# Kibana MCP

> Kibana connects your observability stack directly to any AI agent. Use this MCP to manage Kibana spaces, discover dashboards, search index patterns, and automate configuration changes across your Elastic Stack. It lets you control everything from creating roles to copying saved objects without leaving the chat window.

## Overview
- **Category:** data-analytics
- **Price:** Free
- **Tags:** elastic-stack, dashboards, observability, data-visualization, kibana-api

## Description

Managing a large-scale monitoring platform like Kibana usually means jumping between dozens of tabs just to check settings or move visualizations. This MCP handles that complexity for you, letting your agent interact with your entire Elastic Stack through natural language commands. You can list and inspect spaces, find specific index patterns, or copy saved objects directly into different environments. Need to change permissions? Use the tools here to create, update, or delete roles and even provision new agents. It's about controlling your data infrastructure from a single chat window. Vinkius makes it simple: connect once with any MCP-compatible client, and you get instant access to all these critical management functions.

## Tools

### add_case_comment
Adds a comment directly to an existing case record.

### bulk_create_saved_objects
Creates multiple saved objects at once using a bulk operation.

### bulk_get_saved_objects
Retrieves details for several saved objects simultaneously in one call.

### bulk_update_saved_objects
Updates multiple existing saved objects efficiently using a bulk operation.

### copy_saved_objects
Duplicates and copies saved objects from one Kibana space to another.

### create_agent_policy
Generates a new policy that controls the behavior of an Elastic Agent.

### create_case
Creates a brand-new case record within the system.

### create_connector
Sets up and creates a new data connector source.

### create_data_view
Generates a specific view of the raw data for analysis purposes.

### create_enrollment_key
Creates a new key used to enroll agents into your system.

### create_or_update_role
Defines or modifies user roles and permissions within Kibana.

### create_rule
Creates a new alerting rule that triggers when metrics cross set thresholds.

### create_runtime_field
Adds or modifies a field in a data view without changing the original index structure.

### create_saved_object
Generates and saves a single object like an index pattern or dashboard.

### create_short_url
Creates a shortened, easily shareable URL for internal links.

### create_space
Establishes an entirely new, isolated Kibana workspace (space).

### delete_cases
Removes multiple case records from the system.

### delete_connector
Deletes an existing data connector source.

### delete_data_view
Permanently removes a specific data view from use.

### delete_role
Removes a defined user role and all associated permissions.

### delete_rule
Deactivates or removes an alerting rule that monitors metrics.

### delete_saved_object
Permanently deletes a saved object, such as an index pattern or visualization.

### delete_short_url
Removes a previously created short URL.

### delete_space
Deletes an entire Kibana workspace, removing all contained dashboards and objects.

### disable_rule
Turns off a specific alerting rule without deleting its configuration.

### enable_rule
Restores an alerting rule, allowing it to start monitoring metrics again.

### execute_connector
Triggers a manual run of a configured data connector action.

### export_saved_objects
Generates export files containing sets of saved objects for archival or migration.

### find_rules
Searches the system to list all existing alerting rules and their status.

### find_saved_objects
Searches across your instance for specific saved objects using natural language queries.

### get_agent
Retrieves detailed information about a specific Elastic Agent installation.

### get_case
Fetches all details for an individual case record.

### get_connector
Retrieves detailed metadata about a specific data connector source.

### get_data_view
Fetches the full configuration and definition of a particular data view.

### get_role
Retrieves all details about a specific Kibana user role, including permissions.

### get_rule
Fetches the current state and definition of an alerting rule.

### get_saved_object
Retrieves all metadata for a single, specified saved object type (like a dashboard or visualization).

### get_short_url
Gets the full details and destination URL of a short link.

### get_space
Retrieves all configuration details for a specific Kibana workspace.

### import_saved_objects
Imports multiple saved objects into the current space from an uploaded file.

### list_agent_policies
Lists all available agent policies that can be applied to your endpoints.

### list_agents
Provides a list of every Elastic Agent currently reporting into the system.

### list_connectors
Retrieves a complete catalog and status report of all connected data sources.

### list_data_views
Lists every available data view defined within your Kibana instance.

### list_enrollment_keys
Provides a list of all active enrollment keys for agent setup.

### list_roles
Lists every defined user role and their default permissions in Kibana.

### list_spaces
Gets a list of all available, top-level Kibana workspaces across the instance.

### resolve_import_errors
Checks and reports on any errors that occurred during a bulk import process.

### search_cases
Searches the case management system using keywords or filters to find relevant records.

### unenroll_agent
Removes a specific Elastic Agent from monitoring and reporting within the stack.

### update_cases
Modifies details for existing case records, such as changing status or adding notes.

### update_data_view
Makes modifications to an existing data view's definition and mapping settings.

### update_rule
Modifies the parameters, thresholds, or conditions of an active alerting rule.

### update_saved_object
Updates the configuration of any saved object, such as changing a dashboard's source data.

### update_space
Makes general modifications to an existing Kibana workspace's settings.

## Prompt Examples

**Prompt:** 
```
List all available Kibana spaces.
```

**Response:** 
```
I've retrieved the spaces. You have 3 spaces: 'Default', 'Engineering-Logs' (ID: eng-logs), and 'Security-Ops' (ID: sec-ops).
```

**Prompt:** 
```
Find all dashboards related to 'Network Traffic' in the 'Default' space.
```

**Response:** 
```
Searching... I found 2 dashboards: 'Global Network Traffic Overview' (ID: net-01) and 'VPC Flow Logs Analysis' (ID: vpc-02). Would you like the details for one of them?
```

**Prompt:** 
```
Get the details for the saved object of type 'index-pattern' with ID 'logs-*'.
```

**Response:** 
```
Fetching object... The index pattern 'logs-*' is configured with the time field '@timestamp' and contains 45 mapped fields. It was last updated on 2023-10-25.
```

## Capabilities

### Manage Kibana Spaces
List, create, or delete entire workspaces (spaces) to organize dashboards for different teams.

### Control Saved Objects
Create, read, update, and delete saved items like index patterns and visualizations across your instance.

### Automate Role Permissions
Manage user roles by creating or updating specific Kibana permissions to control who sees what data.

### Maintain Data Consistency
Copy saved objects between different spaces, ensuring your monitoring dashboards look the same in staging and production.

### Audit System Components
Retrieve full metadata for any object—like a data view or an agent policy—so you can understand its current configuration.

## Use Cases

### Migrating a Dashboard from Test to Prod
A SRE needs to move the 'API Latency Overview' dashboard from their testing space to the main production monitoring space. They ask the agent, and it runs `copy_saved_objects`, instantly making sure the dashboard is available in the correct location without manual clicking or file transfer.

### Auditing User Permissions for Compliance
A Platform Engineer must verify that only senior team members can see certain logs. They use `list_roles` to see all roles, and then ask the agent to run `get_role` on 'Security-Admins' to confirm they have access to the necessary data views.

### Fixing a Missing Index Pattern
A Data Analyst realizes that the new log source isn't appearing. They ask the agent to `find_saved_objects` using keywords like 'new service logs', and it points them to the exact index pattern they need, saving hours of searching.

### Scaling Up Observability Infrastructure
A DevOps lead needs to set up a dedicated workspace for a new product team. They instruct the agent to `create_space` and then immediately run `list_connectors` to ensure all necessary data sources are available in that fresh environment.

## Benefits

- Instead of manually navigating to the 'list spaces' section, you simply ask your agent for a list of all available Kibana workspaces. This lets you immediately see every environment you manage, like finding all team-specific areas.
- When you need consistency across environments, use `copy_saved_objects`. You can copy dashboards or index patterns between staging and production spaces with one command, guaranteeing that the view logic remains identical.
- If a dashboard is broken because of outdated permissions, you don't have to find the right admin role. The tools let you `create_or_update_role` directly, fixing access control instantly through conversation.
- Need to understand why something isn't showing up? You can use `get_saved_object` or `find_saved_objects` to pull all metadata on an index pattern, telling you its exact configuration and last updated time without clicking anything.
- Setting up a new alert used to be tedious. Now, the agent handles it; just tell it what metrics to watch, and use `create_rule` or `update_rule` to build and fine-tune alerts automatically.

## How It Works

The bottom line is that it turns complex, multi-step UI navigation into a single conversational request.

1. Subscribe to this MCP and provide your specific Kibana URL along with a valid API Key.
2. Connect the credentials to your AI client, giving your agent access to manage your Elastic environments.
3. Tell your agent exactly what you need done—for example, 'Find all dashboards related to networking in the Engineering-Logs space.' — and get the results.

## Frequently Asked Questions

**How do I list all available Kibana spaces using the Kibana MCP?**
You use `list_spaces` to get a complete catalog of every workspace. This command gives you an overview of your entire observability setup, helping you know exactly where to look for specific dashboards.

**Can I update my user roles with the Kibana MCP?**
Yes, you can modify permissions using `create_or_update_role`. This tool allows you to define or change what users and groups are allowed to view across your data views.

**What is the best way to move a dashboard between environments?**
Use the `copy_saved_objects` tool. It copies saved objects, ensuring that dashboards maintain their full configuration when moving from a test space to production.

**How do I find specific index patterns with the Kibana MCP?**
You use `find_saved_objects`. Simply describe what you're looking for, and the agent searches across your entire instance catalog for matching saved objects.

**Does the Kibana MCP help me manage alerting rules?**
Absolutely. You can find all existing alerts with `find_rules`, or modify them using `update_rule` if a threshold needs adjusting, ensuring your system always monitors critical metrics.