Back to Home

Elastic Serverless setup

o11ybot talks to your deployment’s MCP endpoint using a Kibana API key. You normally do not need to create a custom Agent Builder agent: use the same MCP URL and credentials as any other MCP client. Built-in agents you see in Kibana (for example Observability or Elastic AI) share the one MCP server URL per space—the app never asks you to pick a row from that list.

Quick start (MCP URL + API key)

  1. In Kibana, open Agent Builder Tools and use Copy MCP Server URL (see Elastic docs: Copy your MCP server URL). The URL ends with /api/agent_builder/mcp (include /s/your-space/ if you use a non-default space).
  2. Create a Kibana API key with Agent Builder access and read privileges on the indices you want to query (same pattern as Elastic’s MCP server documentation).
  3. In o11ybot Settings, paste the MCP URL and API key, then use Test Connection. The app calls platform_core_execute_esql—if that succeeds, you are done.

Optional: provisioning script

Run the script below if you want a dedicated agent id o11ybot-mcp with a fixed tool list, for automation/CI, or if Test Connection indicates tools are missing. It is not required for most users who already have Agent Builder enabled on Serverless.

Prerequisites (script only)

  • Node.js 18+ (includes fetch)
  • Your Kibana base URL, e.g. https://<deployment>.kb.<region>.<cloud>.elastic.cloud
  • A Kibana API key with access to Agent Builder and read access to your data (same key you paste into the app)

1. Get the script (no GitHub)

The provisioning script is hosted here so you do not need access to the o11ybot source repository. Download or pipe it with curl:

Download provision-o11ybot-mcp.mjs (same file as below)

# Save to the current directory
curl -fsSL https://o11ybot.app/provision-o11ybot-mcp.mjs -o provision-o11ybot-mcp.mjs
# Or one line: download and run (after setting env vars in step 2)
curl -fsSL https://o11ybot.app/provision-o11ybot-mcp.mjs -o provision-o11ybot-mcp.mjs && node provision-o11ybot-mcp.mjs

2. Run provisioning (optional)

Set your Kibana URL and API key, then run the script. It creates o11ybot-mcp if it does not exist, or updates its tools if it does.

export KIBANA_URL='https://your-deployment.kb.region.cloud.elastic.cloud'
export KIBANA_API_KEY='your-kibana-api-key'
node provision-o11ybot-mcp.mjs

Optional flags: --prefer-existing to use an existing agent that already has ES|QL (no create); --smoke-test to verify MCP with a tiny ES|QL call.

CI/CD: pin the URL https://o11ybot.app/provision-o11ybot-mcp.mjs and run the same Node command after exporting credentials.

3. Configure the iOS app

In Settings, set:

  • Serverless project → Profile — choose Observability, Security, Search, or Auto. The app uses MCP (SHOW DATASTREAMS) to resolve which data streams to query, so one build can target O11y, Security, or Search Serverless projects.
  • MCP Server URL — your Kibana base URL with /api/agent_builder/mcp appended (the script prints the exact line to copy).
  • API Key — the same key you used for KIBANA_API_KEY.

Data in the app

Connecting succeeds once MCP and credentials work. The app queries standard Elastic Observability data streams (for example traces-generic.otel-default, logs-generic.otel-default, synthetics-browser-default, and system metrics). If your project only has workshop or custom indices (for example workshop-synth-*), traces and metrics tabs may stay empty until you ship OpenTelemetry into those default streams—or use a deployment that already has OTel demo data.

Workflows: the app lists definitions via Kibana GET /api/workflows when custom report indices are empty, so you should see the same workflows as in Observability → Workflows. See the Elastic documentation for ingest and Agent Builder.