Elastic Community✦ Lab Verified
Elasticsearch
Search and manage Elasticsearch indices. Run queries, manage mappings, and analyze search results.
8.9/10
Score
3ms
Latency
Local
Uptime
18
Tools
stdio
Auth
Quick Verdict
Use this for Elasticsearch data retrieval and cluster monitoring. Avoid it due to official deprecation status. Best area: search and aggregation operations with 3ms median latency. Biggest failure: deprecated by vendor.
Lab Review
What We Found
What works: Elasticsearch MCP server delivers on search infrastructure basics. All 18 tools executed cleanly with 3ms median latency - es_search, aggregate and get_document returned precise JSON without errors. The connection handling through connect and disconnect stayed stable across test cycles. Where it breaks: This is a deprecated server heading for maintenance-only status. Elastic officially moved support to their Agent Builder MCP endpoint, which means you're building on a foundation that won't get feature updates. The 639 GitHub stars won't protect you from eventual abandonment once security patches stop. What this means for your workflow: Current search operations performed reliably in our tests, so existing integrations won't break immediately. However, the deprecation notice means you should treat this as temporary infrastructure. Start migration planning to Elastic's Agent Builder MCP endpoint now rather than investing deeper in these 18 tools. For new Elasticsearch integrations, skip this server entirely and go straight to the officially supported replacement.
Lab Observations
What actually happened during testing
During testing, our scanner interacted with Elasticsearch. 18 tools succeeded.
| Tool | Status |
|---|---|
| connect | ✅ success |
| disconnect | ✅ success |
| cluster_health | ✅ success |
| cluster_info | ✅ success |
| list_nodes | ✅ success |
| cluster_stats | ✅ success |
| list_indices | ✅ success |
| get_aliases | ✅ success |
| es_search | ✅ success |
| describe_index | ✅ success |
| get_index_stats | ✅ success |
| get_mappings | ✅ success |
| search_simple | ✅ success |
| count_docs | ✅ success |
| get_document | ✅ success |
| aggregate | ✅ success |
| terms_aggregation | ✅ success |
| date_histogram | ✅ success |
Reliability
Full runtime test completed. Score based on transport stability and schema completeness.
Score Breakdown
Reliability
18 of 18 executed tools succeeded.
Security
Score based on schema analysis and dependency audit.
Setup
Local stdio server. Install via npx or binary, no auth required.
Docs
18 tools with descriptions and input schemas.
Compatibility
Standard MCP protocol. Transport: stdio.
Maintenance
Based on commit frequency, releases, and contributor activity.
Tools
18 available tools
Connect to the Elasticsearch cluster. Uses configuration from environment variables (ES_HOST, ES_API_KEY, etc.). Returns: Connection status and cluster information.
Disconnect from the Elasticsearch cluster. Returns: Disconnection status.
Get the health status of the Elasticsearch cluster. Returns: Cluster health including status (green/yellow/red), nodes, and shards.
Get cluster version and information. Returns: Cluster name, version, build info, and compatibility versions.
List all nodes in the cluster. Returns: Node names, IPs, roles, and resource usage (CPU, memory, disk).
Show all 18 tools →Show less ↑
Get cluster-wide statistics. Returns: Aggregated statistics for indices and nodes across the cluster.
List all indices in the cluster. Args: pattern: Index pattern to filter (supports wildcards like "logs-*"). include_hidden: Include hidden indices starting with "." (default: False). Returns: List of indices with health, status, doc count, and size.
Get detailed information about an index. Args: index: Name of the index to describe. Returns: Index mappings (fields and types), settings, and statistics.
Get statistics for an index. Args: index: Name of the index. Returns: Document counts, store size, indexing and search statistics.
Get field mappings for an index. Args: index: Name of the index. Returns: Field definitions including types, analyzers, and options.
Get index aliases. Args: index: Optional index name to filter aliases. Returns: List of aliases with their target indices.
Execute a search query using Elasticsearch Query DSL. Args: index: Index to search (supports wildcards like "logs-*"). query: Elasticsearch query DSL (e.g., {"match": {"message": "error"}}). size: Maximum results to return (default: 10, max: from config). from_: Starting offset for pagination. sort: Sort specification (e.g., [{"@timestamp": "desc"}]). Returns: Search hits with _id, _score, and _source fields.
Execute a simple query string search. Args: index: Index to search. q: Query string (supports Lucene syntax like "status:error AND level:critical"). size: Maximum results to return. Returns: Search hits matching the query string.
Count documents matching a query. Args: index: Index to count. query: Optional query to filter documents. Returns: Document count.
Get a document by ID. Args: index: Index containing the document. doc_id: Document ID. Returns: Document source data or not found error.
Execute an aggregation query. Args: index: Index to aggregate. aggs: Aggregation definition (e.g., {"status_count": {"terms": {"field": "status"}}}). query: Optional query to filter documents before aggregating. Returns: Aggregation results with buckets and metrics.
Get top values for a field (terms aggregation). Args: index: Index to aggregate. field: Field to get top values for (must be keyword or numeric). size: Number of top terms to return (default: 10). query: Optional query to filter documents. Returns: Top field values with document counts.
Get document counts over time (date histogram). Args: index: Index to aggregate. field: Date field to aggregate on (e.g., "@timestamp"). interval: Time interval (minute, hour, day, week, month, year). query: Optional query to filter documents. Returns: Time buckets with document counts.
FAQ
Frequently asked questions about Elasticsearch
What latency should I expect for different Elasticsearch operations?+
Connection operations (connect, disconnect) completed in 7-9ms during our tests. Cluster-level operations like cluster_health, cluster_stats, and list_indices executed in 2-4ms. Document operations including get_document and count_docs took 5-6ms, while mapping retrieval (get_mappings) required 5ms. Search operations (es_search, search_simple) and aggregations (aggregate, terms_aggregation) consistently executed in 2ms.
Does the server handle connection lifecycle properly?+
Both connect and disconnect operations executed successfully with predictable latency (7ms and 9ms respectively). The server maintained stable connections throughout our test session, with cluster health checks (cluster_health) returning valid responses in 2ms after connection establishment. We observed no connection drops or timeout issues during the 18-operation test sequence.
Which Elasticsearch cluster monitoring capabilities are available?+
Cluster monitoring tools include cluster_health for status checks, cluster_info for version and configuration details, list_nodes for node discovery, and cluster_stats for performance metrics. All cluster-level operations executed within 2-4ms. list_indices and get_aliases provide index-level visibility, while get_index_stats delivers per-index performance data.
What search and aggregation features work through this server?+
Search capabilities include es_search for complex queries and search_simple for basic operations, both executing in 2ms. Aggregation support covers aggregate for general aggregations, terms_aggregation for categorical grouping, and date_histogram for time-series analysis. All aggregation operations completed within 2-3ms during our testing.
How does document retrieval perform compared to search operations?+
Document retrieval operations show higher latency than search queries. get_document required 6ms while count_docs took 5ms, compared to search operations (es_search, search_simple) that executed in 2ms. describe_index and get_mappings fell in the middle range at 2ms and 5ms respectively for metadata operations.
Are there any authentication requirements for basic operations?+
Our tests used none credentials and successfully executed all 18 discovered tools without authentication errors. Operations included cluster monitoring, index management, document retrieval, search queries, and aggregations. The server connected to Elasticsearch without requiring credential configuration, though this was in a sandbox environment.
What happens when the server encounters operational issues?+
During our testing, all 18 executed operations completed successfully with no failures observed. We did not encounter error conditions, timeout scenarios, or partial failures that would demonstrate the server's error handling behavior. Each operation returned expected responses within the measured latency ranges of 2-9ms.
Related
Explore more
Testing History
Community