Connects Claude directly to Elasticsearch clusters running versions 5.x through 9.x with automatic version detection and client selection. Exposes the full Elasticsearch API surface including search, indexing, data streams, ILM policies, and ES|QL queries (8.11+). The server disables unsupported features based on your cluster version, so Data Streams won't appear on 7.8 and earlier. Supports both stdio for Claude Desktop and HTTP transport for remote access. Built with security operations in mind, offering tools for threat detection, anomaly analysis, and audit workflows, though these require a valid Elasticsearch license (trial, platinum, or enterprise). Configure with API key or username/password auth, and set NODE_TLS_REJECT_UNAUTHORIZED=0 for self-signed certificates in development.
claude mcp add --transport stdio io.github.tocharianou-elasticsearch uvx elasticsearch