Grafana MCP Server

80 tools. 20 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

20 can modify or destroy data
60 read-only
80 tools total

Community server · catalogue entry verified 01/07/2026

How to control Grafana MCP Server ↓

What Grafana MCP Server exposes to your agents

Read (60) Write / Execute (18) Destructive / Financial (2)
Critical Risk

The most dangerous Grafana MCP Server tools

20 of Grafana MCP Server's 80 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Grafana MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Grafana MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_alert_rule": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "annotate_test": {
    "limits": [
      {
        "counter": "annotate_test_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "build_logql_query": {
    "limits": [
      {
        "counter": "build_logql_query_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Grafana MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON GRAFANA →

Instant setup, no code required.

All 80 Grafana MCP Server tools

READ 60 tools
Read build_logql_query Help build a LogQL query with suggestions for log stream selectors and filters Read build_prometheus_query Help build a Prometheus query with suggestions for metric names and operators Read check_datasource_exists Check if a datasource exists by UID or name Read compare_builds Compare two firmware builds across all sensor types and profiles using baseline data. Read explore_sensor_metrics List all available Prometheus metric names on a sensor, grouped by subsystem. Read fingerprint_regression Combine performance verdict with live diagnostic data to fingerprint the root cause of a regression. Read forecast_max_rate Extrapolate the maximum sustainable traffic rate for a sensor based on current resource utilization. Read generate_dashboard_url Generate a URL for a specific dashboard with optional time range and variables Read generate_deeplink Generate a deeplink URL for Grafana dashboards, panels, or explore view Read generate_explore_url Generate a URL for the Explore view with optional datasource and query Read generate_loki_explore_url Generate an Explore URL for Loki log queries Read generate_panel_url Generate a URL for a specific panel with optional time range Read generate_prometheus_explore_url Generate an Explore URL for Prometheus queries with specific options Read get_alert_rule Get detailed information about a specific alert rule Read get_contact_point Get detailed information about a specific contact point Read get_current_organization Get current organization information Read get_current_user Get current user information Read get_dashboard_by_uid Get full dashboard details using its unique identifier Read get_dashboard_panel_queries Get the title, query string, and datasource information from every panel in a dashboard Read get_dashboard_versions Get version history for a dashboard Read get_datasource_by_name Get detailed information about a datasource using its name Read get_datasource_by_uid Get detailed information about a datasource using its UID Read get_datasources_by_type Get all datasources of a specific type (e.g., prometheus, loki, mysql) Read get_default_datasource Get the default datasource for the organization Read get_folder_by_uid Get folder details by UID Read get_loki_label_values Get all values for a specific label in a Loki datasource Read get_loki_labels Get all label names available in a Loki datasource Read get_loki_series Get series (label combinations) matching label selectors from a Loki datasource Read get_loki_stats Get statistics about ingestion and query performance from a Loki datasource Read get_prometheus_label_values Get all values for a specific label from a Prometheus datasource Read get_prometheus_labels Get all label names from a Prometheus datasource Read get_prometheus_metadata Get metadata for all metrics from a Prometheus datasource Read get_prometheus_series Find series matching label matchers from a Prometheus datasource Read get_team_by_uid Get team details by UID Read get_test_result Read the final result (Gbps, kpps, klogps, status) from a RAMP test run. Read get_test_vitals Read all VITAL metric samples from a RAMP test run (time-series data). Read get_time_range_presets Get common time range presets for Grafana Read ixia_status Check the current status of an Ixia traffic replayer (running/stopped, rate, test model). Read list_alert_rule_groups List all alert rule groups Read list_alert_rules List all alert rules in Grafana Read list_api_keys List all API keys Read list_baselines List available builds and profiles from baselines.json. Read list_contact_points List all notification contact points Read list_datasources List all configured datasources with their details Read list_folders List all folders Read list_service_accounts List all service accounts Read list_teams List all teams in the organization Read list_test_runs List RAMP test runs from the results directory. Filter by date or sensor name. Read list_users List all users in the organization Read predict_firmware_impact Analyze historical baseline data to predict how the next firmware build will affect performance. Read preflight_risk Assess whether a sensor is ready for a RAMP test by checking for existing drops, Read search_dashboards Search for dashboards by title, tags, or other metadata Read sensor_performance_verdict Compare live sensor metrics against a baseline build and return a structured verdict. Read sensor_status Get live performance snapshot for a sensor: Gbps, kpps, klogps, drop rates, Read sensor_trend Show a sensor type\ Read summarize_run Get a complete summary of a RAMP test run including metadata, final result, vital count, and error status. Read test_datasource_connection Test the connection to a datasource by UID Read test_status Check the status of RAMP tests running on the RAMP server (lists active tmux sessions). Read validate_time_range Validate a time range for Grafana usage Read watch_test Monitor a sensor during a RAMP test, polling metrics at a configurable interval.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Grafana MCP Server

Can an AI agent delete data through the Grafana MCP Server MCP server? +

Yes. The Grafana MCP Server server exposes 2 destructive tools including delete_alert_rule, delete_dashboard. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Grafana MCP Server? +

The Grafana MCP Server server has 6 write tools including annotate_test, create_alert_rule, deploy_ramp_dashboard. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Grafana MCP Server.

How many tools does the Grafana MCP Server MCP server expose? +

80 tools across 4 categories: Destructive, Execute, Read, Write. 60 are read-only. 20 can modify, create, or delete data.

How do I enforce a policy on Grafana MCP Server? +

Register the Grafana MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Grafana MCP Server tool call.

Deterministic rules across all 80 Grafana MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

80 Grafana MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.