What is 'dynamic mapping discovery'?

Most Elasticsearch MCP servers require the agent to know index names and field names ahead of time. wmcp.sh exposes a discover_mapping tool that returns a flattened schema for the index — field names, types, analyzers, whether the field is keyword-aggregatable — so the agent can plan a search or aggregation without prior context. Useful when wiring Claude up to a previously-unknown ES cluster.

Can agents delete documents or change mappings?

By default no. Index-write and mapping-change operations are blocked at the wmcp.sh layer. The default tool surface is read-only: search, count, aggregations, mapping introspection, and cluster info. Write access is opt-in per connection.

Does this work with OpenSearch?

Yes. OpenSearch's REST API is compatible with the Elasticsearch search and aggregation tools wmcp.sh exposes. Some advanced features (ELSER, semantic_text) are Elastic-specific and won't work on OpenSearch — wmcp.sh detects the cluster type at connect time and hides incompatible tools.

mcp server · elasticsearch

Elasticsearch MCP server with dynamic mapping discovery.

Q: Is there an official Elasticsearch MCP server?

Yes. Elastic maintains an MCP server at elastic/mcp-server-elasticsearch. As of 2026 the project documentation marks it as deprecated and indicates it will only receive critical security updates going forward. Elastic recommends migrating to the Elastic Agent Builder MCP endpoint shipped with Elasticsearch 9.2.0 and Elasticsearch Serverless. wmcp.sh is not affiliated with Elastic; we offer a hosted alternative with dynamic mapping discovery for agents that don't know the index schema in advance.

Point Claude, Cursor, or any MCP client at Elasticsearch through wmcp.sh. The agent doesn't need to know your index schema up front — discover_mapping returns a flattened, agent-readable schema on demand. wmcp.sh is not affiliated with Elastic NV.

Connect at https://wmcp.sh/mcp/elasticsearch · works with Elasticsearch 7.x / 8.x / 9.x and OpenSearch

The wedge

Why route through wmcp.sh instead of running the official server.

Elastic ships an official MCP server at elastic/mcp-server-elasticsearch. As of 2026 that project's README marks it deprecated — it will only receive critical security patches. Elastic now recommends the Agent Builder MCP endpoint that ships with Elasticsearch 9.2.0+ and Elasticsearch Serverless. If you're on 8.x or older, you're between two stories.

Both approaches have the same agent UX gap: the agent needs to know index names and field names before it can write a query. That's fine for one-off "search my docs" demos. It breaks when an agent is exploring an unfamiliar cluster — every interaction starts with "what indices exist? what fields?".

wmcp.sh adds dynamic mapping discovery: list_indices + discover_mapping return a flattened, prompt-friendly schema (field name, type, analyzer, aggregatable?) so the agent can plan a search in one shot. Plus per-user encrypted API-key vault, query timeout caps, and audit logging.

What your agent gets

Elasticsearch tools, MCP-shaped.

Nine read-focused tools that work across ES 7.x, 8.x, 9.x, and OpenSearch.

elasticsearch.list_indicesIndices visible to the API key with doc count + size.
elasticsearch.discover_mappingFlattened field map: name, type, analyzer, aggregatable.
elasticsearch.searchRun a DSL query. Returns hits + highlight + total.
elasticsearch.countDocument count matching a query (no hits).
elasticsearch.aggregateRun aggregations (terms / date_histogram / metrics / nested).
elasticsearch.esqlRun an ES|QL query (Elasticsearch 8.11+).
elasticsearch.get_documentGET _doc/{id} from a specific index.
elasticsearch.cluster_healthCluster status / shard counts / pending tasks.
elasticsearch.cat_nodesNode roles, JVM heap, disk for cluster planning.

Wire it up

Python — agent discovers schema then queries.

# pip install anthropic mcp
import os, asyncio
from anthropic import Anthropic
from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client

WMCP = "https://wmcp.sh/mcp/elasticsearch"
TOKEN = os.environ["WMCP_TOKEN"]

async def run():
    async with streamablehttp_client(WMCP, headers={"Authorization": f"Bearer {TOKEN}"}) as (r, w, _):
        async with ClientSession(r, w) as session:
            await session.initialize()
            tools = (await session.list_tools()).tools
            anthropic = Anthropic()
            # Claude will call discover_mapping then search, two-step.
            msg = anthropic.messages.create(
                model="claude-opus-4-5",
                max_tokens=2048,
                tools=[{"name": t.name, "description": t.description, "input_schema": t.inputSchema} for t in tools],
                messages=[{"role": "user", "content": "Find the top 5 error_codes from the 'logs-app' index in the last 24h"}],
            )
            return msg

asyncio.run(run())

Side by side

Self-hosted Elasticsearch MCP server vs wmcp.sh-routed.

Capability	Self-hosted / official deprecated server	wmcp.sh-routed
Maintenance status	Official server marked deprecated, security-only	Actively developed, free + paid tiers
Dynamic mapping discovery	Basic get_mappings	Flattened, prompt-friendly schema in one call
ES\|QL support	Yes	Yes + auto-detects cluster version
Credential storage	Plaintext env var	Encrypted per-user vault, rotatable
OpenSearch compatibility	Partial / unofficial	Detected + incompatible tools hidden
Audit log	None	Per-call: who, when, query, latency, hit count
Works with Claude.ai connectors	Stdio only	Streamable HTTP + OAuth 2.1

FAQ

Common questions.

Is there an official Elasticsearch MCP server?

Yes — Elastic ships elastic/mcp-server-elasticsearch. The project README marks it deprecated as of 2026 with critical-security-only updates; Elastic recommends migrating to the Agent Builder MCP endpoint in Elasticsearch 9.2.0+ and Elasticsearch Serverless. wmcp.sh is not affiliated with Elastic and provides a hosted alternative.

What's "dynamic mapping discovery"?

A tool that returns a flattened, prompt-readable schema for an index — field name, type, analyzer, aggregatable — so the agent can plan a search without prior knowledge of your indices. Helpful for exploration and cross-cluster work.

Can the agent write to my cluster?

Default is read-only. Index, update, delete, and mapping-change operations are blocked at the wmcp.sh layer. Write tools are opt-in per connection.

OpenSearch?

Yes. wmcp.sh detects the cluster type at connect time and hides Elastic-specific tools (ELSER, semantic_text) when talking to OpenSearch.

Pricing?

Free 100 reads/day anonymous. Managed Starter $499 one-time, Managed Retainer $999/mo, Enterprise $4,999+/mo. See /managed.

For production

Need this in production?

Production setup includes a read-only Elasticsearch API key with index-pattern restrictions, audit retention, multi-cluster routing, and SSO. Starter $499 one-time, Managed Retainer $999/mo, Enterprise $4,999+/mo.

→ Managed setup ($499) Submit your MCP server (free)

Why route through wmcp.sh instead of running the official server.

Elasticsearch tools, MCP-shaped.

Python — agent discovers schema then queries.

Self-hosted Elasticsearch MCP server vs wmcp.sh-routed.

Common questions.

Need this in production?

Related pages.