Dynatrace MCP Server – Observability Insights

Dynatrace MCP Server connects external AI agents and MCP clients to Dynatrace observability and intelligence tools. Use it when an agent needs governed access to live production data, DQL assistance, problem and vulnerability context, Kubernetes events, timeseries analysis, entity resolution, or troubleshooting guidance from Dynatrace.

#observability#dql#troubleshooting

Overview

Dynatrace MCP Server is the official Dynatrace Model Context Protocol endpoint
for connecting external AI agents to Dynatrace observability data and
Dynatrace Intelligence. It lets MCP-compatible clients use trusted production
context directly in developer, operations, incident-management, and support
workflows.

What the MCP server enables

Dynatrace documents the MCP server as a collection of tools for agent use cases.
Supported workflows include:

Generating Dynatrace Query Language queries with generative AI.
Explaining DQL queries.
Running generated DQL queries.
Answering Dynatrace product-related questions.
Investigating problems and vulnerabilities.
Analyzing Kubernetes events.
Forecasting and analyzing timeseries data.
Finding documents and troubleshooting guides.
Resolving Dynatrace entity names and entity IDs.
Using live production context and Dynatrace Intelligence findings in IDEs,
chat tools, ticket workflows, and other MCP clients.

When to use it

Use Dynatrace MCP when an AI agent needs reliable, current observability context
instead of static assumptions. Practical examples include asking an IDE
assistant to show recent logs, generating a DQL query for a service issue,
explaining a complex DQL statement, checking Kubernetes events during an
incident, validating whether a vulnerability affects production, analyzing a
timeseries trend, or retrieving a relevant troubleshooting guide while working
in GitHub Copilot, Claude Desktop, Microsoft Copilot, Atlassian Rovo, ChatGPT,
or another MCP client.

Connection and authentication

Connect through Streamable HTTP using the Dynatrace environment-specific URL:
https://${DYNATRACE_ENVIRONMENT_NAME}.apps.dynatrace.com/platform-reserved/mcp-gateway/v0.1/servers/dynatrace-mcp/mcp.

The client must send Authorization: Bearer ${DYNATRACE_BEARER_TOKEN}. A
bearer token can come from a Platform Token or from an OAuth client, but
Dynatrace states that direct remote MCP access does not support OAuth clients
as a connection method and recommends Platform Tokens. OAuth-client generated
bearer tokens are valid for only five minutes. Both the user and token need
mcp-gateway:servers:invoke and mcp-gateway:servers:read, plus any
tool-specific permissions such as storage:logs:read for log access.

Key considerations

Dynatrace MCP extends existing Dynatrace access controls to AI agents, so the
agent can only use data and tools allowed by the bearer token and user
permissions. Tokens can expire, and clients such as VS Code may not refresh
them automatically, so expired tokens must be regenerated and updated. Because
MCP tools can execute DQL and expose production context, use least-privilege
platform tokens, limit access to trusted MCP clients, review generated queries
before running expensive or sensitive searches, and avoid placing bearer tokens
in committed workspace files.

Frequently Asked Questions

When should an AI agent use the Dynatrace MCP Server?

Use it when an agent needs governed, live Dynatrace context for observability and operations work, such as generating DQL, explaining queries, running searches, investigating problems or vulnerabilities, analyzing Kubernetes events, forecasting timeseries data, or finding troubleshooting guidance.

What does the Dynatrace MCP Server add to an AI agent's capabilities?

It gives the agent access to Dynatrace MCP tools backed by real-time production context and Dynatrace Intelligence, including DQL generation, DQL explanation, query execution, product guidance, problem investigation, vulnerability context, entity resolution, and troubleshooting resources.

What can an AI agent access or manage through Dynatrace MCP?

Depending on user and token permissions, the agent can query observability data, work with DQL, retrieve logs or other permitted telemetry, analyze Kubernetes and timeseries information, resolve entity names and IDs, and use Dynatrace problem, vulnerability, documentation, and troubleshooting context.

How is authentication configured for Dynatrace MCP?

The remote server requires an Authorization Bearer token. Dynatrace recommends Platform Tokens for direct remote MCP access. Both the user and token need mcp-gateway:servers:invoke and mcp-gateway:servers:read permissions, plus tool-specific permissions such as storage:logs:read when accessing logs.

Which transport should be used for Dynatrace MCP?

Use the official environment-specific Streamable HTTP endpoint at `https://${DYNATRACE_ENVIRONMENT_NAME}.apps.dynatrace.com/platform-reserved/mcp-gateway/v0.1/servers/dynatrace-mcp/mcp`. Dynatrace documents URL-based remote MCP client configuration with bearer authentication; no separate local stdio server is required for the official hosted setup.