Elastic

Enables secure, API-driven access to Elasticsearch data for threat analysis, incident investigation, and security monitoring via MCP clients.
  • javascript

4

GitHub Stars

javascript

Language

4 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "tocharianou-elasticsearch-mcp": {
      "command": "npx",
      "args": [
        "@tocharianou/elasticsearch-mcp"
      ],
      "env": {
        "ES_URL": "your-elasticsearch-url",
        "ES_API_KEY": "<ES_API_KEY>",
        "ES_CA_CERT": "/path/to/ca.crt",
        "ES_PASSWORD": "your_pass",
        "ES_USERNAME": "elastic",
        "NODE_TLS_REJECT_UNAUTHORIZED": "0"
      }
    }
  }
}

You connect to your Elasticsearch data from an MCP Client using the Elasticsearch MCP Server to perform security-focused queries, threat analysis, and incident investigations. This server enables interaction with Elasticsearch APIs through natural language or scripted prompts while keeping access controlled and auditable.

How to use

You start a session with your MCP Client and connect to the Elasticsearch MCP Server. Once connected, you can ask questions about your Elasticsearch data, run security analysis queries, and explore indices, mappings, and logs. The server selects the appropriate ES client version automatically, adapts to API differences, and provides insights such as anomaly detection, threat hunting, and root cause analysis within your security workflow.

How to install

Prerequisites: install Node.js and npm on your machine. You also need access to an Elasticsearch cluster with a valid license and authentication credentials.

Option A: NPM installation (recommended) using a single global command.

Option B: Use the GitHub release package as a standalone bundle.

Option C: Build from source and configure your MCP client to point to the local server.

Additional configuration and notes

SSL/TLS: to connect to Elasticsearch with a self-signed certificate or in a test environment, you can disable SSL certificate validation by setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED to 0. Do not use this in production.

Configuration options focus on Elasticsearch connectivity and transport mode. The server supports standard Elasticsearch connection details such as ES_URL, ES_API_KEY, ES_USERNAME, ES_PASSWORD, and TLS CA certificates. It also supports a transport mode switch to enable HTTP-based remote access when needed.

Debugging and inspection: you can run an MCP Inspector to monitor and analyze requests between your MCP client and the server. This aids in troubleshooting and understanding how queries are translated and executed against Elasticsearch.

Security considerations and best practices

Avoid using cluster-admin privileges. Create dedicated API keys with limited scope and apply fine-grained access control at the index level to prevent unauthorized data access.

Package integrity: verify release package checksums to ensure integrity and protect against tampering during download.

Elasticsearch access control: generate API keys with minimal permissions to control access to your data and limit the scope of operations available to the MCP server.

Troubleshooting

If you encounter issues, verify that your Elasticsearch URL is accessible, your credentials have the necessary permissions, and your MCP configuration matches the connection details. Check logs and enable debugging as needed to identify where the failure occurs.

Tools and utilities

You can use an MCP Inspector to debug and analyze requests between your MCP Client and the Elasticsearch MCP Server, helping you understand request flows and performance characteristics.

Available tools

mcp_inspector

Debug and inspect MCP traffic between the client and the server to analyze requests and responses

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Elastic MCP Server - tocharianou/elasticsearch-mcp | VeilStrat