Grafana-MCP grafana/mcp-grafana:latest https://hub.docker.com/r/grafana/mcp-grafana bridge false sh --restart=unless-stopped https://github.com/paulmeier/mcp-grafana-unraid/issues https://github.com/grafana/mcp-grafana Productivity: Tools:Utilities Network:Management https://raw.githubusercontent.com/paulmeier/mcp-grafana-unraid/main/icons/mcp-grafana.png https://raw.githubusercontent.com/paulmeier/mcp-grafana-unraid/main/templates/mcp-grafana.xml http://[IP]:[PORT:8000]/healthz /appdata/.tailscale_state Grafana MCP is the official Model Context Protocol server from Grafana Labs. It exposes your Grafana instance to AI assistants and other MCP clients through a single endpoint, so a client such as Claude can search dashboards, run Prometheus and Loki queries, inspect datasources, review alert rules and incidents, explore profiles, and more, using scoped tools instead of raw API calls. The container runs the server in SSE transport mode on port 8000 and serves the MCP endpoint at /sse. It needs a reachable Grafana instance and a Grafana service account token to authenticate. This is a headless server with no browsable web interface: point your MCP client at http://[UNRAID-IP]:8000/sse. A running Grafana instance that this container can reach over the network, plus a Grafana service account token. Create the token in Grafana under Administration, then Users and access, then Service accounts, granting the service account only the roles you want the MCP server to be able to use. In the Grafana URL field use the Grafana host LAN IP or container name, not localhost, which inside the container points back at the MCP server itself. grafana mcp model context protocol ai llm claude anthropic observability dashboards prometheus loki alerts incidents sse streamable http grafana labs 8000 http://GRAFANA-HOST-IP:3000 /mnt/user/appdata/mcp-grafana Grafana MCP is the official Model Context Protocol server from Grafana Labs. It exposes your Grafana instance to AI assistants and other MCP clients through a single endpoint, so a client such as Claude can search dashboards, run Prometheus and Loki queries, inspect datasources, review alert rules and incidents, explore profiles, and more, using scoped tools instead of raw API calls. WHAT YOU NEED 1. A running Grafana instance this container can reach over your network. 2. A Grafana service account token. Create it in Grafana under Administration, then Users and access, then Service accounts. Give the service account only the roles you want the MCP server to be able to use. CONFIGURE Set Grafana URL to the full address of your Grafana, including scheme and port, for example http://192.168.1.10:3000 . Do not use localhost or 127.0.0.1, because inside the container those refer to the MCP server itself. If Grafana is another Docker container on this same host, use the Unraid host LAN IP with the published Grafana port, or place both containers on one custom Docker network and use the Grafana container name. Paste your token into Grafana Service Account Token and Apply. CONNECTING A CLIENT The container runs in SSE transport mode on port 8000. Point your MCP client at http://[UNRAID-IP]:8000/sse . A liveness endpoint is available at http://[UNRAID-IP]:8000/healthz , which is what the WebUI button opens. There is no browsable web interface. To use the newer streamable HTTP transport instead, add a Post Argument of --transport streamable-http in the Docker editor, then connect your client to http://[UNRAID-IP]:8000/mcp . TAILSCALE This template supports Unraid built-in Tailscale integration so the server can join your tailnet as its own device and be reached privately without opening any ports. Edit the container, switch to Advanced View, toggle Use Tailscale on, set a hostname, and Apply, then open the container log and click the authentication link. The template declares the Tailscale state directory inside the mapped Appdata volume so the machine identity survives updates and you avoid the Couldn't detect persistent Docker directory error. The image already ships ca-certificates, which the Unraid Tailscale hook needs. SECURITY The MCP server can do anything the service account token allows, so scope the token to the least privilege you need. The SSE endpoint has no authentication of its own, so keep it on your LAN or behind Tailscale rather than exposing it directly to the internet. Project: https://github.com/grafana/mcp-grafana