What is Elasticsearch MCP?
Elasticsearch MCP is an official MCP server by Elastic that connects AI agents to Elasticsearch clusters. It enables natural language queries, index management, and data analysis — turning Claude Code or Cline into a powerful search and analytics interface for your Elasticsearch data.
Answer-Ready: Elasticsearch MCP is an official MCP server by Elastic that connects AI agents like Claude Code to Elasticsearch clusters for natural language search, index management, and data analysis.
Best for: Teams with Elasticsearch clusters who want AI-powered data exploration. Works with: Claude Code, Cline, any MCP-compatible tool. Setup time: Under 3 minutes.
Core Features
1. Natural Language Search
You: "Find all error logs from the last 24 hours with status code 500"
Claude Code (via MCP):
→ Constructs Elasticsearch query
→ Runs against logs-* index
→ Returns formatted results with timestamps and messages2. Index Management
You: "List all indices and their sizes"
You: "Create an index for user events with timestamp and action fields"
You: "Show the mapping for the orders index"3. Available Tools
| Tool | Description |
|---|---|
list_indices |
Show all indices with health and size |
get_mappings |
View index field mappings |
search |
Execute search queries |
get_shards |
View shard allocation |
get_cluster_health |
Check cluster status |
4. Query Building
The AI agent translates natural language to Elasticsearch DSL:
You: "Show me the top 10 customers by order value this month"
Generated query:
{
"size": 0,
"query": {"range": {"order_date": {"gte": "now-1M"}}},
"aggs": {
"top_customers": {
"terms": {"field": "customer_id", "size": 10},
"aggs": {"total_value": {"sum": {"field": "order_value"}}}
}
}
}5. Multi-Cluster Support
Configure multiple Elasticsearch endpoints:
{
"mcpServers": {
"es-prod": {
"command": "npx",
"args": ["-y", "@elastic/mcp-server-elasticsearch"],
"env": {"ES_URL": "https://prod.es.cloud:9243", "ES_API_KEY": "prod-key"}
},
"es-staging": {
"command": "npx",
"args": ["-y", "@elastic/mcp-server-elasticsearch"],
"env": {"ES_URL": "https://staging.es.cloud:9243", "ES_API_KEY": "staging-key"}
}
}
}Use Cases
| Use Case | Example |
|---|---|
| Log analysis | "Find recent errors and group by service" |
| Data exploration | "What are the most common user actions?" |
| Monitoring | "Is the cluster healthy? Any unassigned shards?" |
| Debugging | "Show me requests with latency > 5s today" |
FAQ
Q: Is this the official Elastic MCP server? A: Yes, built and maintained by Elastic (the company behind Elasticsearch).
Q: Does it support Elasticsearch 8.x? A: Yes, designed for Elasticsearch 8.x with API key authentication.
Q: Can it modify data? A: Currently focused on read operations (search, mappings, health). Write operations are limited for safety.