Elasticsearch MCP Server – expose your Elasticsearch cluster to any Model Context Protocol (MCP) client (e.g. Claude Desktop) with ready-made tools for listing indices, getting mappings, searching, and shard inspection.
https://github.com/elastic/mcp-server-elasticsearchStop context-switching between your AI assistant and the Elasticsearch console. This MCP server from Elastic connects Claude Desktop (or any MCP client) directly to your Elasticsearch cluster, so you can explore indices, analyze mappings, and run searches using plain English.
You know the drill: you're in the middle of debugging, need to check what's in that user-events-2024 index, but now you're copy-pasting field names, crafting JSON queries, and switching between three different tools. What if you could just ask "Show me all failed login attempts from the last hour" and get results instantly?
That's exactly what this server enables. It gives Claude Desktop four essential Elasticsearch operations through natural language:
list_indices - "What indices do I have?"get_mappings - "Show me the schema for my products index"search - "Find orders over $500 from last month"get_shards - "Which shards are having issues?"Instead of this workflow:
# Terminal 1
curl -X GET "localhost:9200/_cat/indices?v"
# Terminal 2
curl -X GET "localhost:9200/orders/_mapping"
# Back to Terminal 1
curl -X POST "localhost:9200/orders/_search" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{"range": {"amount": {"gte": 500}}},
{"range": {"timestamp": {"gte": "2024-01-01"}}}
]
}
}
}'
You get this:
"Find all orders over $500 from January"
Claude handles the query construction, executes it against your cluster, and explains the results in context.
The setup respects your existing Elasticsearch security model. Use your current API keys or username/password - no additional authentication layers. The server supports both Elasticsearch 8.x and 9.x, custom CA certificates, SSL verification controls, and path prefixes for non-root deployments.
Two installation paths:
Docker (recommended for isolated environments):
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "docker",
"args": ["run", "--rm", "-i", "-e", "ES_URL", "-e", "ES_API_KEY",
"docker.elastic.co/mcp/elasticsearch", "stdio"],
"env": {
"ES_URL": "https://your-cluster:9200",
"ES_API_KEY": "your-api-key"
}
}
}
}
NPM (for direct Node.js environments):
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "npx",
"args": ["-y", "@elastic/mcp-server-elasticsearch"],
"env": {
"ES_URL": "https://your-cluster:9200",
"ES_API_KEY": "your-api-key"
}
}
}
}
The server includes proper security guidance - create dedicated API keys with minimal permissions rather than using cluster-admin privileges:
{
"name": "es-mcp-server-access",
"role_descriptors": {
"mcp_server_role": {
"cluster": ["monitor"],
"indices": [{
"names": ["your-index-*"],
"privileges": ["read", "view_index_metadata"]
}]
}
}
}
This approach follows the principle of least privilege while giving Claude enough access to be genuinely useful.
Data Exploration: "What's the average response time for API calls in the last 24 hours?" - Claude constructs the aggregation query and interprets the results.
Troubleshooting: "Show me error logs where status is 500 and service contains 'payment'" - No more building complex bool queries by hand.
Schema Discovery: "What fields are available in my user-activity index?" - Instant mapping inspection without diving into Kibana.
Performance Analysis: "Which shards have the most documents?" - Shard-level insights delivered conversationally.
The server is experimental (Elastic's research/evaluation phase), but it's built on the official Elasticsearch JavaScript client and follows MCP standards. With 276 stars and active development, it's clearly solving a real problem for developers working with Elasticsearch data.
Ready to stop wrestling with curl commands and start having conversations with your cluster?