Back to Browse
Free
Server data from the Official MCP Registry
Query and analyze GreptimeDB metrics, logs and traces via SQL, TQL and RANGE queries.
About
Query and analyze GreptimeDB metrics, logs and traces via SQL, TQL and RANGE queries.
Security Report
5.6
Moderate5.6Moderate RiskValid MCP server (1 strong, 4 medium validity signals). 1 code issue detected. 8 known CVEs in dependencies (0 critical, 3 high severity) Imported from the Official MCP Registry. 2 finding(s) downgraded by scanner intelligence.
4 files analyzed · 10 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
GreptimeDB host address
Environment variable: GREPTIMEDB_HOST
GreptimeDB MySQL protocol port (default: 4002)
Environment variable: GREPTIMEDB_PORT
Database username
Environment variable: GREPTIMEDB_USER
Database passwordRequired
Environment variable: GREPTIMEDB_PASSWORD
Database name to connect to
Environment variable: GREPTIMEDB_DATABASE
Session timezone (default: UTC)
Environment variable: GREPTIMEDB_TIMEZONE
Connection pool size (default: 5)
Environment variable: GREPTIMEDB_POOL_SIZE
HTTP API port for pipeline management (default: 4000)
Environment variable: GREPTIMEDB_HTTP_PORT
HTTP protocol for pipeline API: http or https (default: http)
Environment variable: GREPTIMEDB_HTTP_PROTOCOL
Enable sensitive data masking (default: true)
Environment variable: GREPTIMEDB_MASK_ENABLED
Additional column name patterns for data masking (comma-separated)
Environment variable: GREPTIMEDB_MASK_PATTERNS
Enable audit logging for tool invocations (default: true)
Environment variable: GREPTIMEDB_AUDIT_ENABLED
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-greptimeteam-greptimedb-mcp-server": {
"env": {
"GREPTIMEDB_HOST": "your-greptimedb-host-here",
"GREPTIMEDB_PORT": "your-greptimedb-port-here",
"GREPTIMEDB_USER": "your-greptimedb-user-here",
"GREPTIMEDB_DATABASE": "your-greptimedb-database-here",
"GREPTIMEDB_PASSWORD": "your-greptimedb-password-here",
"GREPTIMEDB_TIMEZONE": "your-greptimedb-timezone-here",
"GREPTIMEDB_HTTP_PORT": "your-greptimedb-http-port-here",
"GREPTIMEDB_POOL_SIZE": "your-greptimedb-pool-size-here",
"GREPTIMEDB_MASK_ENABLED": "your-greptimedb-mask-enabled-here",
"GREPTIMEDB_AUDIT_ENABLED": "your-greptimedb-audit-enabled-here",
"GREPTIMEDB_HTTP_PROTOCOL": "your-greptimedb-http-protocol-here",
"GREPTIMEDB_MASK_PATTERNS": "your-greptimedb-mask-patterns-here"
},
"args": [
"greptimedb-mcp-server"
],
"command": "uvx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
greptimedb-mcp-server
A Model Context Protocol (MCP) server for GreptimeDB — an open-source observability database that handles metrics, logs, and traces in one engine.
Enables AI assistants to query and analyze GreptimeDB using SQL, TQL (PromQL-compatible), and RANGE queries, with built-in security features like read-only enforcement and data masking.
Quick Start
# Install
pip install greptimedb-mcp-server
# Run (connects to localhost:4002 by default)
greptimedb-mcp-server --host localhost --database public
For Claude Desktop, add this to your config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"greptimedb": {
"command": "greptimedb-mcp-server",
"args": ["--host", "localhost", "--database", "public"]
}
}
}
Features
Tools
| Tool | Description |
|---|---|
execute_sql | Execute SQL queries with format (csv/json/markdown) and limit options |
execute_tql | Execute TQL (PromQL-compatible) queries for time-series analysis |
query_range | Execute time-window aggregation queries with RANGE/ALIGN syntax |
describe_table | Get table schema including column names, types, and constraints |
explain_query | Analyze SQL or TQL query execution plans |
health_check | Check database connection status and server version |
Pipeline Management
| Tool | Description |
|---|---|
list_pipelines | List all pipelines or get details of a specific pipeline |
create_pipeline | Create a new pipeline with YAML configuration |
dryrun_pipeline | Test a pipeline with sample data without writing to database |
delete_pipeline | Delete a specific version of a pipeline |
Dashboard Management
| Tool | Description |
|---|---|
list_dashboards | List all Perses dashboard definitions |
create_dashboard | Create or update a Perses dashboard definition |
delete_dashboard | Delete a dashboard definition |
Resources & Prompts
- Resources: Browse tables via
greptime://<table>/dataURIs - Prompts: Built-in templates for common tasks —
pipeline_creator,log_pipeline,metrics_analysis,promql_analysis,iot_monitoring,trace_analysis,table_operation
For LLM integration and prompt usage, see docs/llm-instructions.md.
Configuration
Environment Variables
GREPTIMEDB_HOST=localhost # Database host
GREPTIMEDB_PORT=4002 # MySQL protocol port (default: 4002)
GREPTIMEDB_USER=root # Database user
GREPTIMEDB_PASSWORD= # Database password
GREPTIMEDB_DATABASE=public # Database name
GREPTIMEDB_TIMEZONE=UTC # Session timezone
# Optional
GREPTIMEDB_HTTP_PORT=4000 # HTTP API port for pipeline/dashboard management
GREPTIMEDB_HTTP_PROTOCOL=http # HTTP protocol (http/https)
GREPTIMEDB_POOL_SIZE=5 # Connection pool size
GREPTIMEDB_MASK_ENABLED=true # Enable sensitive data masking
GREPTIMEDB_MASK_PATTERNS= # Additional patterns (comma-separated)
GREPTIMEDB_AUDIT_ENABLED=true # Enable audit logging
# Transport (for HTTP server mode)
GREPTIMEDB_TRANSPORT=stdio # stdio, sse, or streamable-http
GREPTIMEDB_LISTEN_HOST=0.0.0.0 # HTTP server bind host
GREPTIMEDB_LISTEN_PORT=8080 # HTTP server bind port
GREPTIMEDB_ALLOWED_HOSTS= # DNS rebinding protection (comma-separated)
GREPTIMEDB_ALLOWED_ORIGINS= # CORS allowed origins (comma-separated)
CLI Arguments
greptimedb-mcp-server \
--host localhost \
--port 4002 \
--database public \
--user root \
--password "" \
--timezone UTC \
--pool-size 5 \
--mask-enabled true \
--transport stdio
HTTP Server Mode
For containerized or Kubernetes deployments. Requires mcp>=1.8.0:
# Streamable HTTP (recommended for production)
greptimedb-mcp-server --transport streamable-http --listen-port 8080
# SSE mode (legacy)
greptimedb-mcp-server --transport sse --listen-port 3000
DNS Rebinding Protection
By default, DNS rebinding protection is disabled for compatibility with proxies, gateways, and Kubernetes services. To enable it, use --allowed-hosts:
# Enable DNS rebinding protection with allowed hosts
greptimedb-mcp-server --transport streamable-http \
--allowed-hosts "localhost:*,127.0.0.1:*,my-service.namespace:*"
# With custom allowed origins for CORS
greptimedb-mcp-server --transport streamable-http \
--allowed-hosts "my-service.namespace:*" \
--allowed-origins "http://localhost:*,https://my-app.example.com"
# Or via environment variables
GREPTIMEDB_ALLOWED_HOSTS="localhost:*,my-service.namespace:*" \
GREPTIMEDB_ALLOWED_ORIGINS="http://localhost:*" \
greptimedb-mcp-server --transport streamable-http
If you encounter 421 Invalid Host Header errors, either disable protection (default) or add your host to the allowed list.
Security
Read-Only Database User (Recommended)
Create a read-only user in GreptimeDB using static user provider:
mcp_readonly:readonly=your_secure_password
Application-Level Security Gate
All queries go through a security gate that:
- Blocks: DROP, DELETE, TRUNCATE, UPDATE, INSERT, ALTER, CREATE, GRANT, REVOKE, EXEC, LOAD, COPY
- Blocks: Encoded bypass attempts (hex, UNHEX, CHAR)
- Allows: SELECT, SHOW, DESCRIBE, TQL, EXPLAIN, UNION
Data Masking
Sensitive columns are automatically masked (******) based on column name patterns:
- Authentication:
password,secret,token,api_key,credential - Financial:
credit_card,cvv,bank_account - Personal:
ssn,id_card,passport
Configure with --mask-patterns phone,email to add custom patterns.
Audit Logging
All tool invocations are logged:
2025-12-10 10:30:45 - greptimedb_mcp_server.audit - INFO - [AUDIT] execute_sql | query="SELECT * FROM cpu LIMIT 10" | success=True | duration_ms=45.2
Disable with --audit-enabled false.
Development
# Clone and setup
git clone https://github.com/GreptimeTeam/greptimedb-mcp-server.git
cd greptimedb-mcp-server
uv venv && source .venv/bin/activate
uv sync
# Run tests
pytest
# Format & lint
uv run black .
uv run flake8 src
# Debug with MCP Inspector
npx @modelcontextprotocol/inspector uv --directory . run -m greptimedb_mcp_server.server
License
MIT License - see LICENSE.md.
Acknowledgement
Inspired by:
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
3
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
114
Stars
404
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
55
Installs
10.0
Security
5.0
Local