This is a cache of https://www.elastic.co/docs/solutions/search/agent-builder/mcp-server. It is a snapshot of the page at 2025-11-05T00:55:21.729+0000.
Model Context Protocol (MCP) server | Elastic <strong>doc</strong>s
Loading

Model Context Protocol (MCP) server

Serverless Elasticsearch Preview Serverless Observability Unavailable Serverless Security Unavailable Stack Preview 9.2.0

The Model Context Protocol (MCP) server provides a standardized interface for external clients to access Elastic Agent Builder tools.

The MCP server is available at:

{KIBANA_URL}/api/agent_builder/mcp
Tip

You can copy your MCP server URL directly in the Tools GUI. Refer to Tools in Elastic Agent Builder > Copy your MCP server URL.

Most MCP clients (such as Claude Desktop, Cursor, VS Code, etc.) have similar configuration patterns. To connect to your Elastic instance, you need to provide your Kibana URL and API key in the client's configuration file, typically in the following format:

{
  "mcpServers": {
    "elastic-agent-builder": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "${KIBANA_URL}/api/agent_builder/mcp",
        "--header",
        "Authorization:${AUTH_HEADER}"
      ],
      "env": {
        "KIBANA_URL": "${KIBANA_URL}",
        "AUTH_HEADER": "ApiKey ${API_KEY}"
      }
    }
  }
}
  1. Refer to Model Context Protocol (MCP) server > API key application privileges
Note

Set the following environment variables:

export KIBANA_URL="your-kibana-url"
export API_KEY="your-api-key"

For information on generating API keys, refer to API keys.

Tools execute with the scope assigned to the API key. Make sure your API key has the appropriate permissions to only access the indices and data that you want to expose through the MCP server. To learn more, refer to Model Context Protocol (MCP) server > API key application privileges.

To access the MCP server endpoint, your API key must include Kibana application privileges.

For development and testing purposes, you can create an unrestricted API key with full access:

POST /_security/api_key
{
  "name": "my-mcp-api-key",
  "expiration": "1d",
  "role_descriptors": {
    "unrestricted": {
      "cluster": ["all"],
      "indices": [
        {
          "names": ["*"],
          "privileges": ["all"]
        }
      ]
    }
  }
}

For production environments, use a restricted API key with specific application privileges:

POST /_security/api_key
{
  "name": "my-mcp-api-key",
  "expiration": "1d",
  "role_descriptors": {
    "mcp-access": {
      "cluster": ["all"],
      "indices": [
        {
          "names": ["*"],
          "privileges": ["read", "view_index_metadata"]
        }
      ],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": ["read_onechat", "space_read"],
          "resources": ["space:default"]
        }
      ]
    }
  }
}
  1. The read_onechat and space_read application privileges are required to authorize access to the MCP endpoint. Without these privileges, you'll receive a 403 Forbidden error.