Sysdig
Sysdig MCP Server
What is Sysdig?
Sysdig is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to sysdig mcp server
Sysdig MCP Server
This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Sysdig MCP Server
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx sysdigConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Sysdig
The Sysdig MCP server is a Go-based server that connects Claude Desktop and other MCP clients to the Sysdig platform, enabling natural-language querying of Kubernetes monitoring data, container security findings, and custom Sysdig Query Language (SysQL) queries. It exposes tools for listing clusters, nodes, workloads, and pods; identifying top resource consumers; surfacing HTTP and network errors; and running ad-hoc SysQL queries against your Sysdig Monitor or Secure instance.
Prerequisites
- A Sysdig account with a valid API token (Monitor or Secure) that has metrics-data.read, risks.read, and sage.exec permissions
- Your Sysdig instance URL (e.g., https://us2.app.sysdig.com)
- One of: Go 1.20+, Docker, or a pre-built binary for your platform
- An MCP-compatible client such as Claude Desktop
Obtain your Sysdig API token
Log into your Sysdig instance, navigate to Settings > User Profile > API Token, and copy the token. Ensure the token has the required scopes: metrics-data.read, risks.read, and sage.exec.
Choose an installation method
You can run the server via Go, Docker, or a downloaded binary. The Docker method is recommended for most users as it requires no local Go installation.
# Docker (recommended)
docker pull ghcr.io/sysdiglabs/sysdig-mcp-server:latest
# Go
go run github.com/sysdiglabs/sysdig-mcp-server/cmd/server@latest
# Binary (Linux x86_64)
curl -L https://github.com/sysdiglabs/sysdig-mcp-server/releases/latest/download/sysdig-mcp-server_linux-amd64.tar.gz | tar xzSet required environment variables
The server requires two environment variables: your Sysdig instance host URL and your API token.
export SYSDIG_MCP_API_HOST=https://us2.app.sysdig.com
export SYSDIG_MCP_API_TOKEN=your_sysdig_api_tokenAdd to Claude Desktop configuration
Register the Sysdig MCP server in your Claude Desktop config, passing credentials as environment variables. This example uses the Docker image.
{
"mcpServers": {
"sysdig": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "SYSDIG_MCP_API_HOST",
"-e", "SYSDIG_MCP_API_TOKEN",
"ghcr.io/sysdiglabs/sysdig-mcp-server:latest"
],
"env": {
"SYSDIG_MCP_API_HOST": "https://us2.app.sysdig.com",
"SYSDIG_MCP_API_TOKEN": "your_sysdig_api_token"
}
}
}
}Restart Claude Desktop and test
Restart Claude Desktop and ask it to list your Kubernetes clusters to verify connectivity.
Sysdig Examples
Client configuration
Claude Desktop configuration using the Sysdig MCP Docker image with credentials injected via environment variables.
{
"mcpServers": {
"sysdig": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "SYSDIG_MCP_API_HOST",
"-e", "SYSDIG_MCP_API_TOKEN",
"ghcr.io/sysdiglabs/sysdig-mcp-server:latest"
],
"env": {
"SYSDIG_MCP_API_HOST": "https://us2.app.sysdig.com",
"SYSDIG_MCP_API_TOKEN": "your_sysdig_api_token"
}
}
}
}Prompts to try
Example prompts for Kubernetes monitoring and security investigation with the Sysdig MCP server.
- "List all Kubernetes clusters connected to my Sysdig account"
- "Show the top 10 pods with the most container restarts in the production cluster"
- "Which workloads are consuming the most CPU in cluster 'staging'?"
- "Show me the top 20 pods with the most HTTP errors in production"
- "Find pods in the production cluster that are underutilizing their CPU quota"
- "Generate and run a SysQL query to find containers with high memory usage"Troubleshooting Sysdig
Authentication error: 401 Unauthorized
Verify SYSDIG_MCP_API_HOST matches your actual Sysdig region URL (e.g., us2.app.sysdig.com vs eu1.app.sysdig.com). Regenerate your API token in Sysdig Settings and ensure it has the metrics-data.read, risks.read, and sage.exec scopes.
Docker image fails to start in Claude Desktop
Test the container manually: 'docker run --rm -e SYSDIG_MCP_API_HOST=... -e SYSDIG_MCP_API_TOKEN=... ghcr.io/sysdiglabs/sysdig-mcp-server:latest'. Ensure Docker Desktop is running and the image has been pulled successfully.
Kubernetes tools return empty results
Confirm that your Sysdig account has active Kubernetes integrations. In the Sysdig UI, navigate to Integrations > Kubernetes and verify at least one cluster agent is reporting data.
Frequently Asked Questions about Sysdig
What is Sysdig?
Sysdig is a Model Context Protocol (MCP) server that sysdig mcp server It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Sysdig?
Follow the installation instructions on the Sysdig GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Sysdig?
Sysdig works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Sysdig free to use?
Yes, Sysdig is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Sysdig Alternatives — Similar Monitoring & Observability Servers
Looking for alternatives to Sysdig? Here are other popular monitoring & observability servers you can use with Claude, Cursor, and VS Code.
Netdata
★ 78.9kReal-time infrastructure monitoring with metrics, logs, alerts, and ML-based anomaly detection.
Kubeshark
★ 11.9keBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
Mission Control
★ 4.9kSelf-hosted AI agent orchestration platform: dispatch tasks, run multi-agent workflows, monitor spend, and govern operations from one mission control dashboard.
Grafana
★ 3.0kThis MCP server enables natural-language querying of Grafana logs by automatically detecting log sources and service labels. It provides read-only access to log data with intelligent caching for efficient repeat queries.
Sentrux
★ 2.4kReal-time architectural sensor that helps AI agents close the feedback loop, enabling recursive self-improvement of code quality. Pure Rust.
OpenInference
★ 986OpenTelemetry Instrumentation for AI Observability
Browse More Monitoring & Observability MCP Servers
Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Sysdig in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Sysdig?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.