Back to MCP Servers

Elasticsearch MCP Server

Official Elastic MCP server that lets AI agents query Elasticsearch indices using natural language, with support for search, ES|QL, and mappings.

Database by Elastic API Key active
GitHub Docs
Overview

The Elasticsearch MCP Server is the official Elastic-maintained Model Context Protocol server that connects AI agents to an Elasticsearch cluster. It enables agents to list indices, inspect mappings, run query DSL searches, execute ES|QL queries, and inspect shard information using natural language, without writing custom API integrations.

The server is distributed as a Docker container (docker.elastic.co/mcp/elasticsearch) and supports two transports: stdio for local MCP clients like Claude Desktop, and streamable HTTP for web integrations and concurrent clients. Authentication is handled through environment variables, supporting either an API key or basic auth (username and password) against the target Elasticsearch cluster.

Note: As of Elastic 9.2, this server is deprecated and only receives critical security updates. Elastic recommends the new Agent Builder MCP endpoint for new deployments on Elasticsearch 9.2+ or Elastic Cloud Serverless. This server remains useful for earlier 8.x and 9.x clusters that lack Agent Builder.

Tools

Tool Description
list_indices List all available Elasticsearch indices on the configured cluster.
get_mappings Get field mappings for a specific index.
search Perform an Elasticsearch search using Query DSL against an index.
esql Execute an ES
get_shards Get shard information for all indices or a specific index.
Setup Guide

Prerequisites

  • An Elasticsearch cluster (version 8.x or 9.x) reachable from where the MCP server runs
  • An API key, or username and password, for the cluster
  • Docker installed locally (or in your deployment environment)
  • An MCP client (Claude Desktop, Cursor, VS Code, etc.)

Stdio transport (Claude Desktop)

Pull and run the official Elastic Docker image. Add the following to your Claude Desktop claude_desktop_config.json:

{
  "mcpServers": {
    "elasticsearch-mcp-server": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "ES_URL",
        "-e", "ES_API_KEY",
        "docker.elastic.co/mcp/elasticsearch",
        "stdio"
      ],
      "env": {
        "ES_URL": "https://your-cluster.es.amazonaws.com:9200",
        "ES_API_KEY": "your-elasticsearch-api-key"
      }
    }
  }
}

HTTP transport

Run the container exposing port 8080:

docker run --rm \
  -e ES_URL \
  -e ES_API_KEY \
  -p 8080:8080 \
  docker.elastic.co/mcp/elasticsearch \
  http

The MCP endpoint is then available at http://<host>:8080/mcp, with a health check at http://<host>:8080/ping. Connect via an HTTP-capable MCP client or mcp-proxy.

Environment variables

  • ES_URL: Elasticsearch cluster URL
  • ES_API_KEY: API key for authentication
  • ES_USERNAME / ES_PASSWORD: alternative basic auth credentials
  • ES_SSL_SKIP_VERIFY: set to true to skip TLS verification (development only)

Deprecation note

This server is deprecated in Elastic 9.2 in favor of the Agent Builder MCP endpoint. Use it for earlier 8.x or 9.x clusters where Agent Builder is not available.

Use Cases
  • Ask an agent to run ES|QL queries over application logs and summarize anomalies or top error sources
  • Explore an unfamiliar cluster by listing indices and inspecting mappings before authoring a query
  • Run ad hoc Query DSL searches against product, content, or document indices from a chat interface
  • Investigate cluster layout and shard distribution when troubleshooting performance or rebalancing
  • Build natural language analytics over business data already indexed in Elasticsearch (orders, events, metrics)
Example Prompts
  • "List all indices on the cluster and show me the mapping for logs-app-prod."
  • "Run an ES|QL query to count errors per service in the last 24 hours, grouped by hour."
  • "Search the products index for items with price under 50 and category = shoes, sorted by rating desc."
  • "Show shard allocation for the metrics-* indices and flag any unassigned shards."
  • "Find the top 10 user IDs by event count in events-2026-05 using a terms aggregation."
Pros
  • Officially maintained by Elastic, the vendor of Elasticsearch
  • Supports both stdio and streamable HTTP transports, suitable for local and server deployments
  • Exposes both Query DSL search and esql tools, covering both classic and modern query workflows
  • Distributed as a signed Docker image from docker.elastic.co, simplifying deployment
Limitations
  • Deprecated as of Elastic 9.2; only critical security updates going forward
  • Limited tool set (5 tools); no write or index management operations
  • Docker is effectively required, which adds setup overhead vs. a native binary or npx package
Alternatives
More Database MCP Servers
ClickHouse
Official ClickHouse MCP server for natural language SQL querying of ClickHouse clusters and chDB embedded instances, with read-only mode by default.
Dremio
Official Dremio MCP server for querying lakehouse data via natural language. Hosted by Dremio Cloud with OAuth, or self-hosted from the open source repo.
Microsoft SQL
Official Microsoft MCP server for SQL Server, Azure SQL, and Microsoft Fabric. Exposes schema discovery, table management, and CRUD operations via natural language.
MotherDuck
Run analytical SQL with the DuckDB engine across local files, S3, and MotherDuck cloud databases from inside any MCP client.