Command-line flags

The mcp-grafana binary accepts flags for transports, tools, TLS, and observability. Run mcp-grafana --help for the exact list in your installed build.

What you’ll achieve

You can look up defaults, choose --disable-* flags, or configure TLS without reading the source.

Before you begin

You need a way to run mcp-grafana on your machine—for example, a release binary, uvx, or a container.

Configure transport and HTTP options

-t / --transport: Transport type (stdio, sse, or streamable-http). Default: stdio.
--address: Host and port for the SSE or streamable-http server. Default: localhost:8000.
--base-path: Base path for the SSE or streamable-http server.
--endpoint-path: HTTP path for the streamable-http MCP endpoint. Default: /mcp.
--session-idle-timeout-minutes: Idle timeout for streamable-http sessions, in minutes. Sessions with no activity for this duration are automatically reaped. Set to 0 to disable. Default: 30.

Configure debug and logging

--debug: Enable debug mode for detailed HTTP request and response logging to and from the Grafana API.
--log-level: Log level (debug, info, warn, error). Default: info.

Configure observability endpoints

--metrics: Expose a Prometheus metrics endpoint at /metrics (SSE and streamable-http only).
--metrics-address: Optional separate listen address for metrics (for example, :9090). If empty, metrics are served on the main HTTP server.

Configure tool categories

--enabled-tools: Comma-separated list of enabled tool categories. The default is exactly:
search,datasource,incident,prometheus,loki,alerting,dashboard,folder,oncall,asserts,sift,pyroscope,navigation,proxied,annotations,rendering
Categories not in that default string are off until you add them, including: admin, elasticsearch, cloudwatch, examples, clickhouse, searchlogs, and runpanelquery. Pass a full comma-separated list to replace the default entirely, or use --disable-* flags to turn off pieces of the default set.
--disable-search: Disable search tools.
--disable-datasource: Disable datasource tools.
--disable-incident: Disable incident tools.
--disable-prometheus: Disable Prometheus tools.
--disable-write: Disable write tools (read-only mode; refer to the following section).
--disable-loki: Disable Loki tools.
--disable-elasticsearch: Disable Elasticsearch tools.
--disable-alerting: Disable alerting tools.
--disable-dashboard: Disable dashboard tools.
--disable-folder: Disable folder tools.
--disable-oncall: Disable OnCall tools.
--disable-asserts: Disable Asserts tools.
--disable-sift: Disable Sift tools.
--disable-admin: Disable admin tools.
--disable-pyroscope: Disable Pyroscope tools.
--disable-navigation: Disable navigation (deeplink) tools.
--disable-rendering: Disable rendering tools (panel or dashboard image export).
--disable-cloudwatch: Disable CloudWatch tools.
--disable-examples: Disable query examples tools.
--disable-clickhouse: Disable ClickHouse tools.
--disable-searchlogs: Disable search logs tools.
--disable-runpanelquery: Disable run panel query tools.
--disable-annotations: Disable annotation tools.
--disable-proxied: Disable proxied tools (tools from external MCP servers).

Configure tool limits

--max-loki-log-limit: Maximum number of log lines returned per query_loki_logs call.

Run in read-only mode

--disable-write prevents write operations to Grafana. Use it with read-only service accounts, safer production assistants, or to avoid accidental changes.

When enabled, the following writes are disabled:

Dashboard tools