Skip to content

y0zg/mcp-elasticsearch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
manifest.json
manifest.json
 
 
mcp-elasticsearch-server.py
mcp-elasticsearch-server.py
 
 
mcp_config.json
mcp_config.json
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Elasticsearch MCP Server

An AI-powered log analysis tool that connects Claude Desktop directly to your Elasticsearch cluster. Ask Claude questions about your logs in plain English and get intelligent insights.

What it does

Instead of writing complex Elasticsearch queries, just ask Claude things like:

  • "Show me all 5xx errors from the last hour"
  • "What's causing the slow database queries?"
  • "Find unique IPs hitting my API in the last 5 minutes"
  • "Is my Elasticsearch cluster healthy?"

Claude will search your logs, analyze patterns, and give you actionable insights.

Quick setup

1. Install dependencies

cd mcp-elasticsearch
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

2. Build the extension

npm install -g @anthropic-ai/dxt
dxt init  # Use 'mcp-elasticsearch-server.py' as entry point
dxt pack

3. Install in Claude Desktop

  • Double-click the generated mcp-elasticsearch.dxt file
  • Click "Install" when prompted
  • Restart Claude Desktop

That's it! Now you can chat with your logs.

Real examples

You: "Find unique public IPs for ingress traffic in the last 5 minutes"

SCR-20250905-ryei

Configuration

The extension connects to localhost:9200 by default. To change this, edit the ES_HOST in manifest.json:

"env": {
  "ES_HOST": "your-elasticsearch-host:9200"
}

For secured clusters, you can add username/password through environment variables.

Requirements

  • Elasticsearch 7.x or 8.x (tested with v8)
  • Python 3.8+
  • Claude Desktop (latest version)
  • Node.js (for building the extension)

Troubleshooting

Extension won't install?

  • Make sure you have the latest Claude Desktop
  • Try removing old extensions first

Connection errors?

  • Check if Elasticsearch is running
  • Verify the host/port in your config

Still having issues?

# Test the connection manually
source venv/bin/activate
python -c "from elasticsearch import Elasticsearch; print('Connected:', Elasticsearch(['localhost:9200']).ping())"

What's included

The MCP server gives Claude these tools:

  • search_elasticsearch_logs - Basic log searching
  • analyze_error_patterns - Find and categorize errors
  • analyze_performance_issues - Detect slow operations
  • get_cluster_health - Monitor Elasticsearch health
  • analyze_index_performance - Optimize index performance

Time ranges

Use natural language for time ranges:

  • "last 5 minutes", "1 hour", "2 days", "1 week"
  • Or shortcuts like "5m", "1h", "2d", "1w"

License

MIT - use it however you want.

Ready to chat with your logs? Install the extension and start asking Claude questions about your Elasticsearch data!

About

Elasticsearch MCP server

Resources

Readme

Code of conduct

Code of conduct
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages