> This MCP server is deprecated and will only receive critical security updates going forward. Rust-based implementation. Trusted by 500+ developers.
Documentation
Elasticsearch MCP Server
[!CAUTION]
This MCP server is deprecated and will only receive critical security updates going forward.
It has been superseded by the Elastic Agent Builder MCP endpoint, which is available in Elastic 9.2.0+ and Elasticsearch Serverless projects.
Use the Elasticsearch MCP Server for AI Agents
The Elasticsearch MCP Server connects your AI agents to Elasticsearch data using the Model Context Protocol (MCP).
It enables natural language interactions with your Elasticsearch indices, allowing agents to query, analyze, and retrieve data without custom APIs.
Follow these steps to deploy and configure the Elasticsearch MCP Server container image from AWS Marketplace.
Before you begin
Before you start, ensure you have:
- An Elasticsearch cluster (version 8.x or 9.x) accessible from your AWS environment
- Elasticsearch authentication credentials:
- An API key, or
- A username and password pair
- Docker installed and running in your AWS environment (for example, on an EC2 instance or in a container service)
- An MCP client configured (such as Claude Desktop, Cursor, VS Code, or another MCP-compatible tool)
- Network connectivity between your deployment environment and your Elasticsearch cluster
[!NOTE]
These instructions apply to Elasticsearch MCP Server 0.4.0 and later.
For versions 0.3.1 and earlier, refer to the README for v0.3.1.
Deploy the Elasticsearch MCP Server
The Elasticsearch MCP Server is provided as a Docker container image available from AWS Marketplace. You can run it using either the stdio protocol (for direct client connections) or the streamable-HTTP protocol (for web-based integrations).
Choose a protocol
The server supports two protocols:
- stdio: Direct communication between the MCP client and server. Use this when your client supports stdio and runs in the same environment.
- streamable-HTTP: HTTP-based protocol recommended for web integrations, stateful sessions, and concurrent clients.
Note: Server-Sent Events (SSE) is deprecated. Use streamable-HTTP instead.
Configure the stdio protocol
Use the stdio protocol when your MCP client connects directly to the server process.
Set environment variables for stdio mode
Set the following environment variables:
ES_URL: The URL of your Elasticsearch cluster (for example,https://your-cluster.es.amazonaws.com:9200)- For authentication, use one of these options:
- API key: Set
ES_API_KEYto your Elasticsearch API key - Basic authentication: Set
ES_USERNAMEandES_PASSWORDto your Elasticsearch credentials - (Optional)
ES_SSL_SKIP_VERIFY: Set totrueto skip SSL/TLS certificate verification when connecting to Elasticsearch. Only use this for development or testing environments.
Run the container in stdio mode
Start the MCP server in stdio mode:
docker run -i --rm \
-e ES_URL \
-e ES_API_KEY \
docker.elastic.co/mcp/elasticsearch \
stdioConfigure Claude Desktop
Add this configuration to your Claude Desktop configuration file:
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "ES_URL",
"-e", "ES_API_KEY",
"docker.elastic.co/mcp/elasticsearch",
"stdio"
],
"env": {
"ES_URL": "",
"ES_API_KEY": ""
}
}
}
}Replace ` with your Elasticsearch cluster URL and ` with your API key.
Configure the streamable-HTTP protocol
Use the streamable-HTTP protocol for web-based integrations or when you need to support multiple concurrent clients.
Set environment variables for HTTP mode
Set the same environment variables as the stdio protocol:
ES_URL: The URL of your Elasticsearch cluster- For authentication, use one of these options:
- API key: Set
ES_API_KEYto your Elasticsearch API key - Basic authentication: Set
ES_USERNAMEandES_PASSWORDto your Elasticsearch credentials - (Optional)
ES_SSL_SKIP_VERIFY: Set totrueto skip SSL/TLS certificate verification
Run the container in HTTP mode
Start the MCP server in HTTP mode:
docker run --rm \
-e ES_URL \
-e ES_API_KEY \
-p 8080:8080 \
docker.elastic.co/mcp/elasticsearch \
httpThe streamable-HTTP endpoint is available at http://:8080/mcp. A health check endpoint is available at http://:8080/ping.
Configure Claude Desktop with HTTP proxy
If you're using Claude Desktop (free edition) which only supports the stdio protocol, use mcp-proxy to bridge stdio to streamable-HTTP:
1. Install mcp-proxy:
uv tool install mcp-proxyFor alternative installation options, refer to mcp-proxy/README.md.
2. Add this configuration to Claude Desktop:
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "//.local/bin/mcp-proxy",
"args": [
"--transport=streamablehttp",
"--header", "Authorization", "ApiKey ",
"http://:/mcp"
]
}
}
} Replace `, , , and ` with your values.
Verify the connection
After configuring your MCP client, verify the connection works:
1. Start your MCP client (for example, Claude Desktop or Cursor).
2. Check that the Elasticsearch MCP Server appears in your available MCP servers.
3. Test a simple query through your agent interface to confirm it can access your Elasticsearch indices.
If the connection fails, verify:
- Your Elasticsearch cluster URL is correct and accessible from your AWS environment
- Your authentication credentials are valid and have the necessary permissions
- Network connectivity exists between the container and your Elasticsearch cluster (check security groups and network ACLs)
- Docker is running and the container started successfully (check container logs with
docker logs)
Monitor health and status
Monitor the health and proper function of the Elasticsearch MCP Server using these methods:
Check container status
Verify the container is running:
docker ps | grep elasticsearch-mcp-serverThe container should appear in the list with a status of Up.
Test the health endpoint (HTTP mode)
If you're using the streamable-HTTP protocol, test the health check endpoint:
curl http://:8080/pingA successful response returns pong, indicating the server is running and healthy.
Check container logs
View container logs to identify any issues:
docker logsLook for error messages related to:
- Elasticsearch connection failures
- Authentication errors
- Network connectivity issues
Verify Elasticsearch connectivity
Test connectivity to your Elasticsearch cluster from the container:
docker exec curl -k -u :Or with an API key:
docker exec curl -k -H "Authorization: ApiKey "A successful response indicates the container can reach your Elasticsearch cluster.
Security and sensitive information
The Elasticsearch MCP Server handles authentication credentials securely:
Credential storage
- API keys and passwords: Stored only in environment variables passed to the container. They are not persisted to disk or logged.
- Environment variables: Set when you run the container. Use AWS Secrets Manager or AWS Systems Manager Parameter Store to manage credentials securely in production environments.
Data encryption
- In transit: The MCP server communicates with Elasticsearch over HTTPS when your
ES_URLuses thehttps://protocol. Ensure your Elasticsearch cluster has SSL/TLS enabled. - At rest: The container does not store data locally. All data remains in your Elasticsearch cluster, which uses your cluster's encryption settings.
Best practices
- Rotate API keys regularly (every 30-90 days for production environments)
- Use API keys with minimal required permissions (read-only access to specific indices when possible)
- Never commit credentials to version control or share them in logs
- Use AWS Secrets Manager or Parameter Store to inject credentials at runtime instead of hardcoding them
AWS service quotas
The Elasticsearch MCP Server runs as a container in your AWS environment. Consider these AWS service quotas:
- EC2 instance limits: If running on EC2, ensure your instance type supports your expected workload
- Elastic Container Service (ECS): If using ECS, review ECS service quotas
- Elastic Kubernetes Service (EKS): If using EKS, review EKS service quotas
- Network bandwidth: Ensure sufficient network bandwidth between your container and Elasticsearch cluster
To request quota increases, use the AWS Service Quotas console or refer to the AWS General Reference Guide.
Available tools
Once connected, the MCP server provides these tools to your agent:
list_indices: List all available Elasticsearch indicesget_mappings: Get field mappings for a specific Elasticsearch indexsearch: Perform an Elasticsearch search using query DSLesql: Execute an ES|QL queryget_shards: Get shard information for all or specific indices
Your agent can use these tools to interact with your Elasticsearch data through natural language conversations.
Next steps
- Learn about AI-powered features available in the Elastic platform
- Explore Agent Builder for building custom AI agents with Elasticsearch
Similar MCP
Based on tags & features
Trending MCP
Most active this week