grafana-lens
Grafana tools for data visualization, monitoring, alerting, security, SRE investigation, and data collection pipeline management via Alloy. Use grafana_query, grafana_query_logs, grafana_query_traces, grafana_create_dashboard, grafana_update_dashboard, grafana_create_alert, grafana_share_dashboard,
Install
mkdir -p .claude/skills/grafana-lens && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15427" && unzip -o skill.zip -d .claude/skills/grafana-lens && rm skill.zipInstalls to .claude/skills/grafana-lens
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Grafana tools for data visualization, monitoring, alerting, security, SRE investigation, and data collection pipeline management via Alloy. Use grafana_query, grafana_query_logs, grafana_query_traces, grafana_create_dashboard, grafana_update_dashboard, grafana_create_alert, grafana_share_dashboard, grafana_annotate, grafana_explore_datasources, grafana_list_metrics, grafana_search, grafana_get_dashboard, grafana_check_alerts, grafana_push_metrics, grafana_explain_metric, grafana_security_check, grafana_investigate, and alloy_pipeline. Trigger when asked about metrics, dashboards, monitoring, alerts, costs, token usage, data visualization, PromQL, Prometheus, LogQL, Loki, log queries, error logs, log search, TraceQL, Tempo, traces, distributed tracing, span search, find slow traces, debug session traces, annotations, deployments, sharing charts, investigating alert notifications, pushing custom data (calendar, git, fitness, finance) to Grafana for visualization, pushing historical data, backfilling metrics, recording past data with timestamps, modifying dashboards, adding panels, removing panels, changing dashboard settings, updating dashboard time range, explain metric, metric trend, what is this metric, how has this changed, is this metric normal, why did my bill spike, cost visibility, security monitoring, security check, security audit, am I being attacked, is my agent compromised, suspicious activity, threat detection, prompt injection detection, set up security alerts, investigate, debug, triage, root cause, what's wrong, why is X broken, anomaly detection, RED method, USE method, alert fatigue, postmortem, incident summary, collect metrics from, monitor my database, monitor my app, scrape endpoint, set up log collection, collect Docker logs, tail log files, collect Kubernetes logs, receive OTLP, set up trace collection, data collection pipeline, Alloy pipeline, pipeline status, pipeline health, node exporter, system metrics, postgres exporter, mysql exporter, redis exporter, syslog, Grafana Alloy.About this skill
Grafana Lens
You have full native Grafana access — query data, create dashboards, set alerts, receive alert notifications, annotate events, explore datasources, push custom data, and deliver visualizations inline. Works with ANY data in Grafana, not just agent metrics.
Musts
- Always call
grafana_explore_datasourcesfirst when you need a datasource UID — never guess UIDs - Always call
grafana_searchbefore creating a dashboard — avoid duplicates - Always call
grafana_get_dashboardbeforegrafana_share_dashboard— you need exact panel IDs - Always call
grafana_get_dashboardbeforegrafana_update_dashboard— you need panel IDs and current structure - Prefer
grafana_queryfor direct answers over creating dashboards — "what's my cost?" needs a number, not a URL - Prefer
grafana_queryovergrafana_create_dashboard+grafana_share_dashboardfor simple data questions — a number is faster than a chart - Use
grafana_query_logsfor log searches — LogQL for logs, PromQL for metrics, TraceQL for traces. Never usegrafana_queryfor Loki datasources - Use
grafana_query_tracesfor trace searches — TraceQL for traces, PromQL for metrics, LogQL for logs. Never usegrafana_queryorgrafana_query_logsfor Tempo datasources - All tools work with ANY Prometheus datasource — not just
openclaw_lens_*metrics - When you see "GRAFANA ALERTS" in prompt context, investigate immediately with
grafana_check_alerts— use thesuggestedInvestigationfield to go directly to querying (it provides the tool, query, and datasource) - Run
grafana_check_alertswith actionsetuponce before alert notifications can reach the agent — this creates the webhook contact point - Push data before querying or dashboarding it — data is pushed via OTLP and available immediately
- Prefer
grafana_explain_metricfor "what is this metric?" questions over manualgrafana_query— it returns current value, trend, stats, and metadata in one call - Use
queryNamesfrom push response for PromQL queries — don't guess metric names (counters get_totalsuffix) - Use
openclaw_ext_prefix for custom metrics —grafana_push_metricsauto-prepends it if missing - Follow statistics-first discipline for log investigation — always run count/rate LogQL before reading individual entries. Use
grafana_query_logswith metric-over-logs queries (count_over_time,rate,topk) before switching to raw log entries - Silence alerts during investigation — use
grafana_check_alertswith actionsilenceto prevent repeat notifications while investigating - Use
list_rulesfor complete alert health —grafana_check_alertswith actionlist_rulesreturns all rules with live eval state (normal/firing/pending/nodata/error), health, and lastEvaluation — no need to cross-reference withlistaction - Use
dashboardUid+panelIdto re-run panel queries — don't manually extract PromQL/LogQL fromget_dashboardoutput. Bothgrafana_queryandgrafana_query_logsaccept these params to auto-resolve the panel's query expression and datasource. The tool handles template variable replacement and datasource routing automatically - Confirm with user before deleting dashboards or alert rules —
grafana_update_dashboardwith operationdeleteandgrafana_check_alertswith actiondelete_ruleare permanent and cannot be undone - Always use
alloy_pipelineactionrecipesfirst when unsure which pipeline recipe fits the user's request — because recipes provide validation, credential handling, and sample queries that raw config does not - Always call
alloy_pipelineactionstatusafter creating a pipeline — because data takes 15-20s to flow through the pipeline, and components may fail silently after reload - Never guess Alloy component names — use recipes for known patterns, or raw
configonly when the user explicitly provides Alloy syntax - Prefer recipes over raw config when a recipe exists — recipes provide validation, sample queries, credential handling, dashboard templates, and automatic export target wiring
- Never write credentials into raw
config— when the user provides a connection string, DSN, password, or API key, ALWAYS use the matching recipe (which routes credentials throughsys.env(), keeping secrets off disk). If you must use raw config, wrap sensitive values insys.env("MY_VAR_NAME")and tell the user to set that env var where Alloy runs - Read
envVarsRequiredfrom every pipeline create response — credential recipes may returnpending_credentialsstatus when env vars aren't set yet. Tell the user the exact var names and that they must set them where Alloy runs, then verify with actionstatus - Warn users before creating credential-required pipelines — Alloy config reload is atomic: if a credential recipe's env vars aren't set, the reload failure blocks ALL managed pipelines (not just the new one) until the env vars are set or the pipeline is deleted. Always ask: "Do you have the credentials ready to set as env vars on the Alloy host?"
- Chain pipeline creation into existing tools — after pipeline is active:
grafana_list_metricsorgrafana_query_logsto discover data,grafana_create_dashboardto visualize,grafana_create_alertto monitor - Use
alloy_pipelineactiondiagnoseas first step when user reports pipeline issues — because it checks Alloy connectivity, all pipeline health, config file drift, and limits in one call - Confirm with user before deleting pipelines —
alloy_pipelinewith actiondeleteremoves the config and data stops flowing - All log recipes accept processing params — don't create separate "processing" pipelines. Add
jsonExpressions,labelFields,structuredMetadata,tenantValue,matchRoutes, etc. directly to any log recipe (docker-logs, file-logs, syslog, etc.) - Use
samplingPoliciesfor multi-policy tail sampling — don't create raw config whenapplication-tracescan handle it.sampleRateis for simple probabilistic,samplingPoliciesis for intelligent multi-policy (keep errors, keep slow, sample rest) - Use log processing params for multi-tenant routing —
tenantValue/tenantSource/matchRouteswork on ALL log recipes. Don't create separate "routing" pipelines - Read
references/alloy-components.mdbefore composing raw config — it has copy-pasteable snippets for all common Alloy components
Quick Decision Tree
- "What is [metric]?" / "Why did it spike?" →
grafana_explain_metric - "What's the current value of X?" / complex PromQL →
grafana_query - "Find error logs" / "Search logs for..." →
grafana_query_logs - "Find slow traces" / "Show trace for session X" / "Debug distributed spans" →
grafana_query_traces - "Debug this session" / "Why did it fail?" / "What went wrong?" →
grafana_query_traces(search error/slow) →grafana_query_traces(get → followcorrelationHint) →grafana_query_logs→grafana_query→grafana_annotate - "Show me a chart" / "Visualize..." →
grafana_search→grafana_get_dashboard→grafana_share_dashboard - "Create a dashboard for..." →
grafana_search(check duplicates) →grafana_create_dashboard - "Add a panel to my dashboard" →
grafana_get_dashboard→grafana_update_dashboard - "Delete this dashboard" →
grafana_update_dashboardwith operationdelete(confirm with user first) - "Alert me when..." →
grafana_check_alerts(setup) →grafana_create_alert - "List my alert rules" / "What alerts do I have?" →
grafana_check_alertswith actionlist_rules - "Delete alert rule X" →
grafana_check_alertswith actionlist_rules→delete_rulewithruleUid - "Track my [custom data]" / "Record my [past data]" →
grafana_push_metrics(with optionaltimestampfor historical data, auto-registers, returnsqueryNames) →grafana_querywithqueryNames - "What data sources do I have?" →
grafana_explore_datasources - "What metrics are available?" →
grafana_list_metrics - "Set up monitoring" / "Monitor my agent" / "What dashboards should I have?" →
grafana_search(check existing) →grafana_create_dashboardwithllm-command-center→ followsuggestedNextchain through remaining templates - "GenAI observability" / "OTel gen_ai metrics" / "Standard AI monitoring" →
grafana_create_dashboardwithgenai-observabilitytemplate - "What happened in session X?" / "Debug this session" →
grafana_create_dashboardwithsession-explorertemplate → paste session ID - "Show me LLM traces" / "Show agent logs" →
grafana_create_dashboardwithllm-command-centertemplate (Loki + Tempo) - "How much am I spending?" / "Cost analysis" →
grafana_create_dashboardwithcost-intelligencetemplate - "Which tools are slow?" / "Tool errors" →
grafana_create_dashboardwithtool-performancetemplate - "Queue health" / "Webhook issues" / "Stuck sessions" →
grafana_create_dashboardwithsre-operationstemplate - "System health check" / "Status report" / "Review all dashboards" →
grafana_explore_datasources→grafana_check_alerts(list + list_rules) →grafana_search→grafana_get_dashboard(audit=true for each) → summarize - "Audit my dashboard" / "Which panels are broken?" →
grafana_get_dashboard(audit=true) → reviewauditSummary+ per-panelhealth - "Am I being attacked?" / "Security check" / "Security status" →
grafana_security_check - "Set up security monitoring" →
grafana_check_alerts(setup) →grafana_create_dashboard(security-overview) →grafana_create_alert(webhook error burst, cost spike, tool loops, injection signals) - "Investigate security alert" →
grafana_security_check→grafana_query_logs(correlate) →grafana_annotate(mark investigation) →grafana_check_alerts(silence) - "Investigate this alert" / "Why is X broken?" / "Debug this issue" / "Triage" / "Root cause" →
grafana_investigate(multi-signal tr
Content truncated.