Best Elastic MCP Servers

Elastic is a search company that builds self-managed and SaaS offerings for search, logging, security, observability, and analytics use cases.

View all Elastic MCP Servers

Why this server?
Converts Sigma rules to Elasticsearch Lucene queries for detection in Elasticsearch.
wrg-sigma-rules
Security Observability
WRG-11
A
license
A
quality
A
maintenance
Sigma detection rule writing, validation, and pySigma-based multi-backend conversion (Splunk, Elastic, Wazuh, Kibana) via 3 MCP tools and 3 Claude Code skills, backed by a 61-rule production corpus across 11 MITRE ATT\&CK tactic categories.
Last updated 2026-06-10
3
MIT
Why this server?
Connects to Elastic products, specifically Elasticsearch, enabling natural language interaction with indices, mappings, and search capabilities.
Elasticsearch MCP Server
Databases Search RAG Systems
rishab2404
A
license
B
quality
C
maintenance
Connects to Elasticsearch databases using the Model Context Protocol, allowing users to query and interact with their Elasticsearch indices through natural language conversations.
Last updated 2025-06-26
4
3
Apache 2.0
Why this server?
Facilitates interaction with Elastic's search and analytics engine, providing capabilities for document indexing, search, index management, and cluster health monitoring.
Elasticsearch/OpenSearch MCP
Databases Search Monitoring
Rbedoyag
A
license
B
quality
C
maintenance
An MCP server that enables interaction with Elasticsearch and OpenSearch clusters for searching documents and managing indices. It provides tools for cluster health monitoring, index configuration, and general API requests.
Last updated 2025-07-05
16
Apache 2.0
Why this server?
Provides detection lookup files for enrichment in Elasticsearch, enabling efficient threat detection queries using ES|QL ENRICH.
agentic-detection-lookups
Security Search
detection-forge
A
license
A
quality
A
maintenance
Machine-readable detection lookups for SIEM enrichment and AI agents. Query 800+ LOLBAS and GTFOBins binaries plus process parent-child baselines — get risk levels, abuse categories, and MITRE ATT\&CK mappings without embedding data in prompts.
Last updated 2026-05-17
6
Apache 2.0
Why this server?
Provides a comprehensive set of tools for security management, search operations, index management, and cluster monitoring within an Elasticsearch instance, allowing for management of users, roles, API keys, and execution of complex queries.
Elastic MCP Server
Databases Search Monitoring
schwarztim
F
license
B
quality
-
maintenance
Provides comprehensive tools for managing Elasticsearch clusters, including security management, search operations, and index administration. It enables users to monitor cluster health, handle InfoSec tasks, and execute complex queries using Elasticsearch Query DSL and ES|QL.
Last updated 2026-01-27
37
Why this server?
Provides tools for querying, summarizing, and tracing logs stored in Elasticsearch, enabling AI assistants to analyze observability data directly.
mcp-server-logs-sieve
Monitoring Observability Search
Oluwatunmise-olat
A
license
-
quality
A
maintenance
An MCP server that connects Claude (or any MCP compatible client) to your existing log infrastructure. Query, summarize, and trace logs in plain English across GCP Cloud Logging, AWS CloudWatch, Azure Log Analytics, Grafana Loki, and Elasticsearch without writing filter expressions or leaving your editor.
Last updated 2026-04-22
8
2
MIT
Why this server?
Provides tools to manage and query a knowledge base within Elastic, including document ingestion, text chunking, and semantic search retrieval.
ElasticMind-MCP
Databases Search RAG Systems
ViratGarg2
F
license
A
quality
D
maintenance
An MCP server that indexes PDF documentation and text into Elasticsearch for semantic search and retrieval. It enables users to query knowledge bases, ingest new files, and dynamically update content through MCP-compatible clients like Claude Desktop and Cursor.
Last updated 2025-12-13
4
1
Why this server?
Supports rendering diagrams for Elastic Cloud infrastructure.
diagrams-mcp
Software Architecture Developer Tools
ByteOverDev
A
license
-
quality
C
maintenance
Enables generating cloud architecture diagrams, flowcharts, sequence diagrams, and more using three rendering engines: mingrammer/diagrams, Mermaid, and PlantUML.
Last updated 2026-06-10
2
MIT
Why this server?
Enables searching security events, pivoting on indicators, and performing endpoint response actions like isolation and forensic collection.
SamiGPT
Security Autonomous Agents Monitoring
M507
A
license
-
quality
D
maintenance
An AI-powered security operations platform that integrates with SIEM, EDR, and case management systems via MCP to automate incident response and investigation workflows. It provides specialized tools for alert triage, threat intelligence enrichment, and endpoint remediation across vendor-neutral APIs.
Last updated 2025-12-28
36
MIT