Manage Alerts

CRUD for real, persistent Kibana alerting rules — saved objects that keep running after the MCP session ends, evaluate on their schedule, and (if connected to actions) notify via Slack, email, webhook, etc. Rules created through this tool are tagged elastic-o11y-mcp by default so they're easy to find and clean up.

Prerequisites

• Kibana with Alerting enabled. No specific backend — works on any numeric metric field in any index pattern.
• Tool gating. This tool only registers when the operator has explicitly set a Kibana URL in the MCP install config. If kibana_url is blank the tool doesn't appear in the LLM's tool catalog at all — a deliberate feature so operators can run the server strictly read-only (no rule creation, and more importantly no rule deletion). If the user can't see manage-alerts, their server is read-only on purpose.
• A notification connector must be attached separately in Kibana for rules that should page someone. Without an action, rules fire silently (visible in Kibana → Alerts & Insights).