Connect to the Elasticsearch cluster.

Uses configuration from environment variables (ES_HOST, ES_API_KEY, etc.).

Returns: Connection status and cluster information.

Disconnect from the Elasticsearch cluster.

Returns: Disconnection status.

Get the health status of the Elasticsearch cluster.

Returns: Cluster health including status (green/yellow/red), nodes, and shards.

Get cluster version and information.

Returns: Cluster name, version, build info, and compatibility versions.

List all nodes in the cluster.

Returns: Node names, IPs, roles, and resource usage (CPU, memory, disk).

Get cluster-wide statistics.

Returns: Aggregated statistics for indices and nodes across the cluster.

List all indices in the cluster.

Args: pattern: Index pattern to filter (supports wildcards like "logs-*"). include_hidden: Include hidden indices starting with "." (default: False).

Returns: List of indices with health, status, doc count, and size.

Get detailed information about an index.

Args: index: Name of the index to describe.

Returns: Index mappings (fields and types), settings, and statistics.

Get statistics for an index.

Args: index: Name of the index.

Returns: Document counts, store size, indexing and search statistics.

Get field mappings for an index.

Args: index: Name of the index.

Returns: Field definitions including types, analyzers, and options.

Get index aliases.

Args: index: Optional index name to filter aliases.

Returns: List of aliases with their target indices.

Execute a search query using Elasticsearch Query DSL.

Args: index: Index to search (supports wildcards like "logs-*"). query: Elasticsearch query DSL (e.g., {"match": {"message": "error"}}). size: Maximum results to return (default: 10, max: from config). from_: Starting offset for pagination. sort: Sort specification (e.g., [{"@timestamp": "desc"}]).

Returns: Search hits with _id, _score, and _source fields.

Execute a simple query string search.

Args: index: Index to search. q: Query string (supports Lucene syntax like "status:error AND level:critical"). size: Maximum results to return.

Returns: Search hits matching the query string.

Count documents matching a query.

Args: index: Index to count. query: Optional query to filter documents.

Returns: Document count.

Get a document by ID.

Args: index: Index containing the document. doc_id: Document ID.

Returns: Document source data or not found error.

Execute an aggregation query.

Args: index: Index to aggregate. aggs: Aggregation definition (e.g., {"status_count": {"terms": {"field": "status"}}}). query: Optional query to filter documents before aggregating.

Returns: Aggregation results with buckets and metrics.

Get top values for a field (terms aggregation).

Args: index: Index to aggregate. field: Field to get top values for (must be keyword or numeric). size: Number of top terms to return (default: 10). query: Optional query to filter documents.

Returns: Top field values with document counts.

Get document counts over time (date histogram).

Args: index: Index to aggregate. field: Date field to aggregate on (e.g., "@timestamp"). interval: Time interval (minute, hour, day, week, month, year). query: Optional query to filter documents.

Returns: Time buckets with document counts.