The Elasticsearch MCP Server enables interaction with Elasticsearch and OpenSearch clusters for managing indices, documents, and cluster health.
You can:
List indices: Retrieve all indices in the cluster
Create, delete, and manage indices: Perform index operations
Get index mapping and settings: Fetch mappings and configurations
Search documents: Perform custom queries to search documents
Manage documents: Index, retrieve, and delete documents
Get cluster health and stats: Check status and obtain statistics
Manage aliases: Create, update, delete, and list aliases
General operations: Execute any Elasticsearch/OpenSearch API request
Provides Elasticsearch interaction allowing users to search documents, analyze indices, and manage clusters through natural language queries
Mentions that Kibana is accessible as part of the Elasticsearch cluster setup, though interaction is primarily through the Elasticsearch API
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Elasticsearch MCP Serversearch for documents in the logs index from the last hour"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Elasticsearch/OpenSearch MCP Server
Overview
A Model Context Protocol (MCP) server implementation that provides Elasticsearch and OpenSearch interaction. This server enables searching documents, analyzing indices, and managing cluster through a set of tools.
Related MCP server: OpenSearch MCP Server
Demo
https://github.com/user-attachments/assets/f7409e31-fac4-4321-9c94-b0ff2ea7ff15
Features
General Operations
general_api_request: Perform a general HTTP API request. Use this tool for any Elasticsearch/OpenSearch API that does not have a dedicated tool.
Index Operations
list_indices: List all indices.get_index: Returns information (mappings, settings, aliases) about one or more indices.create_index: Create a new index.delete_index: Delete an index.create_data_stream: Create a new data stream (requires matching index template).get_data_stream: Get information about one or more data streams.delete_data_stream: Delete one or more data streams and their backing indices.
Document Operations
search_documents: Search for documents.index_document: Creates or updates a document in the index.get_document: Get a document by ID.delete_document: Delete a document by ID.delete_by_query: Deletes documents matching the provided query.
Cluster Operations
get_cluster_health: Returns basic information about the health of the cluster.get_cluster_stats: Returns high-level overview of cluster statistics.
Alias Operations
list_aliases: List all aliases.get_alias: Get alias information for a specific index.put_alias: Create or update an alias for a specific index.delete_alias: Delete an alias for a specific index.
Analyzer Operations
analyze_text: Analyze text using a specified analyzer or custom analysis chain. Useful for debugging search queries and understanding how text is tokenized.
Configure Environment Variables
The MCP server supports the following environment variables:
Basic Authentication (Username/Password)
ELASTICSEARCH_USERNAME: Username for basic authenticationELASTICSEARCH_PASSWORD: Password for basic authenticationOPENSEARCH_USERNAME: Username for OpenSearch basic authenticationOPENSEARCH_PASSWORD: Password for OpenSearch basic authentication
API Key Authentication (Elasticsearch only) - Recommended
ELASTICSEARCH_API_KEY: API key for Elasticsearch or Elastic Cloud Authentication.
Connection Settings
ELASTICSEARCH_HOSTS/OPENSEARCH_HOSTS: Comma-separated list of hosts (default:https://localhost:9200)VERIFY_CERTS: Whether to verify SSL certificates (default:false)REQUEST_TIMEOUT: Request timeout in seconds (optional, uses client default if not set)
MCP Server Authentication (HTTP Transports Only)
When running the MCP server with HTTP-based transports (SSE or Streamable HTTP), you can enable Bearer token authentication to protect the server from unauthorized access.
MCP_API_KEY: API key for MCP server authentication. Clients must includeAuthorization: Bearer <MCP_API_KEY>header.
Important Security Notes:
Authentication is only applicable for HTTP transports (
sse,streamable-http). Thestdiotransport uses local process communication and doesn't require authentication.If
MCP_API_KEYis not set, the MCP server will be accessible without authentication. This is a security risk when exposing the server over a network.For production deployments with HTTP transports, always set .
# Generate a secure API key (example using openssl)
export MCP_API_KEY=$(openssl rand -base64 32)
# Or set a custom API key
export MCP_API_KEY="your-secure-api-key-here"Disable High-Risk Operations
DISABLE_HIGH_RISK_OPERATIONS: Set totrueto disable all write operations (default:false)DISABLE_OPERATIONS: Comma-separated list of specific operations to disable (optional, uses default write operations list if not set)
When DISABLE_HIGH_RISK_OPERATIONS is set to true, all MCP tools that perform write operations are completely hidden from the MCP client. In this mode, the following MCP tools are disabled by default.
Index Operations:
create_indexdelete_index
Document Operations:
index_documentdelete_documentdelete_by_query
Data Stream Operations:
create_data_streamdelete_data_stream
Alias Operations:
put_aliasdelete_alias
General API Operations:
general_api_request
Optionally, you can specify a comma-separated list of operations to disable in the DISABLE_OPERATIONS environment variable.
# Disable High-Risk Operations
export DISABLE_HIGH_RISK_OPERATIONS=true
# Disable specific operations only
export DISABLE_OPERATIONS="delete_index,delete_document,delete_by_query"Start Elasticsearch/OpenSearch Cluster
Start the Elasticsearch/OpenSearch cluster using Docker Compose:
# For Elasticsearch
docker-compose -f docker-compose-elasticsearch.yml up -d
# For OpenSearch
docker-compose -f docker-compose-opensearch.yml up -dThe default Elasticsearch username is elastic and password is test123. The default OpenSearch username is admin and password is admin.
You can access Kibana/OpenSearch Dashboards from http://localhost:5601.
Stdio
Option 1: Using uvx
Using uvx will automatically install the package from PyPI, no need to clone the repository locally. Add the following configuration to 's config file claude_desktop_config.json.
// For Elasticsearch with username/password
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "uvx",
"args": [
"elasticsearch-mcp-server"
],
"env": {
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_USERNAME": "elastic",
"ELASTICSEARCH_PASSWORD": "test123"
}
}
}
}
// For Elasticsearch with API key
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "uvx",
"args": [
"elasticsearch-mcp-server"
],
"env": {
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_API_KEY": "<YOUR_ELASTICSEARCH_API_KEY>"
}
}
}
}
// For OpenSearch
{
"mcpServers": {
"opensearch-mcp-server": {
"command": "uvx",
"args": [
"opensearch-mcp-server"
],
"env": {
"OPENSEARCH_HOSTS": "https://localhost:9200",
"OPENSEARCH_USERNAME": "admin",
"OPENSEARCH_PASSWORD": "admin"
}
}
}
}Option 2: Using uv with local development
Using uv requires cloning the repository locally and specifying the path to the source code. Add the following configuration to Claude Desktop's config file claude_desktop_config.json.
// For Elasticsearch with username/password
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "uv",
"args": [
"--directory",
"path/to/elasticsearch-mcp-server",
"run",
"elasticsearch-mcp-server"
],
"env": {
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_USERNAME": "elastic",
"ELASTICSEARCH_PASSWORD": "test123"
}
}
}
}
// For Elasticsearch with API key
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "uv",
"args": [
"--directory",
"path/to/elasticsearch-mcp-server",
"run",
"elasticsearch-mcp-server"
],
"env": {
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_API_KEY": "<YOUR_ELASTICSEARCH_API_KEY>"
}
}
}
}
// For OpenSearch
{
"mcpServers": {
"opensearch-mcp-server": {
"command": "uv",
"args": [
"--directory",
"path/to/elasticsearch-mcp-server",
"run",
"opensearch-mcp-server"
],
"env": {
"OPENSEARCH_HOSTS": "https://localhost:9200",
"OPENSEARCH_USERNAME": "admin",
"OPENSEARCH_PASSWORD": "admin"
}
}
}
}SSE
Option 1: Using uvx
# export environment variables (with username/password)
export ELASTICSEARCH_HOSTS="https://localhost:9200"
export ELASTICSEARCH_USERNAME="elastic"
export ELASTICSEARCH_PASSWORD="test123"
# OR export environment variables (with API key)
export ELASTICSEARCH_HOSTS="https://localhost:9200"
export ELASTICSEARCH_API_KEY="<YOUR_ELASTICSEARCH_API_KEY>"
# By default, the SSE MCP server will serve on http://127.0.0.1:8000/sse
uvx elasticsearch-mcp-server --transport sse
# The host, port, and path can be specified using the --host, --port, and --path options
uvx elasticsearch-mcp-server --transport sse --host 0.0.0.0 --port 8000 --path /sseOption 2: Using uv
# By default, the SSE MCP server will serve on http://127.0.0.1:8000/sse
uv run src/server.py elasticsearch-mcp-server --transport sse
# The host, port, and path can be specified using the --host, --port, and --path options
uv run src/server.py elasticsearch-mcp-server --transport sse --host 0.0.0.0 --port 8000 --path /sseStreamable HTTP
Option 1: Using uvx
# export environment variables (with username/password)
export ELASTICSEARCH_HOSTS="https://localhost:9200"
export ELASTICSEARCH_USERNAME="elastic"
export ELASTICSEARCH_PASSWORD="test123"
# OR export environment variables (with API key)
export ELASTICSEARCH_HOSTS="https://localhost:9200"
export ELASTICSEARCH_API_KEY="<YOUR_ELASTICSEARCH_API_KEY>"
# By default, the Streamable HTTP MCP server will serve on http://127.0.0.1:8000/mcp
uvx elasticsearch-mcp-server --transport streamable-http
# The host, port, and path can be specified using the --host, --port, and --path options
uvx elasticsearch-mcp-server --transport streamable-http --host 0.0.0.0 --port 8000 --path /mcpOption 2: Using uv
# By default, the Streamable HTTP MCP server will serve on http://127.0.0.1:8000/mcp
uv run src/server.py elasticsearch-mcp-server --transport streamable-http
# The host, port, and path can be specified using the --host, --port, and --path options
uv run src/server.py elasticsearch-mcp-server --transport streamable-http --host 0.0.0.0 --port 8000 --path /mcpCompatibility
The MCP server is compatible with Elasticsearch 7.x, 8.x, and 9.x. By default, it uses the Elasticsearch 8.x client (without a suffix).
MCP Server | Elasticsearch |
elasticsearch-mcp-server-es7 | Elasticsearch 7.x |
elasticsearch-mcp-server | Elasticsearch 8.x |
elasticsearch-mcp-server-es9 | Elasticsearch 9.x |
opensearch-mcp-server | OpenSearch 1.x, 2.x, 3.x |
To use the Elasticsearch 7.x client, run the elasticsearch-mcp-server-es7 variant. For Elasticsearch 9.x, use elasticsearch-mcp-server-es9. For example:
uvx elasticsearch-mcp-server-es7If you want to run different Elasticsearch variants (e.g., 7.x or 9.x) locally, simply update the elasticsearch dependency version in pyproject.toml, then start the server with:
uv run src/server.py elasticsearch-mcp-serverLicense
This project is licensed under the Apache License Version 2.0 - see the LICENSE file for details.