elasticsearch

This MCP server exposes a set of tools to interact with Elasticsearch and OpenSearch clusters. You can perform general HTTP API requests, manage indices, documents, data streams, aliases, and analyze text with dedicated analyzer tooling. The server supports both Elasticsearch and OpenSearch backends, and can be secured for HTTP transports using an API key. Typical usage involves querying indices, indexing documents, and performing health checks on the cluster. The provided tools are designed to resemble common Elasticsearch/OpenSearch operations, so you can script or compose requests through the MCP interface to automate analytics, log ingestion, or search workflows.

Prerequisites:

• Docker and/or Python environment with uvx installed (as per the server’s stdio configuration).
• Access to an Elasticsearch or OpenSearch cluster (local or remote).

Install steps (example using uvx for stdio):

1. Ensure you have Python and uvx installed, then install the MCP server package from PyPI or your registry as appropriate.
2. Start the MCP server using the configured command in your environment variables (see mcp_config).
3. Configure connectivity to your Elasticsearch/OpenSearch cluster by setting environment variables (ELASTICSEARCH_HOSTS and/or OPENSEARCH_HOSTS) and authentication details (ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD or ELASTICSEARCH_API_KEY, etc.).
4. If running HTTP transports, generate and set MCP_API_KEY and consider enabling DISABLE_HIGH_RISK_OPERATIONS for safety in network deployments.

Example (uvx, with environment preparation):

• export ELASTICSEARCH_HOSTS="https://localhost:9200"
• export ELASTICSEARCH_USERNAME="elastic"
• export ELASTICSEARCH_PASSWORD="your-password"
• export MCP_API_KEY="your-secure-api-key"
• uvx elasticsearch-mcp-server

If you prefer Docker or Node-based setup, adapt commands accordingly to your environment.

Security tips:

• When using HTTP transports (e.g., SSE or Streamable HTTP), always set MCP_API_KEY to protect access. Without it, the MCP server may be exposed publicly.
• For development environments, ENABLED high-risk operations can be disabled by setting DISABLE_HIGH_RISK_OPERATIONS=true or specify DISABLE_OPERATIONS with a comma-separated list.

Operational tips:

• Use ELASTICSEARCH_HOSTS or OPENSEARCH_HOSTS to point to your cluster. You can run Elasticsearch and OpenSearch clusters via Docker Compose as described in the README.
• The default credentials shown in the README (elastic/test123 for Elasticsearch, admin/admin for OpenSearch) are for local testing; replace with secure credentials in production.
• The API supports a broad range of operations (index, document, data stream, alias, health checks, and analysis). If you need to perform actions that could alter data, consider enabling high-risk operation restrictions in your environment.