Elasticsearch MCP Server

Exposes the Elasticsearch _cat/indices API through MCP tools, allowing LLM clients to discover and list all available indices in a connected cluster. The server translates MCP tool calls into native Elasticsearch REST API requests, parsing the response into structured metadata about index names, document counts, storage size, and health status. This enables natural language queries like 'show me all indices' to be resolved without direct API knowledge.

Retrieves Elasticsearch field mappings for specified indices via the _mapping API, exposing the complete schema including field types, analyzers, and nested object structures. The server parses Elasticsearch's mapping response and presents it in a format optimized for LLM consumption, enabling natural language queries like 'what fields are in the products index?' to resolve to structured schema information. Supports both single-index and multi-index mapping queries.

Organizes codebase into separate CLI interface (src/cli.rs) and core library (src/lib.rs) modules, enabling both command-line usage and programmatic embedding. The CLI module handles argument parsing and transport protocol selection; the library module contains reusable Elasticsearch client logic and MCP tool implementations. This separation allows the server to be used as a standalone binary or integrated into other Rust applications without duplicating logic.

Executes arbitrary Elasticsearch Query DSL queries via the _search API, supporting complex boolean queries, full-text search, filtering, sorting, and pagination. The server accepts Query DSL JSON, forwards it to Elasticsearch, and returns paginated results with hit scores and metadata. Enables LLM clients to perform sophisticated searches like 'find products with price between $10-50 that mention waterproof in the description' by translating natural language to Query DSL.

Executes ES|QL queries (Elasticsearch's SQL-like query language) via the _query API with ES|QL syntax support. The server translates ES|QL text queries into Elasticsearch API calls, enabling users to query data using SQL-familiar syntax like 'FROM products | WHERE price > 10 | STATS avg(rating) BY category'. Returns results in tabular format with column names and typed values, making it accessible to users unfamiliar with Query DSL.

Retrieves shard allocation information via the _cat/shards API, exposing which shards exist, their replica status, node assignments, and synchronization state. The server parses shard metadata and presents it in a format suitable for LLM analysis, enabling queries like 'are all shards healthy?' or 'which nodes are holding the most data?'. Useful for understanding cluster topology and diagnosing replication issues.

Implements MCP protocol transport layer supporting stdio (direct process communication), HTTP (RESTful API), and SSE (Server-Sent Events) protocols. The server abstracts transport details, allowing the same Elasticsearch tool implementations to work across different deployment scenarios — desktop clients use stdio, web services use HTTP, and real-time clients use SSE. Built in Rust using the mcp-server crate, providing efficient async I/O and connection pooling.

Supports three authentication methods for Elasticsearch: API key (ES_API_KEY env var), basic auth (ES_USERNAME/ES_PASSWORD env vars), and SSL/TLS certificate verification. The server reads credentials from environment variables at startup, constructs appropriate HTTP headers or TLS configurations, and applies them to all Elasticsearch requests. Includes optional ES_SSL_SKIP_VERIFY flag for development/testing with self-signed certificates.

Abstracts API differences between Elasticsearch 8.x and 9.x versions, ensuring the same MCP tools work across both versions. The server detects the target Elasticsearch version and adapts API calls, response parsing, and feature availability accordingly. Handles breaking changes like ES|QL availability (8.11+), API endpoint variations, and response schema differences without requiring client-side version detection.

Distributes Elasticsearch MCP server as a pre-built Docker image at docker.elastic.co/mcp/elasticsearch, enabling one-command deployment in containerized environments. The image includes the compiled Rust binary, all dependencies, and default configuration, supporting both stdio and HTTP transport modes. Supports environment variable injection for Elasticsearch endpoint and credentials, enabling configuration without rebuilding the image.

Implements automated build, test, and release pipeline using GitHub Actions for cross-platform binary compilation and Buildkite for Docker image builds and testing. GitHub Actions compiles binaries for Linux, macOS, and Windows; Buildkite handles Docker image building, pushing to registry, and integration testing. Renovate bot automates dependency updates with weekly scans. This dual-pipeline approach ensures binary and container distribution channels stay synchronized.