Model Context Protocol (MCP) server that exposes Elasticsearch & OpenSearch operations (indices, documents, cluster, aliases) over multiple transports (stdio, SSE, streamable-HTTP).
https://github.com/cr7258/elasticsearch-mcp-serverYou know the drill: you're debugging a production issue, need to search through logs in Elasticsearch, and suddenly you're juggling multiple tabs – your AI assistant in one, Kibana in another, and the ES documentation in a third. Every query becomes a context-switching nightmare.
This MCP server eliminates that friction entirely. Instead of translating your thoughts into complex DSL queries, you can directly ask Claude to search your ES cluster, analyze indices, or check cluster health in plain English.
Before: "Let me check cluster health... switches to Kibana ...now I need to search for errors in the last hour... writes complex query ...wait, what was that field name again?"
After: "Check cluster health and search for any 500 errors in the logs from the last hour."
The server handles the heavy lifting – translating natural language requests into proper Elasticsearch queries, managing connections, and presenting results in a readable format.
Debugging Production Issues
"Show me all ERROR level logs from the api-service index in the last 2 hours,
group them by error message, and check if there are any cluster health issues."
Data Exploration
"What's in the user-analytics index? Show me the mapping and a few sample documents,
then find the most common user agents from today."
Index Management
"Create a new index called 'metrics-2024' with 5 shards, copy the mapping from
'metrics-2023', and set up an alias pointing to it."
Performance Analysis
"Check cluster stats, show me which indices are using the most storage,
and find any slow queries from the past hour."
The server exposes every operation you actually use in production:
Instant Setup with uvx (recommended for most developers):
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "uvx",
"args": ["elasticsearch-mcp-server"],
"env": {
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_USERNAME": "elastic",
"ELASTICSEARCH_PASSWORD": "your-password"
}
}
}
}
HTTP Endpoints for custom integrations:
# Start as HTTP service
uvx elasticsearch-mcp-server --transport streamable-http --host 0.0.0.0 --port 8000
Local Development with full source control:
git clone https://github.com/cr7258/elasticsearch-mcp-server
uv run src/server.py elasticsearch-mcp-server
Whether you're running Elasticsearch in Docker, AWS OpenSearch, or a managed cluster, the server adapts to your environment. It supports both Elasticsearch and OpenSearch with the same interface, so you don't need different tools for different clusters.
The included Docker Compose files get you running locally in seconds – perfect for testing queries before running them against production.
This isn't a proof-of-concept. The server supports multiple transport protocols (stdio, SSE, HTTP), handles authentication properly, and includes comprehensive error handling. The 160+ GitHub stars suggest other developers are already using this in real workflows.
The general API request tool means you're never limited – if there's an Elasticsearch API endpoint you need that doesn't have a dedicated tool, you can still access it through the MCP server.
Your Elasticsearch clusters become as accessible as having a conversation. No more query syntax lookups, no more context switching, no more copying and pasting between tools. Just natural interaction with your search infrastructure.