Connects your AI assistant directly to Apache Druid clusters for analytics and cluster management through natural language. Exposes tools for querying datasources, managing ingestion tasks, monitoring cluster health, and killing segments or datasources. Built on Spring AI with support for stdio, SSE, and HTTP transports, plus OAuth2 security out of the box. The feature-based architecture auto-discovers tools via annotations, and you can run it in read-only mode to prevent modifications. Ships as a Docker container or standalone JAR, and pairs with iunera's Ypipe desktop app for a conversational UI. If you're running Druid and want to explore time series data or manage clusters through Claude or ChatGPT instead of the console, this gives you the MCP integration.
A comprehensive Model Context Protocol (MCP) server for Apache Druid that provides extensive tools, resources, and prompts for managing and analyzing Druid clusters.
Developed by iunera - Advanced AI and Data Analytics Solutions
This MCP server implements a intend-based architecture where profiles picture their usaae intend and the corresponding area of Druid usage. The server provides three main types of MCP components:
Learn how to integrate AI agents with Apache Druid using the MCP server. This tutorial demonstrates time series data exploration, statistical analysis, and data ingestion using natural language with AI assistants like Claude, ChatGPT, and Gemini.
Click the thumbnail above to watch the video on YouTube
Experience your data like never before with Y̊pipe (formerly Data-Philter), a local desktop application that makes offline AI practical, designed by iunera. It leverages this Druid MCP Server to provide a seamless, conversational interface for your Druid cluster.
The easiest way to test iunera/druid-mcp-server is ypipe.com / https://github.com/iunera/ypipe
For seamless integration, we provide a predefined Ypipe integration blueprint file:
This blueprint allows you to easily connect and configure the Druid MCP server in Ypipe through a visual workspace.
| Ypipe Workspace Flow | Druid Node Configuration |
|---|---|
![]() | ![]() |
When connected to an MCP client, you can inspect the available tools, resources, and prompts through the MCP inspector interface:

The tools interface shows all available Druid management functions organized by feature areas including data management, ingestion management, and monitoring & health.

The resources interface displays all accessible Druid data sources and metadata that can be retrieved through the MCP protocol.

The prompts interface shows all AI-assisted guidance templates available for various Druid management tasks and data analysis workflows.
A ready-to-use MCP configuration file is provided at mcp-servers-config.json that can be used with LLM clients to connect to this Druid MCP server.
The configuration includes multiple integration and transport options:
# STDIO mode (default)
docker run --rm -i \
-e DRUID_ROUTER_URL=http://your-druid-router:8888 \
-e DRUID_COORDINATOR_URL=http://your-druid-coordinator:8081 \
iunera/druid-mcp-server:latest
# HTTP mode (enable profile 'http' and expose /mcp)
docker run -p 8080:8080 \
-e SPRING_PROFILES_ACTIVE=http,query \
-e DRUID_ROUTER_URL=http://your-druid-router:8888 \
-e DRUID_COORDINATOR_URL=http://your-druid-coordinator:8081 \
iunera/druid-mcp-server:latest
Note on Spring profiles:
# Build the application
mvn clean package -DskipTests
# Run the application
java -jar target/druid-mcp-server-2.0.0.jar
The server will start on port 8080 by default.
For detailed build instructions, testing, Docker setup, and development guidelines, see development.md.
DRUID_MCP_SECURITY_OAUTH2_ENABLED:
true (OAuth2 is enabled by default as per the text above)false to disable OAuth2 authentication. When disabled, clients can access the server without providing OAuth2 tokens.If you prefer to use the pre-built JAR without building from source, you can download and run it directly from Maven Central.
Download the JAR from Maven Central https://repo.maven.apache.org/maven2/com/iunera/druid-mcp-server/
# STDIO mode (default)
java -jar target/druid-mcp-server-2.0.0.jar
# HTTP mode (profile: http) - exposes /mcp on port 8080
java -Dspring.profiles.active=http \
-jar target/druid-mcp-server-2.0.0.jar
For detailed development information including build instructions, testing guidelines, architecture details, and contributing guidelines, see development.md.
The MCP server activates tools dynamically based on active Spring profiles (SPRING_PROFILES_ACTIVE). The default configuration runs the server in STDIO mode with the query profile enabled.
query (Default Active Profile)Provides safe, read-only data querying and browsing capabilities.
| Tool | Description | Parameters | Druid API Endpoint / Functionality |
|---|---|---|---|
getDatasources | List all available Apache Druid datasources or get detailed schema for a specific datasource. | datasourceName (String, optional), detailed (Boolean, optional) | /druid/v2/sql (queries system catalogs like INFORMATION_SCHEMA.TABLES & COLUMNS) |
getLookups | Get configuration or status of lookups for all or a specific tier. | tier (String, optional), lookupName (String, optional), includeStatus (Boolean, optional) | /druid/coordinator/v1/lookups/config & /status endpoints |
getSegments | Fetch segments metadata or details for a specific segment. | datasource (String, optional), segmentId (String, optional), detailed (Boolean, optional), metadataOnly (Boolean, optional) | /druid/coordinator/v1/datasources/{ds}/segments & system tables (sys.segments via /druid/v2/sql) |
getSegmentLoadQueue | Get the load queue status showing segments currently being loaded. | serverName (String, optional) | /druid/coordinator/v1/loadqueue |
queryDruidSql | Execute a SQL query against Druid datasources. | sqlQuery (String, required) | /druid/v2/sql (Router / Broker SQL endpoint) |
opsProvides administrative control over ingestion specs, tasks, streaming supervisors, retention rules, and compaction.
| Tool | Description | Parameters | Druid API Endpoint / Functionality |
|---|---|---|---|
getCompactionConfig | View compaction configuration or configuration change history for datasources. | datasource (String, optional), includeHistory (Boolean, optional) | /druid/coordinator/v1/config/compaction endpoints |
getCompactionStatus | Retrieve the current status of compaction runs and progress. | datasource (String, optional) | /druid/coordinator/v1/compaction/status |
manageCompaction | Add, update, or remove a compaction configuration. | action (Enum: UPSERT, DELETE, required), datasource (String, required), configJson (String, optional) | /druid/coordinator/v1/config/compaction (POST/DELETE) |
manageDatasourceOrSegment | Modify segment states or permanently drop a datasource. | action (Enum: ENABLE_SEGMENT, DISABLE_SEGMENT, KILL_DATASOURCE, required), datasource (String, required), segmentId (String, optional), interval (String, optional) | /druid/coordinator/v1/datasources & segment POST/DELETE |
manageLookup | Create, update, or delete a lookup configuration. | action (Enum: UPSERT, DELETE, required), tier (String, required), lookupName (String, required), configJson (String, optional) | /druid/coordinator/v1/lookups/config (POST/DELETE) |
queryDruidMultiStage | Execute a multi-stage SQL query (MSQ) against Druid datasources as a task. | sqlQuery (String, required) | /druid/v2/sql/task (MSQ execution endpoint) |
queryDruidMultiStageWithContext | Execute a multi-stage SQL query with custom context parameters. | sqlQuery (String, required), contextJson (String, optional) | /druid/v2/sql/task with context configurations |
getMultiStageQueryTaskStatus | Get the status of a multi-stage query task. | taskId (String, required) | /druid/indexer/v1/task/{taskId}/status |
cancelMultiStageQueryTask | Cancel a running multi-stage query task. | taskId (String, required) | /druid/indexer/v1/task/{taskId}/shutdown (POST) |
getRetentionRules | Retrieve retention rules or audit history for a specific datasource or all datasources. | datasource (String, optional), includeHistory (Boolean, optional) | /druid/coordinator/v1/rules |
manageRetentionRules | Update retention rules configuration for a specific datasource. | datasource (String, required), rulesJson (String, required) | /druid/coordinator/v1/rules |
submitIngestion | Submit a Druid ingestion specification or generate a simple batch template. | action (Enum: SUBMIT_SPEC, GENERATE_TEMPLATE, required), payloadJson (String, optional), datasourceName (String, optional), inputSourceType (String, optional), inputSourcePath (String, optional) | /druid/indexer/v1/task (POST) |
getSupervisors | List all supervisors or query details of a specific supervisor. | supervisorId (String, optional) | /druid/indexer/v1/supervisor |
manageSupervisor | Suspend, resume, or terminate a supervisor's execution. | supervisorId (String, required), action (Enum: SUSPEND, RESUME, TERMINATE, required) | /druid/indexer/v1/supervisor/{id}/(suspend/resume/terminate) |
getTasks | List ingestion tasks matching specific states. | state (Enum: RUNNING, PENDING, WAITING, COMPLETED, optional) | /druid/indexer/v1/runningTasks, pendingTasks, waitingTasks, completeTasks |
getTaskDetails | Fetch detailed information, specifications, execution reports, or execution logs for a task. | taskId (String, required), aspect (Enum: STATUS, RAW_DETAILS, SPEC, REPORTS, LOG, required), logOffset (Long, optional) | /druid/indexer/v1/task/{id} spec, status, reports, and log endpoints |
shutdownTask | Kill/shutdown a Druid task. | taskId (String, required) | /druid/indexer/v1/task/{id}/shutdown (POST) |
getClusterStatus | Check overall health or fetch specific metadata/properties from coordinators or routers. | aspect (Enum: OVERALL, COORDINATOR, ROUTER, LEADER, METADATA, PROPERTIES, SELF_DISCOVERY_COORDINATOR, SELF_DISCOVERY_ROUTER, optional) | /status/health, /status/selfDiscovered, /druid/coordinator/v1/leader, /druid/coordinator/v1/config |
getNodesStatus | List registered servers, their detailed status, or single node status. | serverName (String, optional), detailed (Boolean, optional) | /druid/coordinator/v1/servers & /status |
diagnoseCluster | Perform automated diagnostic health checks, configuration audits, or query performance analysis. | mode (Enum: COMPREHENSIVE, QUICK, PERFORMANCE, CONFIGURATION, required) | Orchestrates diagnostic sweeps over active tasks, servers status, segment counts, and APIs |
checkFunctionalityHealth | Validate operations of ingestion systems, supervisor state transitions, and historical query latency. | component (Enum: ALL, SUPERVISORS, HISTORICALS, INGESTION, optional), quick (Boolean, optional) | Orchestrates checks over task execution logs and supervisor statuses |
permissionsProvides basic security authentication and authorization administration.
[!IMPORTANT] Basic security tools are only activated if both of the following conditions are met:
- The
permissionsprofile is activated (spring.profiles.active=permissions).- The Coordinator URL (
druid.coordinator.url) is set and non-empty.
| Tool | Description | Parameters | Druid API Endpoint / Functionality |
|---|---|---|---|
manageAuthentication | Administer basic security users and credentials. | authenticator (String, required), action (Enum: LIST, GET, CREATE, DELETE, SET_PASSWORD, required), username (String, optional), password (String, optional) | /druid-ext/basic-security/authentication/db/... |
manageAuthorization | Manage security authorization properties, roles, and resource access policies. | authorizer (String, required), action (Enum: LIST_USERS, GET_USER, CREATE_USER, DELETE_USER, LIST_ROLES, GET_ROLE, CREATE_ROLE, DELETE_ROLE, SET_PERMISSIONS, required), name (String, optional), permissionsJson (String, optional) | /druid-ext/basic-security/authorization/db/... |
manageSecurityAssignments | Configure mapping rules assigning roles to users, or retrieve the configured authenticator chains. | authorizer (String, required), action (Enum: ASSIGN_ROLE, UNASSIGN_ROLE, GET_CHAIN, required), username (String, optional), roleName (String, optional) | /druid-ext/basic-security/authorization/db/... & /status/properties |
healthProvides active health checking, cluster status, diagnostics, and doctor recommendation scans.
| Tool | Description | Parameters | Druid API Endpoint / Functionality |
|---|---|---|---|
getClusterStatus | Check overall health or fetch specific metadata/properties from coordinators or routers. | aspect (Enum: OVERALL, COORDINATOR, ROUTER, LEADER, METADATA, PROPERTIES, SELF_DISCOVERY_COORDINATOR, SELF_DISCOVERY_ROUTER, optional) | /status/health, /status/selfDiscovered, /druid/coordinator/v1/leader, /druid/coordinator/v1/config |
getNodesStatus | List registered servers, their detailed status, or single node status. | serverName (String, optional), detailed (Boolean, optional) | /druid/coordinator/v1/servers & /status |
diagnoseCluster | Perform automated diagnostic health checks, configuration audits, or query performance analysis. | mode (Enum: COMPREHENSIVE, QUICK, PERFORMANCE, CONFIGURATION, required) | Orchestrates diagnostic sweeps over active tasks, servers status, segment counts, and APIs |
checkFunctionalityHealth | Validate operations of ingestion systems, supervisor state transitions, and historical query latency. | component (Enum: ALL, SUPERVISORS, HISTORICALS, INGESTION, optional), quick (Boolean, optional) | Orchestrates checks over task execution logs and supervisor statuses |
| Feature | Resource URI Pattern | Description | Parameters |
|---|---|---|---|
| Datasource | druid://datasource/{datasourceName} | Access datasource information and metadata | datasourceName (String) |
| Datasource | druid://datasource/{datasourceName}/details | Access detailed datasource information including schema | datasourceName (String) |
| Lookup | druid://lookup/{tier}/{lookupName} | Access lookup configuration and data | tier (String), lookupName (String) |
| Segments | druid://segment/{segmentId} | Access segment metadata and information | segmentId (String) |
| Feature | Prompt Name | Description | Parameters |
|---|---|---|---|
| Data Analysis | data-exploration | Guide for exploring data in Druid datasources | datasource (String, optional) |
| Data Analysis | query-optimization | Help optimize Druid SQL queries for better performance | query (String) |
| Cluster Management | health-check | Comprehensive cluster health assessment guidance | None |
| Cluster Management | cluster-overview | Overview and analysis of cluster status | None |
| Ingestion Management | ingestion-troubleshooting | Troubleshoot ingestion issues | issue (String, optional) |
| Ingestion Management | ingestion-setup | Guide for setting up new ingestion pipelines | dataSource (String, optional) |
| Retention Management | retention-management | Manage data retention policies | datasource (String, optional) |
| Compaction | compaction-suggestions | Optimize segment compaction configuration | datasource (String, optional), currentConfig (String, optional), performanceMetrics (String, optional) |
| Compaction | compaction-troubleshooting | Troubleshoot compaction issues | issue (String), datasource (String, optional) |
| Operations | emergency-response | Emergency response procedures and guidance | None |
| Operations | maintenance-mode | Cluster maintenance procedures | None |
The application can be configured using environment variables, which is the recommended approach for production environments. Below is a comprehensive list of supported environment variables derived from the application.yaml configuration file.
DRUID_ROUTER_URL: The URL of the Druid router.DRUID_AUTH_USERNAME: The username for Druid authentication.DRUID_AUTH_PASSWORD: The password for Druid authentication.DRUID_SSL_ENABLED: Enables or disables SSL for Druid connections (true/false).DRUID_SSL_SKIP_VERIFICATION: Skips SSL certificate verification (true/false).DRUID_MCP_SQL_SYNTAX_CORRECTION_ENABLED: Enables or disables automatic SQL syntax correction (default: true). When enabled, automatically formats queries, corrects casing, and quotes identifiers for Druid.DRUID_MCP_SQL_SYNTAX_CORRECTION_CACHE_TTL_MS: The Time-To-Live (TTL) in milliseconds for the cached table and column metadata loaded from Druid (default: 300000 / 5 minutes).DRUID_MCP_SECURITY_OAUTH2_ENABLED: Enables or disables OAuth2 security for HTTP client authentication (true/false).SPRING_PROFILES_ACTIVE: Comma-separated list of profiles to activate (e.g. query, ops, permissions, health for tools capabilities, or http to enable HTTP server transport instead of default STDIO).SPRING_AI_MCP_SERVER_NAME: The name of the MCP server.SPRING_AI_MCP_SERVER_PROTOCOL: The protocol used by the MCP server (e.g., streamable).SERVER_PORT: The port the server listens on.SERVER_SERVLET_SESSION_COOKIE_NAME: The name of the session cookie.SPRING_APPLICATION_NAME: The name of the application.SPRING_CONFIG_IMPORT: Imports additional configuration files.SPRING_MAIN_BANNER_MODE: The mode for the startup banner (e.g., off).LOGGING_FILE_NAME: The name of the log file.LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY: The log level for Spring Security (e.g., DEBUG).This section provides comprehensive guidance on connecting to SSL-encrypted Druid clusters with username and password authentication.
Set the following environment variables before starting the MCP server:
# Druid cluster URL with HTTPS
export DRUID_ROUTER_URL="https://your-druid-cluster.example.com:8888"
# Authentication credentials
export DRUID_AUTH_USERNAME="your-username"
export DRUID_AUTH_PASSWORD="your-password"
# SSL configuration
export DRUID_SSL_ENABLED="true"
export DRUID_SSL_SKIP_VERIFICATION="false" # Use "true" only for testing
# Start the MCP server
java -jar target/druid-mcp-server-2.0.0.jar
Pass configuration as JVM system properties:
java -Ddruid.router.url="http://localhost:8888" \
-Ddruid.auth.username="admin" \
-Ddruid.auth.password="password" \
-jar target/druid-mcp-server-2.0.0.jar
For production environments with valid SSL certificates:
export DRUID_ROUTER_URL="https://druid-prod.company.com:8888"
export DRUID_SSL_ENABLED="true"
export DRUID_SSL_SKIP_VERIFICATION="false"
The server will use the system's default truststore to validate SSL certificates.
The MCP server supports HTTP Basic Authentication with username and password:
DRUID_AUTH_USERNAME or druid.auth.usernameDRUID_AUTH_PASSWORD or druid.auth.passwordThe credentials are automatically encoded using Base64 and sent with each request using the Authorization: Basic header.
Update your mcp-servers-config.json to include environment variables:
{
"mcpServers": {
"druid-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"DRUID_ROUTER_URL",
"-e",
"DRUID_COORDINATOR_URL",
"-e",
"DRUID_AUTH_USERNAME",
"-e",
"DRUID_AUTH_PASSWORD",
"-e",
"DRUID_SSL_ENABLED",
"-e",
"DRUID_SSL_SKIP_VERIFICATION",
"iunera/druid-mcp-server:2.0.0"
],
"env": {
"DRUID_ROUTER_URL": "http://host.docker.internal:8888",
"DRUID_COORDINATOR_URL": "http://host.docker.internal:8081",
"DRUID_AUTH_USERNAME": "",
"DRUID_AUTH_PASSWORD": "",
"DRUID_SSL_ENABLED": "false",
"DRUID_SSL_SKIP_VERIFICATION": "true"
}
}
}
}
The server provides extensive prompt customization capabilities through the prompts.properties file located in src/main/resources/.
The prompts.properties file contains:
You can override any prompt template using Java system properties with the -D flag:
java -Dprompts.druid-data-exploration.template="Your custom template here" \
-jar target/druid-mcp-server-2.0.0.jar
custom-prompts.properties):# Custom prompt template
prompts.druid-data-exploration.template=My custom data exploration prompt:\n\
1. Custom step one\n\
2. Custom step two\n\
{datasource_section}\n\
Environment: {environment}
java -Dspring.config.additional-location=classpath:custom-prompts.properties \
-jar target/druid-mcp-server-2.0.0.jar
All prompt templates support these variables:
| Variable | Description | Example |
|---|---|---|
{environment} | Current environment name | production, staging, dev |
{organizationName} | Organization name | Your Organization |
{contactInfo} | Contact information | your-team@company.com |
{watermark} | Generated watermark | Generated by Druid MCP Server v1.0.0 |
{datasource} | Datasource name (context-specific) | sales_data |
{query} | SQL query (context-specific) | SELECT * FROM sales_data |
prompts.druid-data-exploration.template=Welcome to {organizationName} Druid Analysis!\n\n\
Please help me explore our data:\n\
{datasource_section}\n\
Environment: {environment}\n\
Contact: {contactInfo}\n\n\
{watermark}
prompts.druid-query-optimization.template=Query Performance Analysis for {organizationName}\n\n\
Query to optimize: {query}\n\n\
Please provide:\n\
1. Performance bottleneck analysis\n\
2. Optimization recommendations\n\
3. Best practices for our {environment} environment\n\n\
{watermark}
You can disable individual prompts by setting their enabled flag to false:
mcp.prompts.data-exploration.enabled=false
mcp.prompts.query-optimization.enabled=false
Or disable all prompts globally:
mcp.prompts.enabled=false
This server uses Spring AI's MCP Server framework and supports both STDIO and SSE transports. The tools, resources, and prompts are automatically registered and exposed through the MCP protocol.
The Druid MCP Server supports multiple transport modes compliant with MCP 2025-06-18 specification:
The new Streamable HTTP transport provides enhanced performance and scalability with support for multiple concurrent clients:
# Default configuration with Streamable HTTP
java -Dspring.profiles.active=http \
-jar target/druid-mcp-server-2.0.0.jar
# Server available at http://localhost:8080/mcp (configurable endpoint)
Features:
Security
Perfect for LLM clients and desktop applications:
java -jar target/druid-mcp-server-2.0.0.jar
Still supported for backwards compatibility. It is no longer the default and may be removed in a future version.
Note: The SSE endpoint is secured with OAuth by default. Clients must include a valid bearer token when connecting. For SSO integration support, see Contact & Support.
To enhance the product and understand usage patterns, this server collects anonymous usage metrics. This data helps prioritize new features and improvements. You can opt-out of anonymous metrics collection by setting the druid.mcp.metrics.enabled to `false.
For local development, testing, and learning, a complete Docker Compose setup for running a full Apache Druid cluster is available at iunera/druid-local-cluster-installer.
This setup is the recommended way to get a Druid cluster running for use with this MCP server.
Key Features:
admin/password).iunera/ypipe.This Druid MCP Server is part of a comprehensive ecosystem of Apache Druid tools and extensions developed by iunera. These complementary projects enhance different aspects of Druid cluster management and data ingestion:
Advanced configuration management and deployment tools for Apache Druid clusters. This project provides:
Integration with Druid MCP Server: The cluster configurations provided by this project work seamlessly with the monitoring and management capabilities of the Druid MCP Server, enabling comprehensive cluster lifecycle management.
A specialized Apache Druid extension for ingesting and analyzing code-related data and metrics. This extension enables:
Integration with Druid MCP Server: This extension expands the ingestion capabilities that can be managed through the MCP server's ingestion management tools, providing specialized support for code analytics use cases.
This Druid MCP Server is developed and maintained by iunera, a leading provider of advanced AI and data analytics solutions.
iunera specializes in:
As veterans in Apache Druid iunera deployed and maintained a large number of solutions based on Apache Druid in productive enterprise grade scenarios.
Maximize your return on data with professional Druid implementation and optimization services. From architecture design to performance tuning and AI integration, our experts help you navigate Druid's complexity and unlock its full potential.
ENTERPRISE AI INTEGRATION & CUSTOM MCP (MODEL CONTEXT PROTOCOL) SERVER DEVELOPMENT
Iunera specializes in developing production-grade AI agents and enterprise-grade LLM solutions, helping businesses move beyond generic AI chatbots. They build secure, scalable, and future-ready AI infrastructure, underpinned by the Model Context Protocol (MCP), to connect proprietary data, legacy systems, and external APIs to advanced AI models.
Get Enterprise MCP Server Development Consulting →
For more information about our services and solutions, visit www.iunera.com.
Need help? Let
© 2026 iunera. Licensed under the Apache License 2.0.
DRUID_ROUTER_URL*Druid router URL for connecting to the Druid cluster
DRUID_COORDINATOR_URLDruid coordinator URL for querying metadata endpoints (optional)
DRUID_AUTH_USERNAMEUsername for Druid authentication (optional)
DRUID_AUTH_PASSWORDsecretPassword for Druid authentication (optional)
DRUID_SSL_ENABLEDEnable SSL/TLS support for Druid connections
DRUID_SSL_SKIP_VERIFICATIONSkip SSL certificate verification (for development/testing only)
DRUID_MCP_READONLY_ENABLEDEnable read-only mode (only GET requests and SQL queries allowed)