What are the requirements for Overwatch MCP?

Overwatch MCP requires the following environment variables: GRAYLOG_URL (required), GRAYLOG_TOKEN (required), PROMETHEUS_URL (required), INFLUXDB_URL (required), INFLUXDB_TOKEN (required), INFLUXDB_ORG (required). You'll also need a compatible MCP client like Claude Desktop or Claude Code.

Is Overwatch MCP free to use?

Yes, Overwatch MCP is open source and free to use. You can find the source code on GitHub.

What MCP clients support Overwatch MCP?

Overwatch MCP works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure Overwatch MCP?

Configure Overwatch MCP by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

Overwatch MCP MCP Server

Q: What tools does Overwatch MCP provide?

graylog_search: Search logs (Lucene syntax). graylog_fields: List log fields. prometheus_query: Instant PromQL query. prometheus_query_range: Range PromQL query. prometheus_metrics: List metrics. influxdb_query: Flux query (bucket allowlisted).

Q: How do I install Overwatch MCP?

Install Overwatch MCP by running: curl -fsSL https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/setup.sh | bash cd Overwatch_MCP docker compose up -d

curl -fsSL https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/setup.sh | bash
cd Overwatch_MCP
docker compose up -d

README.md

MCP server for querying Graylog, Prometheus, and InfluxDB 2.x from Claude Desktop.

Overwatch MCP

MCP server for querying Graylog, Prometheus, and InfluxDB 2.x from Claude Desktop.

Tools

Tool	What it does
`graylog_search`	Search logs (Lucene syntax)
`graylog_fields`	List log fields
`prometheus_query`	Instant PromQL query
`prometheus_query_range`	Range PromQL query
`prometheus_metrics`	List metrics
`influxdb_query`	Flux query (bucket allowlisted)

Quick Start

One-Line Setup (Docker)

curl -fsSL https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/setup.sh | bash
cd Overwatch_MCP
# Edit .env and config.yaml with your values
docker compose up -d

Manual Setup (Docker)

# Download compose files
mkdir -p Overwatch_MCP && cd Overwatch_MCP
curl -fsSLO https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/docker-compose.yml
curl -fsSLO https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/.env.example
curl -fsSLO https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/config.example.yaml

# Create config from templates
cp .env.example .env
cp config.example.yaml config.yaml

# Edit .env with your credentials
# Edit config.yaml if needed (adjust allowed_buckets, limits, etc.)

# Run
docker compose up -d

Local Install

pip install -e .
cp .env.example .env
cp config/config.example.yaml config/config.yaml
# Edit both files with your values
python -m overwatch_mcp

Claude Desktop Config

Docker

~/.claude/config.json (Linux/Mac) or %APPDATA%\Claude\config.json (Windows):

{
  "mcpServers": {
    "overwatch": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-v", "/path/to/config:/app/config:ro",
        "--env-file", "/path/to/.env",
        "ghcr.io/malindarathnayake/Overwatch-mcp:latest"
      ]
    }
  }
}

Local Python

{
  "mcpServers": {
    "overwatch": {
      "command": "python",
      "args": ["-m", "overwatch_mcp"],
      "env": {
        "GRAYLOG_URL": "https://graylog.internal:9000/api",
        "GRAYLOG_TOKEN": "your-token",
        "PROMETHEUS_URL": "http://prometheus.internal:9090",
        "INFLUXDB_URL": "https://influxdb.internal:8086",
        "INFLUXDB_TOKEN": "your-token",
        "INFLUXDB_ORG": "your-org"
      }
    }
  }
}

Windows PowerShell Setup

One-shot script to configure Claude Desktop on Windows:

# Stop Claude if running
Get-Process -Name "Claude*" -ErrorAction SilentlyContinue | Stop-Process -Force

$config = @'
{
  "mcpServers": {
    "overwatch": {
      "command": "C:/Users/<USERNAME>/AppData/Local/Microsoft/WindowsApps/python3.13.exe",
      "args": ["-m", "overwatch_mcp", "--config", "C:/path/to/Overwatch-mcp/compose/config.yaml"],
      "env": {
        "GRAYLOG_URL": "https://your-graylog-url",
        "GRAYLOG_TOKEN": "<YOUR_GRAYLOG_TOKEN>",
        "PROMETHEUS_URL": "http://your-prometheus-url:9090",
        "INFLUXDB_URL": "https://your-influxdb-url",
        "INFLUXDB_TOKEN": "<YOUR_INFLUXDB_TOKEN>",
        "INFLUXDB_ORG": "<YOUR_INFLUXDB_ORG>",
        "LOG_LEVEL": "debug",
        "LOG_FILE": "C:/path/to/Overwatch-mcp/overwatch.log"
      }
    }
  }
}
'@
[System.IO.File]::WriteAllText("$env:APPDATA\Claude\claude_desktop_config.json", $config)

# Install from source (run from repo root)
cd C:\path\to\Overwatch-mcp
pip install -e .

Note: Replace <USERNAME>, <YOUR_GRAYLOG_TOKEN>, <YOUR_INFLUXDB_TOKEN>, <YOUR_INFLUXDB_ORG>, and paths with your actual values.

Configuration

config.yaml

The config uses ${ENV_VAR} substitution - values come from environment at runtime.

server:
  log_level: "info"

datasources:
  graylog:
    enabled: true
    url: "${GRAYLOG_URL}"
    token: "${GRAYLOG_TOKEN}"
    timeout_seconds: 30
    max_time_range_hours: 24
    max_results: 1000
    # Production environments to filter on (auto-builds from known_applications.json)
    production_environments:
      - "prod"
      - "production"
    # Known apps file - auto-builds env filter from discovered data
    known_applications_file: "${GRAYLOG_KNOWN_APPS_FILE:-}"

  prometheus:
    enabled: true
    url: "${PROMETHEUS_URL}"
    timeout_seconds: 30
    max_range_hours: 168

  influxdb:
    enabled: true
    url: "${INFLUXDB_URL}"
    token: "${INFLUXDB_TOKEN}"
    org: "${INFLUXDB_

Tools (6)

graylog_searchSearch logs (Lucene syntax)

graylog_fieldsList log fields

prometheus_queryInstant PromQL query

prometheus_query_rangeRange PromQL query

prometheus_metricsList metrics

influxdb_queryFlux query (bucket allowlisted)

Environment Variables

GRAYLOG_URLrequiredGraylog API URL

GRAYLOG_TOKENrequiredGraylog authentication token

PROMETHEUS_URLrequiredPrometheus URL

INFLUXDB_URLrequiredInfluxDB URL

INFLUXDB_TOKENrequiredInfluxDB authentication token

INFLUXDB_ORGrequiredInfluxDB organization

Configuration

claude_desktop_config.json

{
  "mcpServers": {
    "overwatch": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-v", "/path/to/config:/app/config:ro",
        "--env-file", "/path/to/.env",
        "ghcr.io/malindarathnayake/Overwatch-mcp:latest"
      ]
    }
  }
}

Try it

→Search Graylog logs for 'error' in production environments over the last 6 hours using Lucene syntax.

→List all available fields in Graylog logs.

→Run a PromQL query for average CPU usage across all nodes in the last hour.

→Query Prometheus metrics to list all available metrics.

→Execute a Flux query on InfluxDB bucket for recent temperature sensor data.

Frequently Asked Questions

How do I install Overwatch MCP?

Install Overwatch MCP by running: curl -fsSL https://raw.githubusercontent.com/malindarathnayake/Overwatch-mcp/main/compose/setup.sh | bash cd Overwatch_MCP docker compose up -d

What MCP clients work with Overwatch MCP?

Overwatch MCP works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Overwatch MCP MCP Server

Overwatch MCP

Tools

Quick Start

One-Line Setup (Docker)

Manual Setup (Docker)

Local Install

Claude Desktop Config

Docker

Local Python

Windows PowerShell Setup

Configuration

config.yaml

Tools (6)

Environment Variables

Configuration

Try it

Frequently Asked Questions

Related MCP Servers