by elastic
# Add to your Claude Code skills
git clone https://github.com/elastic/mcp-server-elasticsearchGuides for using mcp servers skills like mcp-server-elasticsearch.
Last scanned: 5/10/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-10T06:33:08.365Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
[!CAUTION] This MCP server is deprecated and will only receive critical security updates going forward. It has been superseded by the Elastic Agent Builder MCP endpoint, which is available in Elastic 9.2.0+ and Elasticsearch Serverless projects.
The Elasticsearch MCP Server connects your AI agents to Elasticsearch data using the Model Context Protocol (MCP). It enables natural language interactions with your Elasticsearch indices, allowing agents to query, analyze, and retrieve data without custom APIs.
Follow these steps to deploy and configure the Elasticsearch MCP Server container image from AWS Marketplace.
Before you start, ensure you have:
[!NOTE]
These instructions apply to Elasticsearch MCP Server 0.4.0 and later. For versions 0.3.1 and earlier, refer to the README for v0.3.1.
The Elasticsearch MCP Server is provided as a Docker container image available from AWS Marketplace. You can run it using either the stdio protocol (for direct client connections) or the streamable-HTTP protocol (for web-based integrations).
The server supports two protocols:
Note: Server-Sent Events (SSE) is deprecated. Use streamable-HTTP instead.
Use the stdio protocol when your MCP client connects directly to the server process.
Set the following environment variables:
ES_URL: The URL of your Elasticsearch cluster (for example, https://your-cluster.es.amazonaws.com:9200)ES_API_KEY to your Elasticsearch API keyES_USERNAME and ES_PASSWORD to your Elasticsearch credentialsES_SSL_SKIP_VERIFY: Set to true to skip SSL/TLS certificate verification when connecting to Elasticsearch. Only use this for development or testing environments.Start the MCP server in stdio mode:
docker run -i --rm \
-e ES_URL \
-e ES_API_KEY \
docker.elastic.co/mcp/elasticsearch \
stdio
Add this configuration to your Claude Desktop configuration file:
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "ES_URL",
"-e", "ES_API_KEY",
"docker.elastic.co/mcp/elasticsearch",
"stdio"
],
"env": {
"ES_URL": "<elasticsearch-cluster-url>",
"ES_API_KEY": "<elasticsearch-API-key>"
}
}
}
}
Replace <elasticsearch-cluster-url> with your Elasticsearch cluster URL and <elasticsearch-API-key> with your API key.
Use the streamable-HTTP protocol for web-based integrations or when you need to support multiple concurrent clients.
Set the same environment variables as the stdio protocol:
ES_URL: The URL of your Elasticsearch clusterES_API_KEY to your Elasticsearch API keyES_USERNAME and ES_PASSWORD to your Elasticsearch credentialsES_SSL_SKIP_VERIFY: Set to true to skip SSL/TLS certificate verificationStart the MCP server in HTTP mode:
docker run --rm \
-e ES_URL \
-e ES_API_KEY \
-p 8080:8080 \
docker.elastic.co/mcp/elasticsearch \
http
The streamable-HTTP endpoint is available at http://<host>:8080/mcp. A health check endpoint is available at http://<host>:8080/ping.
If you're using Claude Desktop (free edition) which only supports the stdio protocol, use mcp-proxy to bridge stdio to streamable-HTTP:
Install mcp-proxy:
uv tool install mcp-proxy
For alternative installation options, refer to mcp-proxy/README.md.
Add this configuration to Claude Desktop:
{
"mcpServers": {
"elasticsearch-mcp-server": {
"command": "/<home-directory>/.local/bin/mcp-proxy",
"args": [
"--transport=streamablehttp",
"--header", "Authorization", "ApiKey <elasticsearch-API-key>",
"http://<mcp-server-host>:<mcp-server-port>/mcp"
]
}
}
}
Replace <home-directory>, <elasticsearch-API-key>, <mcp-server-host>, and <mcp-server-port> with your values.
After configuring your MCP client, verify the connection works:
If the connection fails, verify:
docker logs <container-id>)Monitor the health and proper function of the Elasticsearch MCP Server using these methods:
Verify the container is running:
docker ps | grep elasticsearch-mcp-server
The container should appear in the list with a status of Up.
If you're using the streamable-HTTP protocol, test the health check endpoint:
curl http://<host>:8080/ping
A successful response returns pong, indicating the server is running and healthy.
View container logs to identify any issues:
docker logs <container-id>
Look for error messages related to:
Test connectivity to your Elasticsearch cluster from the container:
docker exec <container-id> curl -k -u <username>:<password> <ES_URL>
Or with an API key:
docker exec <container-id> curl -k -H "Authorization: ApiKey <api-key>" <ES_URL>
A successful response indicates the container can reach your Elasticsearch cluster.
The Elasticsearch MCP Server handles authentication credentials securely:
ES_URL uses the https:// protocol. Ensure your Elasticsearch cluster has SSL/TLS enabled.The Elasticsearch MCP Server runs as a container in your AWS environment. Consider these AWS service quotas:
To request quota increases, use the AWS Service Quotas console or refer to the [AWS General Reference Guide](https://docs.aws.amazon.com/general/latest/gr/aws_service_limit