Elasticsearch MCP Server — 20 Tools with Risk Policies

READ TOOLS

analyze_text Analyse text using a specified analyser 2/5 get_alias Get alias info for a specific index 2/5 get_cluster_health Get cluster health status 2/5 get_cluster_stats Get high-level cluster statistics 2/5 get_data_stream Get info about data streams 2/5 get_document Get a document by ID 2/5 get_index Get index mappings, settings, and aliases 2/5 list_aliases List all index aliases 2/5 list_indices List all Elasticsearch indices 2/5 search_documents Search for documents in an index 2/5

WRITE TOOLS

create_data_stream Create a new data stream 4/5 create_index Create a new Elasticsearch index 4/5 index_document Create or update a document in an index 3/5 put_alias Create or update an index alias 4/5

DESTRUCTIVE TOOLS

delete_alias Delete an index alias 4/5 delete_by_query Delete all documents matching a query 5/5 delete_data_stream Delete data streams and their backing indices 5/5 delete_document Delete a single document by ID 4/5 delete_index Delete an Elasticsearch index and all its data 5/5

EXECUTE TOOLS

general_api_request Execute arbitrary HTTP API requests to Elasticsearch 5/5

// FAQ

How many tools does the Elasticsearch MCP server have? +

The Elasticsearch MCP server exposes 20 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Elasticsearch tools? +

Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Elasticsearch server.

What risk categories do Elasticsearch tools fall into? +

Elasticsearch tools are categorised as Read (10), Write (4), Destructive (5), Execute (1). Each category has a recommended default policy.

Enforce policies on Elasticsearch

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept

github.com/policylayer/intercept →

ELASTICSEARCH TOOLS

READ TOOLS

WRITE TOOLS

DESTRUCTIVE TOOLS

EXECUTE TOOLS

Enforce policies on Elasticsearch