Elasticsearch MCP Server
OfficialOfficial Elastic server: list indices, read mappings, and search with Query DSL.
Add to your client
Copy the config for your MCP client and paste it into its config file.
docker run -i --rm -e ES_URL -e ES_API_KEY docker.elastic.co/mcp/elasticsearch stdioPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"ES_URL",
"-e",
"ES_API_KEY",
"docker.elastic.co/mcp/elasticsearch",
"stdio"
],
"env": {
"ES_URL": "<your-elasticsearch-cluster-url>",
"ES_API_KEY": "<your-elasticsearch-api-key>"
}
}
}
}Requires Docker to be installed and running.
Before you start
- An Elasticsearch cluster, version 8.x or 9.x (self-managed, Elastic Cloud, or serverless)
- An Elasticsearch endpoint URL set as ES_URL
- An API key (create one in Kibana under Stack Management > Security > API keys, or via the _security/api_key API) set as ES_API_KEY — or ES_USERNAME / ES_PASSWORD basic-auth credentials
- Node.js (the npm package @elastic/mcp-server-elasticsearch) or Docker installed and running to launch the container
About Elasticsearch MCP Server
The Elasticsearch MCP Server is Elastic's official MCP server for connecting AI assistants to an Elasticsearch cluster. It lets an agent list indices, inspect field mappings, and run searches — using either full Elasticsearch Query DSL or ES|QL — so you can explore and analyze your data through natural language.
It exposes a small, focused toolset: list_indices, get_mappings, search, esql, and get_shards. It connects to Elasticsearch 8.x or 9.x clusters using an API key or username/password, and can run over stdio (for desktop clients) or streamable-HTTP (for web integrations).
Important: Elastic has deprecated this standalone server. Per the repo, it 'is deprecated and will only receive critical security updates going forward. It has been superseded by the Elastic Agent Builder MCP endpoint, which is available in Elastic 9.2.0+ and Elasticsearch Serverless projects.' New projects on recent Elastic versions should prefer Agent Builder; this server remains useful for existing setups and older clusters.
Tools & capabilities (5)
list_indicesList the available indices in the Elasticsearch cluster.
get_mappingsRetrieve the field mappings for a specific index.
searchRun a search using Elasticsearch Query DSL.
esqlExecute an ES|QL query against the cluster.
get_shardsGet shard allocation and status information for indices.
When to use it
- Use it when you want to ask questions about data in your Elasticsearch indices in natural language instead of hand-writing Query DSL.
- Use it when you need to discover what indices exist and inspect their mappings before building a query.
- Use it when you want to prototype ES|QL queries interactively from an MCP client.
- Use it when debugging cluster health and you want a quick look at shard distribution.
- Use it when integrating Elasticsearch search results into an agent workflow on an existing 8.x/9.x cluster.
Quick setup
- 1Confirm you have an Elasticsearch 8.x or 9.x cluster and its endpoint URL.
- 2Create an API key in Kibana (Security > API keys) or gather basic-auth credentials.
- 3Add the server to your MCP client, running it via npx (@elastic/mcp-server-elasticsearch) or the Docker image with the `stdio` command.
- 4Pass ES_URL and ES_API_KEY (or ES_USERNAME/ES_PASSWORD) as environment variables.
- 5Restart your MCP client and verify by asking the agent to list indices.
- 6For new deployments on Elastic 9.2.0+, evaluate the Elastic Agent Builder MCP endpoint instead, as this server is deprecated.
Security notes
Use an Elasticsearch API key scoped to read-only on only the indices the agent needs rather than cluster-admin credentials. The project is deprecated to security-only maintenance, so plan to migrate to Elastic Agent Builder for new work.
Elasticsearch MCP Server FAQ
Is this server still maintained?
It is deprecated and receives only critical security updates. Elastic recommends the Agent Builder MCP endpoint (Elastic 9.2.0+ and serverless) for new work, but the server still functions for existing and older clusters.
How do I authenticate?
Use an Elasticsearch API key set as ES_API_KEY, or basic auth with ES_USERNAME and ES_PASSWORD, alongside your ES_URL endpoint.
Which Elasticsearch versions are supported?
Elasticsearch 8.x and 9.x clusters, whether self-managed, on Elastic Cloud, or serverless.
Can I run it without Docker?
Yes. You can run it via npx using the @elastic/mcp-server-elasticsearch npm package, or use the Docker image — both support the stdio transport for desktop MCP clients.
Does it support remote/HTTP access?
Yes. In addition to stdio, it can run with the `http` command (streamable-HTTP, default port 8080) for web-based integrations.
Alternatives to Elasticsearch MCP Server
Official PostHog server: product analytics, feature flags, experiments, error tracking and SQL.
Run PromQL queries and analyze Prometheus metrics from any MCP client.
Datadog's managed remote server: query logs, metrics, traces, monitors and incidents.
Compare Elasticsearch MCP Server with: