This is documentation for the next version of Grafana documentation. For the latest stable release, go to the latest version.

Developer resources

Grafana MCP server

Configure

Enable and disable tools

Enterprise Open source

Enable and disable tools

You can limit which tools the server exposes (to reduce context window use or lock down capabilities) and run the server in read-only mode.

What you’ll achieve

You enable only the tool categories you need, or disable write operations globally with --disable-write.

Before you begin

The server installed and configured (Set up and Authentication).

Enable optional tool categories

Some tool categories are disabled by default:

runpanelquery – Run dashboard panel queries.
examples – Query examples for datasource types.
clickhouse – ClickHouse datasource tools.
cloudwatch – CloudWatch tools.
searchlogs – Search logs across ClickHouse and Loki.
elasticsearch – Elasticsearch query tool.
admin – Admin tools (teams, users, roles, permissions).

--enabled-tools replaces the default list, so to add an optional category you must pass the full set. For example, to keep the defaults and also enable runpanelquery and examples:

mcp-grafana --enabled-tools search,datasource,incident,prometheus,loki,alerting,dashboard,folder,oncall,asserts,sift,pyroscope,navigation,proxied,annotations,rendering,runpanelquery,examples

Refer to Command-line flags for the default list.

Disable tool categories

Use --disable-<category> to turn off a whole category (for example, --disable-oncall, --disable-alerting, --disable-dashboard). For every flag, read-only behavior, and TLS-related flags, refer to Command-line flags.

For tools that come from external MCP servers through Grafana (for example from Grafana Tempo), refer to Proxied tools.

Run in read-only mode

Use --disable-write to disable all write operations. The server can still read dashboards, run queries, and list resources, but it cannot create or update dashboards, incidents, alert rules, annotations, or investigations.