Elasticsearch powers search, observability, and security analytics for thousands of teams. But interacting with it still means writing JSON DSL queries, remembering field mappings, and navigating Kibana dashboards. An MCP server gives your AI assistant direct access to your Elasticsearch cluster through natural language.
Ask Claude "show me the top error messages in the last hour" and it translates that into the right aggregation query, executes it against your cluster, and returns formatted results.
With an Elasticsearch MCP server connected to your AI client:
Building a custom MCP server for Elasticsearch means:
That's days of work before you send your first query through AI.
DataFaucet captures the HTTP calls Kibana makes to your Elasticsearch cluster and generates an MCP server from them:
_search, _cluster/health, _cat/indices callsNo Query DSL knowledge needed for your AI. It calls the tools with parameters and gets structured results back.
| Tool | Elasticsearch API | What it does |
|---|---|---|
| search_logs | POST /logs-*/_search | Full-text search across log indices |
| cluster_health | GET /_cluster/health | Cluster status, node count, shard state |
| index_stats | GET /_cat/indices | List all indices with doc counts and sizes |
| get_mapping | GET /index/_mapping | Field types and analyzers for an index |
| search_apm | POST /apm-*/_search | Application performance traces |
DataFaucet captures operations at the HTTP level. Your Elasticsearch credentials stay in the captured session headers. The MCP server uses whatever role your Kibana session had, so it inherits your existing RBAC permissions. You can rotate the MCP API key independently of your cluster credentials.
For sensitive clusters, capture only read operations (searches, health checks) and skip write APIs (indexing, deletion).
Both use similar REST APIs. DataFaucet works with either one since it captures raw HTTP calls regardless of the backend. If you're running AWS OpenSearch, the same workflow applies through the OpenSearch Dashboards URL.
Your Elasticsearch MCP server works with Claude Desktop, Cursor, Windsurf, Codex, and any MCP-compatible client. Query logs from Claude, explore mappings in Cursor, monitor cluster health from Codex.
Create your Elasticsearch MCP server in 60 seconds. Free tier includes 3 servers, no credit card required.
Related: Datadog MCP Server for monitoring, AWS MCP Server for cloud infrastructure, PostgreSQL MCP Server for relational data.
Create your Elasticsearch MCP server in 60 seconds.
Try with Elasticsearch →Point DataFaucet at Elasticsearch and get a working server in 60 seconds.
Create Elasticsearch server free →After creating, add to Claude Desktop:
"elasticsearch": {
"url": "https://datafaucet.dev/api/mcp/YOUR_ID/sse"
}Turn Backstage into an MCP server. AI agents can search the software catalog, check TechDocs, and query ownership from Claude, Cursor, or Windsurf.
Turn Harbor into an MCP server. AI agents can search images, check vulnerabilities, and manage repositories from Claude, Cursor, or Windsurf.
Turn TeamCity into an MCP server. AI agents can check build status, trigger pipelines, and query deployment history from Claude, Cursor, or Windsurf.
See how DataFaucet compares
Point at any URL. Get a working MCP server in 60 seconds. No API docs needed.
Get notified when new integrations launch
New MCP server guides and templates every week.