patrykkopycinski/o11y-full-setup
skills/o11y-full-setup/SKILL.md
Interactive guide for complete Observability setup — discovers data, presents summary, creates dashboards and SLOs based on user approval.
$ install --global
skillsauthnpx skillsauth add patrykkopycinski/elastic-cursor-plugin o11y-full-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 27, 2026, 6:26 AM115.2s1 file scanned
SKILL.md
- name:
- o11y-full-setup
- description:
- Interactive guide for complete Observability setup — discovers data, presents summary, creates dashboards and SLOs based on user approval.
O11Y Full Setup Workflow
Guide the user through a complete Observability configuration for their Elastic deployment.
This is the umbrella skill. For focused tasks, see the related skills:
o11y-slo-setupfor SLO creation,o11y-service-dashboardfor individual service dashboards.
Trigger
Use when the user asks to:
- "Set up observability"
- "Configure O11Y"
- "Observability onboarding"
- "Monitor my services"
- "Full monitoring setup"
Also activates on keywords: "observability setup", "O11Y onboarding", "monitoring setup", "full observability", "end-to-end monitoring"
Do NOT use when:
- "Create SLO" only (→ use
o11y-slo-setup) - "Create dashboard" only (→ use
o11y-service-dashboard)
Steps
0. Get Cluster Context
Call get_cluster_context to get cached cluster awareness — version, health, installed features, and observability capabilities. This determines what's already configured and what needs setup.
1. Discover Data
Call discover_o11y_data with no filters to get a complete picture of available data.
Present the results to the user as a summary:
- How many APM services were found
- How many hosts/containers are sending metrics
- How many log sources exist
- Data freshness status
2. Generate Summary with Recommendations
Call get_data_summary with the discovery results and format: "json".
Present the recommendations to the user:
- "I found N dashboardable services and M SLO candidates"
- List each recommended dashboard with its type and what it covers
- List each recommended SLO with its indicator type and target
3. User Decision Point — Dashboards
Ask the user which recommended dashboards they want to create:
- Present each as a numbered option
- Allow "all" or specific selections
- Allow the user to customize titles or skip entirely
4. Create Dashboards
For each approved dashboard, call kibana_api with POST /api/dashboards/dashboard and the recommended configuration as the request body.
Report each created dashboard with its URL.
5. User Decision Point — SLOs
Ask the user which recommended SLOs they want to create:
- Present each as a numbered option with service name, indicator type, and target
- Allow "all" or specific selections
- Allow the user to adjust targets before creation
6. Create SLOs
For each approved SLO, call kibana_api with POST /api/observability/slos and the configured parameters as the request body.
Report each created SLO with its ID and URL.
7. Summary
Present a final summary:
- Total dashboards created with URLs
- Total SLOs created with IDs
- APM instrumentation status
- Log shipping status
- Alert rules configured
- Any warnings or issues encountered
- Suggested next steps (add more services, configure additional alert rules, etc.)
8. Set Up Application Instrumentation (Optional)
If APM data is missing or the user wants to add new services, call setup_apm to guide application instrumentation:
- Language-specific agent installation
- Configuration for connecting to the Elastic APM server
- Verification that data is flowing
9. Set Up Log Shipping (Optional)
If log data is missing or incomplete, call setup_log_shipping to configure log ingestion:
- Identify log sources (application logs, system logs, container logs)
- Configure Elastic Agent or Filebeat
- Set up log parsing and field extraction
10. Create Alert Rules (Optional)
After dashboards and SLOs are created, offer to set up alerting using create_alert_rule:
- Latency threshold alerts for critical services
- Error rate spike alerts
- SLO burn rate alerts
- Infrastructure health alerts (CPU, memory, disk)
Tools Used
get_cluster_context— cached cluster awareness (version, health, capabilities)discover_o11y_data— discover available O11Y dataget_data_summary— generate summary with recommendationssetup_apm— guide application instrumentation setupsetup_log_shipping— configure log ingestioncreate_alert_rule— create alert rules for services and infrastructurecreate_dashboard— high-level dashboard creation from discovered datakibana_api— create dashboards (POST /api/dashboards/dashboard) and SLOs (POST /api/observability/slos)
API References
elastic://docs/api/kibana— Kibana REST API reference for dashboard and SLO endpoints
Prerequisites
ES_URLandES_API_KEY(or basic auth) configured- At least some O11Y data flowing into Elasticsearch
Related Skills
o11y-slo-setup— focused SLO creation workflowo11y-service-dashboard— focused service dashboard creation
Related Skills
patrykkopycinski/security-threat-hunting
testing
VerifiedTrustedCommunity
Interactive threat hunting workflow using ES|QL and Elasticsearch queries — from hypothesis formulation through data exploration, IOC search, and finding documentation.
6SKILL.mdUpdated May 27, 2026
patrykkopycinski/security-inbox
testing
VerifiedTrustedCommunity
Start your security session with a personalized briefing — attacks, alerts, cases, rules, threat intel. Use as the first thing when starting security work.
6SKILL.mdUpdated May 27, 2026
patrykkopycinski/security-full-setup
testing
VerifiedTrustedCommunity
Interactive guide for complete Elastic Security setup — discovers data sources, assesses detection coverage, configures rules, and creates security dashboards.
6SKILL.mdUpdated May 27, 2026
patrykkopycinski/security-detection-engineering
testing
VerifiedTrustedCommunity
Guide for authoring custom detection rules — from threat hypothesis through rule creation, testing, and tuning with KQL, EQL, ES|QL, and threshold rules.
6SKILL.mdUpdated May 27, 2026