MCP KQL
Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.
What is MCP KQL?
MCP KQL is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to kusto and log analytics mcp server help you execute a kql (kusto query language) query within an ai prompt, analyze, and visualize the data.
Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.
This server falls under the Databases category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Kusto and Log Analytics MCP server help you execute a KQL (K
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-kqlConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP KQL
MCP KQL Server bridges AI assistants and Azure Data Explorer or Log Analytics workspaces, letting you execute Kusto Query Language (KQL) queries from natural language prompts without leaving your AI client. It connects via Azure CLI authentication, discovers and caches table schemas automatically, and returns results in JSON, CSV, or table format. Security analysts, data engineers, and cloud operators use it to accelerate threat hunting, log analysis, and telemetry exploration without manually constructing complex KQL syntax.
Prerequisites
- Python 3.9+ with pip installed
- Azure CLI installed and authenticated (az login) with access to at least one Kusto cluster or Log Analytics workspace
- An MCP-compatible client such as Claude Desktop or VS Code with an MCP extension
- Network access to the target Kusto or Log Analytics endpoint
Install the mcp-kql-server package
Install directly from PyPI using pip. This pulls in all required dependencies including the Azure Kusto SDK.
pip install mcp-kql-serverAuthenticate with Azure CLI
The server uses your existing Azure CLI credentials. Log in and verify you can reach the target cluster before configuring the MCP server.
az login
# Verify access to a cluster:
az kusto cluster show --name <cluster-name> --resource-group <rg>Test the server from the command line
Run the server in info mode to confirm it starts correctly and reports the installed version.
python -m mcp_kql_server --info --jsonConfigure your MCP client
Add the mcp-kql-server entry to your Claude Desktop configuration file. Optionally set MCP_KQL_AUTH_ON_STARTUP=true to validate Azure credentials at launch.
{
"mcpServers": {
"mcp-kql": {
"command": "python",
"args": ["-m", "mcp_kql_server"],
"env": {
"MCP_KQL_AUTH_ON_STARTUP": "true"
}
}
}
}Discover schemas and run your first query
Ask Claude to discover schemas for a cluster, then execute a KQL query. The server caches schemas in SQLite for fast subsequent lookups.
MCP KQL Examples
Client configuration
Claude Desktop configuration for mcp-kql-server with startup auth validation.
{
"mcpServers": {
"mcp-kql": {
"command": "python",
"args": ["-m", "mcp_kql_server"],
"env": {
"MCP_KQL_AUTH_ON_STARTUP": "true",
"MCP_KQL_AUTH_CHECK_TIMEOUT_SECONDS": "15"
}
}
}
}Prompts to try
Example prompts demonstrating KQL query execution and schema discovery.
- "Execute this KQL query against help.kusto.windows.net: StormEvents | summarize count() by State | top 10 by count_"
- "Discover and cache schemas for the Samples database on help.kusto.windows.net"
- "Show me all tornado events from 2007 in StormEvents where property damage exceeded $1 million"
- "Query my Log Analytics workspace for failed sign-in events in the last 24 hours"
- "Analyze the top 5 error types from the AppExceptions table and visualize the results"Troubleshooting MCP KQL
Authentication error on startup or during query execution
Run az login in your terminal to refresh credentials. If using a service principal, set the appropriate AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID environment variables. Increase MCP_KQL_AUTH_CHECK_TIMEOUT_SECONDS if auth is slow.
SQLite busy error when running concurrent queries
Increase the SQLite lock timeout by setting MCP_KQL_SQLITE_BUSY_TIMEOUT_MS to a higher value (e.g., 60000). This prevents timeout errors on slower machines or when multiple Claude sessions run simultaneously.
Server does not appear in Claude after configuration
Confirm python -m mcp_kql_server runs without error in a terminal with the same Python environment. Check that the command in the config points to the correct Python executable (use the full path if multiple versions are installed).
Frequently Asked Questions about MCP KQL
What is MCP KQL?
MCP KQL is a Model Context Protocol (MCP) server that kusto and log analytics mcp server help you execute a kql (kusto query language) query within an ai prompt, analyze, and visualize the data. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP KQL?
Follow the installation instructions on the MCP KQL GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP KQL?
MCP KQL works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP KQL free to use?
Yes, MCP KQL is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
MCP KQL Alternatives — Similar Databases Servers
Looking for alternatives to MCP KQL? Here are other popular databases servers you can use with Claude, Cursor, and VS Code.
Excelize
★ 20.6kGo language library for reading and writing Microsoft Excel™ (XLAM / XLSM / XLSX / XLTM / XLTX) spreadsheets
MCP Toolbox for Databases
★ 15.3kOpen source MCP server specializing in easy, fast, and secure tools for Databases.
DBHub
★ 2.8kA universal database gateway MCP server that enables AI assistants to connect to and query multiple databases (PostgreSQL, MySQL, MariaDB, SQL Server, SQLite) with support for schema exploration, SQL execution, and secure connections via SSH tunnels.
Tabularis
★ 2.1kA lightweight, cross-platform database client for developers. Supports MySQL, PostgreSQL and SQLite. Hackable with plugins. Built for speed, security, and aesthetics.
Postgres AI Guide
★ 1.7kMCP server and Claude plugin for Postgres skills and documentation. Helps AI coding tools generate better PostgreSQL code.
Anyquery
★ 1.7k🏎️ 🏠 ☁️ - Query more than 40 apps with one binary using SQL. It can also connect to your PostgreSQL, MySQL, or SQLite compatible database. Local-first and private by design.
Browse More Databases MCP Servers
Explore all databases servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP KQL in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP KQL?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.