Active
transport types
0: stdio
1: sse
2: streamable-http
installation methods
0: binary
1: docker
2: uvx
3: go install
4: helm

Use Case Ratings

code generation

Good for generating dashboards-as-code, alert rules, and PromQL/LogQL queries

customer support

Useful for investigating customer-reported latency or error spikes via metrics and logs

content creation

Limited applicability beyond dashboard and report generation

data analysis

Excellent for cross-datasource observability analytics, trend detection, and incident forensics

research assistant

Useful for researching system behavior and performance patterns

legal compliance

Risk of exposing infrastructure details and unscrubbed log data to the LLM

healthcare

PHI may leak through application logs and traces; requires strict log hygiene

financial analysis

Moderate risk when monitoring financial infrastructure; self-hosting helps

education

Excellent for teaching observability, PromQL, LogQL, and alerting practices

creative writing

Low relevance to creative writing workflows