logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

cribl-mcp-gateway

Provides an abstraction layer for natural language interfacing with the Cribl configuration and operational APIs. This toolset permits streamlined monitoring, data manipulation queries, and environment state management within Cribl deployments utilizing standardized Model Context Protocol (MCP) mechanics.

Author

cribl-mcp-gateway logo

pebbletek

MIT License

Quick Info

GitHub GitHub Stars 4
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

apiscriblapicribl apipebbletek criblrequests pebbletek

Cribl MCP Orchestration Engine

npm version License

A Model Context Protocol (MCP) implementation designed to serve as an intelligent bridge to the Cribl Application Programming Interface.

This server empowers generative AI agents to introspect and execute data management procedures against a configured Cribl instance, leveraging a uniform MCP interface.

Refer to the docs/ directory for comprehensive technical specifics. Key documentation modules include:

  • README.md (this document): Offers a high-level synopsis, initial setup guides, rudimentary functional illustrations, and navigational links.
  • docs/configuration.md: Details required environmental variables for initialization and elucidates supported authentication methodologies.
  • docs/usage.md: Covers server deployment (via npx or local compilation) and outlines how an MCP consumer links to the service, providing conceptual execution examples.
  • docs/overview.md: Positioned between the primary introduction and specialized documentation, this file elaborates on security features, and critically, furnishes a complete reference catalog of exposed functions, their required arguments, expected outputs, and roadmap items.

Initial Setup Procedure

You may opt for immediate execution using npx or opt for a complete local installation. Both pathways necessitate a Node.js runtime environment version greater than 16:

Dependencies Checklist

Before commencing operation, confirm the presence of the following:

  • Node.js Runtime: Version 16 or newer is recommended.
  • Network Connectivity: Required for fetching the MCP package from the npm registry.

You can obtain Node.js from https://nodejs.org.

Verify the installation status: bash node -v npx -v

Accelerated Deployment via npx

Execute directly using the following command structure, supplying necessary credentials inline: bash CRIBL_BASE_URL=https://your.cribl.cloud.instance CRIBL_AUTH_TYPE=cloud CRIBL_CLIENT_ID=abc123 CRIBL_CLIENT_SECRET=secret npx @pebbletek/cribl-mcp

Important Note: Successful execution via npx hinges on supplying essential configuration parameters (like the Cribl endpoint URL and authentication credentials) either through the shell environment or directly within the invocation command.

Consult docs/usage.md for advanced parameter tuning, including required JSON constructs for the MCP consumer and necessary variable definitions.

Local Software Build

  1. Navigate to your preferred development directory. Clone the repository: bash git clone https://github.com/pebbletek/cribl-mcp.git cd cribl-mcp

  2. Install required external libraries: bash npm install

  3. Replicate the example environment file and populate it with actual secrets: bash cp .env.example .env

  4. Refer to the 'Local Development' section within usage.md for instructions on running, compiling, and initiating the MCP service.

For exhaustive details on environmental variables and security protocols, see docs/configuration.md. Guidance on service execution flow is available in docs/usage.md.

Functionality Catalog

This service exposes capabilities to interface with Cribl infrastructure, encompassing:

  • Retrieving lists of Worker Groups and associated Fleets.
  • Fetching or modifying configurations for Data Pipelines.
  • Retrieving definitions for Data Sources.
  • Initiating restarts for specified Worker Groups.
  • Executing queries against system performance telemetry (including specific filtering criteria).

For a complete functional inventory and operational syntax, examine docs/usage.md.

Illustrative Interaction Scenarios (AI Prompts)

Once an MCP client (such as Claude Desktop) is established and granted access to these functions, users can issue directives via natural language. Examples follow:

  • Prompt: list all data ingestion points currently active? (Tool access must be authorized by the consumer)

    • Anticipated Flow: The system first queries for data sources, then concurrently checks pipeline associations for context.
      • Self-Correction/Refinement: The final output synthesizes source details (e.g., HTTP listeners on 10080, Splunk HEC on 8088) alongside associated processing logic (e.g., the pipeline tagged for Cisco ASA events).

  • Prompt: detail the transformation logic applied to Palo Alto network flow data?

    • Anticipated Flow: Executes a call to retrieve the specific pipeline configuration.
      • Detail Synthesis: The response breaks down sequential function execution: an initial filter discarding non-'pan:traffic' events, followed by detailed regex extraction of security zones and byte counts, and subsequent removal of 'start' subtype records, explaining the rationale (retaining only 'end' records for accuracy).

  • Prompt: modify the Palo Alto pipeline to retain all session records, both initiation and termination events.

    • Anticipated Flow: The system plans a three-step remediation: 1) Fetch current configuration. 2) Execute configuration update to disable the dropping function related to __log_subtype=='start'. 3) Trigger a service restart on the affected worker group to mandate configuration application.
      • Outcome Confirmation: The final report confirms the targeted function is deactivated, the associated commentary is updated to reflect the retention policy, and the necessary service orchestration (worker group restart) has completed, ensuring comprehensive visibility into the full lifecycle of network sessions.

Licensing Agreement

MIT

== Wikipedia Context: XMLHttpRequest == XMLHttpRequest (XHR) represents an Application Programming Interface implemented as a JavaScript object. Its utility lies in its methods that facilitate the submission of HTTP requests from a web browser environment to a remote server. This capability allows web applications to asynchronously communicate with the server post-page load, receiving subsequent data without necessitating a full page refresh—a core principle of Ajax methodologies. Before this advancement, server interaction relied predominantly on standard hyperlink navigation or form submissions, which inherently resulted in the complete replacement of the current view.

== Origin Story == The foundational concept driving XMLHttpRequest was first conceived in the year 2000 by engineers working on Microsoft Outlook. This abstraction was subsequently integrated into Internet Explorer version 5 (released in 1999). Curiously, the initial implementation did not use the standardized XMLHttpRequest naming convention; rather, it relied on COM object instantiations like ActiveXObject("Msxml2.XMLHTTP") or ActiveXObject("Microsoft.XMLHTTP"). By the time Internet Explorer 7 emerged (2006), support for the official XMLHttpRequest identifier had become universal across all major browser platforms, including Mozilla’s Gecko engine (2002), Safari 1.2 (2004), and Opera 8.0 (2005).

=== Standardization Trajectory === The World Wide Web Consortium (W3C) issued its initial Working Draft specification for the XMLHttpRequest object in April 2006. A Level 2 specification followed in February 2008, introducing capabilities for progress monitoring, enabling cross-origin data transfer, and handling raw byte streams. By the conclusion of 2011, the enhancements introduced in Level 2 were merged back into the primary specification document. In late 2012, the responsibility for maintenance shifted to the WHATWG, which now preserves a dynamic, living document utilizing Web IDL syntax.

== Standard Operational Flow == Executing a request using XMLHttpRequest typically involves a defined sequence of programming steps:

  1. Instantiation: Create an instance of the XMLHttpRequest object via its constructor.
  2. Configuration: Invoke the open() method to declare the request protocol (e.g., GET/POST), specify the target resource Uniform Resource Identifier (URI), and determine the execution mode (synchronous or asynchronous).
  3. Asynchronous Setup: If operating asynchronously, define a callback function (event listener) to be triggered upon state transitions.
  4. Transmission: Start the communication exchange by calling the send() method, potentially passing payload data.
  5. Response Handling: Monitor the object's readyState property within the listener. Upon reaching state 4 (the 'done' state), the retrieved server content is typically accessible via the responseText property.

Beyond these fundamentals, XHR offers extensive control mechanisms. Custom HTTP headers can be injected to guide server behavior. Data can be uploaded within the send() argument. Responses can be automatically parsed from JSON strings into native JavaScript objects, or processed incrementally as segments arrive. Furthermore, the transmission can be halted prematurely or subjected to a maximum latency timeout.

See Also

MCP
Cribl-mcp-gateway Mcp
Data
Data PNG Icons
Man Pages
Tirex::Config Man Pages
MCP
Docs Mcp
MCP
Servers Mcp
Man Pages
service Man Pages
Flow
Flow PNG Icons
Man Pages
systemd.exec Man Pages
← Back to Apis And Http Requests🙏  Credits & Acknowledgments
`