home / mcp / elasticsearch mcp server
Provides direct access to Elasticsearch data via MCP with index listing, mappings, searches, and shard info.
Configuration
View docs{
"mcpServers": {
"ampcome-mcps-elasticsearch-mcp": {
"url": "https://mcp.example.com/elasticsearch",
"headers": {
"ES_URL": "https://es.example.com",
"ES_API_KEY": "svc-abc123",
"ES_CA_CERT": "/path/to/ca.pem",
"ES_VERSION": "9.x",
"ES_PASSWORD": "password",
"ES_USERNAME": "elastic",
"ES_PATH_PREFIX": "/es",
"ES_SSL_SKIP_VERIFY": "1"
}
}
}
}You can connect to your Elasticsearch data directly from an MCP Client using the Model Context Protocol. This MCP Server lets you interact with Elasticsearch indices through natural language conversations, performing queries, exploring mappings, and viewing index details without writing raw queries.
Open your MCP Client and start a new conversation. The MCP Server connects to your Elasticsearch data and you can ask questions like which indices exist, what fields are available, or to run searches with your preferred criteria. You can request index mappings, list shards, or perform searches with highlighting and query explanations. Use the available MCP server capabilities to explore and analyze your data through natural language prompts.
Prerequisites you need before installation are an Elasticsearch instance, valid authentication credentials, Docker (or an OCI runtime), and an MCP Client such as Claude Desktop.
Option A: Using Docker
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "ES_URL",
"-e", "ES_API_KEY",
"docker.elastic.co/mcp/elasticsearch", "stdio"
],
"env": {
"ES_URL": "<your-elasticsearch-url>",
"ES_API_KEY": "<your-api-key>"
}
}
}
}Option B: Using the Published NPM Package
Open your MCP Client and add a new MCP Server with the following configuration:
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "npx",
"args": [
"-y",
"@elastic/mcp-server-elasticsearch"
],
"env": {
"ES_URL": "<your-elasticsearch-url>",
"ES_API_KEY": "<your-api-key>",
"OTEL_LOG_LEVEL": "none"
}
}
}
}Open a new conversation in your MCP Client. The MCP server should connect automatically, and you can begin asking questions about your Elasticsearch data.
You must provide either an API key or both a username and password for authentication. The following environment variables are used to connect to Elasticsearch:
If you want to modify or extend the MCP Server locally, follow these steps.
Avoid using cluster-admin privileges. Create dedicated API keys with limited scope and apply fine-grained access control at the index level to prevent unauthorized data access.
Ask natural language questions like: What indices do I have in my Elasticsearch cluster? Show me the field mappings for a specific index. Find all orders over a certain amount from a given period.
Your MCP Client analyzes your request to determine the required Elasticsearch operations. The MCP Server executes these actions (listing indices, fetching mappings, performing searches), and the client presents results in a user-friendly format.
Ensure your MCP configuration is correct and that the Elasticsearch URL is accessible from your machine. Verify credentials have the necessary permissions and if using SSL with a custom CA, confirm the certificate path is correct and readable. Review terminal output for error messages and consult logs for details.
The server supports listing indices, retrieving index mappings, performing searches, and inspecting shard information. Use these capabilities through your MCP Client to interact with Elasticsearch data.
List all available Elasticsearch indices
Get field mappings for a specific Elasticsearch index
Perform an Elasticsearch search with the provided query DSL including highlighting, profiling, and explanation
Get shard information for all or specific indices