MCP KQL

v1.0.0Databasesstable

Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.

aicagdataexplorerkqlkql-threathunting
Share:
23
Stars
0
Downloads
0
Weekly
0/5

What is MCP KQL?

MCP KQL is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to kusto and log analytics mcp server help you execute a kql (kusto query language) query within an ai prompt, analyze, and visualize the data.

Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.

This server falls under the Databases category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Kusto and Log Analytics MCP server help you execute a KQL (K

Use Cases

Kusto query execution
Log Analytics analysis
Azure data visualization
4R9UN

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 9, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-kql

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP KQL

MCP KQL Server bridges AI assistants and Azure Data Explorer or Log Analytics workspaces, letting you execute Kusto Query Language (KQL) queries from natural language prompts without leaving your AI client. It connects via Azure CLI authentication, discovers and caches table schemas automatically, and returns results in JSON, CSV, or table format. Security analysts, data engineers, and cloud operators use it to accelerate threat hunting, log analysis, and telemetry exploration without manually constructing complex KQL syntax.

Prerequisites

  • Python 3.9+ with pip installed
  • Azure CLI installed and authenticated (az login) with access to at least one Kusto cluster or Log Analytics workspace
  • An MCP-compatible client such as Claude Desktop or VS Code with an MCP extension
  • Network access to the target Kusto or Log Analytics endpoint
1

Install the mcp-kql-server package

Install directly from PyPI using pip. This pulls in all required dependencies including the Azure Kusto SDK.

pip install mcp-kql-server
2

Authenticate with Azure CLI

The server uses your existing Azure CLI credentials. Log in and verify you can reach the target cluster before configuring the MCP server.

az login
# Verify access to a cluster:
az kusto cluster show --name <cluster-name> --resource-group <rg>
3

Test the server from the command line

Run the server in info mode to confirm it starts correctly and reports the installed version.

python -m mcp_kql_server --info --json
4

Configure your MCP client

Add the mcp-kql-server entry to your Claude Desktop configuration file. Optionally set MCP_KQL_AUTH_ON_STARTUP=true to validate Azure credentials at launch.

{
  "mcpServers": {
    "mcp-kql": {
      "command": "python",
      "args": ["-m", "mcp_kql_server"],
      "env": {
        "MCP_KQL_AUTH_ON_STARTUP": "true"
      }
    }
  }
}
5

Discover schemas and run your first query

Ask Claude to discover schemas for a cluster, then execute a KQL query. The server caches schemas in SQLite for fast subsequent lookups.

MCP KQL Examples

Client configuration

Claude Desktop configuration for mcp-kql-server with startup auth validation.

{
  "mcpServers": {
    "mcp-kql": {
      "command": "python",
      "args": ["-m", "mcp_kql_server"],
      "env": {
        "MCP_KQL_AUTH_ON_STARTUP": "true",
        "MCP_KQL_AUTH_CHECK_TIMEOUT_SECONDS": "15"
      }
    }
  }
}

Prompts to try

Example prompts demonstrating KQL query execution and schema discovery.

- "Execute this KQL query against help.kusto.windows.net: StormEvents | summarize count() by State | top 10 by count_"
- "Discover and cache schemas for the Samples database on help.kusto.windows.net"
- "Show me all tornado events from 2007 in StormEvents where property damage exceeded $1 million"
- "Query my Log Analytics workspace for failed sign-in events in the last 24 hours"
- "Analyze the top 5 error types from the AppExceptions table and visualize the results"

Troubleshooting MCP KQL

Authentication error on startup or during query execution

Run az login in your terminal to refresh credentials. If using a service principal, set the appropriate AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID environment variables. Increase MCP_KQL_AUTH_CHECK_TIMEOUT_SECONDS if auth is slow.

SQLite busy error when running concurrent queries

Increase the SQLite lock timeout by setting MCP_KQL_SQLITE_BUSY_TIMEOUT_MS to a higher value (e.g., 60000). This prevents timeout errors on slower machines or when multiple Claude sessions run simultaneously.

Server does not appear in Claude after configuration

Confirm python -m mcp_kql_server runs without error in a terminal with the same Python environment. Check that the command in the config points to the correct Python executable (use the full path if multiple versions are installed).

Frequently Asked Questions about MCP KQL

What is MCP KQL?

MCP KQL is a Model Context Protocol (MCP) server that kusto and log analytics mcp server help you execute a kql (kusto query language) query within an ai prompt, analyze, and visualize the data. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP KQL?

Follow the installation instructions on the MCP KQL GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP KQL?

MCP KQL works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP KQL free to use?

Yes, MCP KQL is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Browse More Databases MCP Servers

Explore all databases servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-kql": { "command": "npx", "args": ["-y", "mcp-kql"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP KQL?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides