Elasticsearch MCP Server

Exposes the _cat/indices Elasticsearch API through MCP to list all available indices with their metadata (size, document count, health status). The server acts as a protocol bridge that translates MCP tool calls into native Elasticsearch REST API requests, handling authentication and transport protocol abstraction (stdio, HTTP, SSE) transparently. This enables LLM clients to discover and inspect the data landscape before executing queries.

Retrieves Elasticsearch field mappings via the _mapping API, exposing the complete schema (field names, data types, analyzers, nested structures) for one or more indices. The server translates MCP tool parameters into Elasticsearch mapping requests and returns structured field metadata that LLMs can use to understand data structure before constructing queries. Supports inspection of nested fields, keyword vs text analysis, and custom analyzer configurations.

The project uses Renovate for automated dependency management, scanning Cargo.toml for outdated dependencies and submitting pull requests weekly. This ensures the Rust codebase stays current with security patches and bug fixes in upstream libraries (Elasticsearch client, MCP protocol, async runtime). The automation reduces manual maintenance burden and improves security posture by catching vulnerable dependencies automatically.

Executes arbitrary Elasticsearch Query DSL queries via the _search API, supporting full-text search, filtering, aggregations, and complex boolean logic. The MCP server accepts Query DSL JSON payloads, translates them into Elasticsearch requests with proper authentication, and returns paginated results with hit counts and relevance scores. Supports all Elasticsearch query types (match, term, range, bool, aggregations) and handles response pagination through size/from parameters.

Executes ES|QL (Elasticsearch SQL-like query language) queries via the _query API with ES|QL syntax support. The server translates ES|QL statements into Elasticsearch requests and returns tabular results. This capability bridges SQL-familiar users and LLMs to Elasticsearch by providing a SQL-like interface while leveraging Elasticsearch's distributed query engine. Supports ES|QL syntax including FROM, WHERE, GROUP BY, STATS, and other clauses.

Retrieves shard allocation information via the _cat/shards API, exposing how data is distributed across cluster nodes. The server returns shard IDs, node assignments, shard state (STARTED, RELOCATING, etc.), and storage sizes. This capability enables visibility into cluster health, data distribution, and potential bottlenecks. Useful for understanding cluster topology before executing large queries or diagnosing performance issues.

The MCP server implements three transport protocols (stdio for desktop integration, HTTP for web services, SSE for real-time streaming) through a unified Rust architecture. The core MCP tool implementations are protocol-agnostic; transport is handled by a pluggable layer that translates between protocol-specific message formats and internal MCP structures. This allows the same server binary to be deployed in different environments (Claude Desktop, web services, containerized systems) without code changes.

The server supports three Elasticsearch authentication methods (API key via ES_API_KEY, basic auth via ES_USERNAME/ES_PASSWORD, and mTLS certificates) through environment variable configuration. Authentication is handled at the connection layer, transparently applied to all Elasticsearch API calls. The server also supports SSL/TLS configuration with optional certificate verification bypass via ES_SSL_SKIP_VERIFY for development environments. This abstraction allows deployment in different security contexts without code changes.

The server explicitly supports Elasticsearch 8.x and 9.x versions, with API compatibility handling built into the Rust codebase. The server uses Elasticsearch client libraries that abstract version-specific API differences, ensuring tools work consistently across supported versions. This includes handling API changes, deprecated endpoints, and new features introduced in Elasticsearch 9.x while maintaining backward compatibility with 8.x clusters.

The server is distributed as a Docker image (docker.elastic.co/mcp/elasticsearch) built through Buildkite CI/CD pipeline, enabling containerized deployment in Kubernetes, Docker Compose, and cloud platforms. The Docker image includes the compiled Rust binary, environment variable configuration, and health check endpoints. This enables teams to deploy Elasticsearch MCP as a microservice alongside LLM applications without managing Rust compilation or dependencies.

The server is compiled for multiple platforms (Linux, macOS, Windows) through GitHub Actions CI/CD pipeline and distributed as pre-compiled binaries. This enables users to download and run the server without Rust toolchain installation. The build process compiles the Rust codebase for each platform, runs tests, and publishes binaries to GitHub releases. This approach eliminates dependency management and compilation time for end users.