GlenRequest access

Elasticsearch MCP server

OfficialElastic667Config last verified Jun 1, 2026

Elastic's official MCP server lets an agent list indices, read mappings, and run full-text and ES|QL queries against an Elasticsearch cluster.

The Elasticsearch MCP Server is the official server from Elastic that connects an AI agent directly to an Elasticsearch cluster using natural language. The agent can enumerate the indices it has access to, inspect field mappings to understand how a given index is structured, run searches with the full Elasticsearch Query DSL (including highlighting, query profiling, and explain), and execute ES|QL queries — Elastic's piped query language — for aggregations and analytics. A get_shards tool surfaces shard distribution for diagnosing cluster layout.

It runs over stdio (launched with npx) or as a streamable-HTTP service, and authenticates with an API key via ES_API_KEY or basic auth via ES_USERNAME and ES_PASSWORD against the cluster at ES_URL. It works against Elastic Cloud and self-managed clusters alike. Note that as of Elastic 9.2 this standalone server is in maintenance mode receiving only critical security fixes, with new development moving to the Agent Builder MCP endpoint built into Elasticsearch; the standalone server remains installable and useful for read-oriented search and analytics over an existing cluster.

Quick install

Copy-paste configs are provided for all 8 supported clients. Pick your client below.

Add to ~/.claude.json

~/.claude.json
json
{
  "mcpServers": {
    "elasticsearch": {
      "command": "npx",
      "args": [
        "-y",
        "@elastic/mcp-server-elasticsearch"
      ],
      "env": {
        "ES_URL": "<ES_URL>",
        "ES_API_KEY": "<ES_API_KEY>"
      }
    }
  }
}
Or via CLI
bash
claude mcp add elasticsearch -- npx -y @elastic/mcp-server-elasticsearch

Step-by-step guides

Available tools

ToolDescription
list_indicesList all available Elasticsearch indices the connection can access.
get_mappingsGet the field mappings for a specific Elasticsearch index.
searchPerform a search with the Elasticsearch Query DSL, supporting highlighting, query profiling, and explain.
esqlRun an ES|QL query against the cluster for piped aggregations and analytics.
get_shardsGet shard distribution information for all indices or a specific index.

Required configuration

  • ES_URLRequired

    URL of your Elasticsearch cluster endpoint.

  • ES_API_KEYOptional

    Elasticsearch API key for authentication.

  • ES_USERNAMEOptional

    Username for basic authentication (used with ES_PASSWORD).

  • ES_PASSWORDOptional

    Password for basic authentication (used with ES_USERNAME).

  • ES_SSL_SKIP_VERIFYOptional

    Set to true to skip TLS certificate verification (development and testing only).

What you can do with it

Search logs and documents in natural language

Ask an agent a question and let it translate it into an Elasticsearch query, inspecting mappings first so it builds the query against the right fields.

Run analytics with ES|QL

The agent uses the esql tool to write piped aggregations over an index, returning counts, breakdowns, and trends without you hand-writing the query.

FAQ

Is it free?
Yes. The server is open source under the Apache-2.0 license and free to run; you only pay for the Elasticsearch cluster or Elastic Cloud deployment it connects to.
Does it support remote/OAuth?
It can run as a local stdio server or a streamable-HTTP service you host. Authentication is by Elasticsearch API key or basic auth against the cluster, not a hosted OAuth login.
Is this server still maintained?
As of Elastic 9.2 the standalone server is in maintenance mode and receives only critical security updates; Elastic now recommends the Agent Builder MCP endpoint built into Elasticsearch for new work. The standalone server still installs and runs for search and analytics use.
← Browse all databases servers