navigate   N notes   F fullscreen
Elastic
Elastic Agent Builder for Enterprise Use Cases

Elastic Agent Builder
for Enterprise Use Cases

Build, deploy, and scale production-grade AI agents — from retrieval to orchestration — powered by the Elastic AI Search platform trusted at enterprise scale.

Agent Builder MCP / A2A Agent Skills Hybrid Search Model Catalog Jina v5 Open Source
Ashish Tiwari
Principal Solutions Architect — Search Specialist
Platform Overview

The Elastic Search AI Platform

All Your Data, Real-Time, At Scale

Accelerate mission outcomes by finding insights from any data source

Any Data Source
Endpoints
Applications
Infrastructure
Services
Network/Security
Build Your Own
Elasticsearch
Out-of-the-Box
Observability
Out-of-the-Box
Security
Search AI Platform
Ingestion
Processing
Storage
Search
AI & ML
Visualization
🔄Automation
Search AI Lake
Self-Managed
Full control on your infrastructure
Elastic Cloud
Managed service on AWS, GCP, Azure
Serverless
Zero ops, automatic scaling
Outcomes
Dashboards
Integrations
Orchestration
Workflows

One Platform

Search, Observability, and Security unified on a single data layer

Any Deployment

Self-managed, cloud-hosted, or fully serverless — your choice

Real-Time Insights

From ingestion to action in milliseconds, at petabyte scale

Search Maturity — From Keywords to Agents

The Search Maturity Model

Search didn't jump from keywords to AI. It evolved in five distinct stages — each solving the limitations of the last.

Stage 1

Keyword Search

BM25 / TF-IDF

Exact term matching. Fast and predictable. The foundation of web search for 20+ years.

Limitation

No understanding of meaning. "automobile" won't find "car". Vocabulary mismatch kills recall.

Stage 2

Semantic Search

Dense Vectors / kNN

Embedding models encode meaning into vectors. "car" and "automobile" land nearby. Understands intent, not just words.

Limitation

Loses precision on exact terms, names, codes. Struggles with structured or boolean queries.

Stage 3

Hybrid Search

BM25 + Vector + ELSER + RRF

Best of both worlds. Fuses keyword precision with semantic recall. ELSER adds learned sparse representations. RRF merges rankings.

Limitation

Returns documents, not answers. Users still read and synthesize results manually.

Stage 4

Conversational RAG

LLM + Retrieval + Memory

LLM generates answers grounded in retrieved context. Conversational memory rewrites follow-ups. Users get answers, not links.

Limitation

Read-only. Can answer questions but can't take actions, call APIs, or chain multi-step workflows.

Stage 5

Agentic AI

Agents + Tools + MCP/A2A

Agents reason, plan, and act. Retrieve context, call tools, delegate to other agents, execute multi-step workflows autonomously.

Current frontier

Requires robust retrieval, tool orchestration, guardrails, and observability. This is where Elastic plays.

Key insight: Each stage builds on the previous — you can't skip steps. Agentic AI without solid retrieval is just expensive hallucination. The maturity model is cumulative, not a replacement.

Playground — No-Code RAG Prototyping

Elastic Playground

UI for building and testing RAG applications without writing code.

Elastic Playground
Drop playground.png in the same folder

Core Modes

  • Chat mode — conversations with context retrieval
  • Query mode — test and refine ES queries

LLM Flexibility

  • Elastic Managed inference
  • OpenAI, Bedrock, Azure, local
  • Swap models per iteration

Advanced Features

  • View & modify ES queries in real-time
  • Export Python code for your app
  • A/B test models & retrieval strategies

Memory & Context

  • Conversational memory rewrites follow-ups
  • Session state across turns
  • No manual prompt engineering

Requirements

Elasticsearch v8.14+, one index with data, LLM provider credentials (Elastic, OpenAI, Bedrock, Azure, or local)

The Problem — Why Agents Fail

Most Agents Break After Three Turns

The bottleneck is never the model. It's always the context.

  • LLMs can reason. They can't remember.
  • Stuffing 200k tokens into a prompt isn't a strategy
  • Agents need the right context at the right time
  • Retrieval isn't a feature — it's the foundation
  • Without search, your agent is expensive autocomplete
Multi-agent LLM systems fail at 41-86.7% rates in production — orq.ai
Context rot: accuracy decreases as context length increases — inkeep.com
Cascading failures where single root-cause error propagates — atla-ai.com
// what most "agents" look like today

while (true) {
  const response = await llm(
    `${entire_knowledge_base}` +
    `${all_chat_history}` +
    `${user_message}`
  )
  // $4.20 per turn
  // 12 second latency
  // still hallucinates
}
Architecture — How It All Connects

Elastic Agent Builder: Build Once. Connect Everywhere.

Chat Integrations via MCP → Tools. Custom Agents via API/A2A → Agents. Native Chat Experience → Elastic UI. All on the Elasticsearch Platform.

Elastic Agent Builder Architecture
Agent Builder — Core Components

Chat + Agents + Tools

Chat

Interactive playground to test & iterate. Connect an index, pick a model, test retrieval.

Agents

Custom LLM instructions + toolsets. Define behavior, assign tools, set guardrails.

Tools

Actions your agent can take — built-in Elastic tools, custom tools, or MCP imports.

Tool Types

ES|QL Tools
Pre-defined queries with parameterized inputs
Index Search
LLM dynamically constructs queries
MCP Tools
Connect external MCP servers
Workflow Tools
Orchestrated multi-step actions
POST Register a Tool 
POST /api/agent_builder/tools
{
  "id": "find_client_exposure",
  "type": "esql",
  "description": "Finds client portfolio
    exposure to negative news",
  "configuration": {
    "query": "FROM news_index | ..."
  }
}
POST Create a Custom Agent 
POST /api/agent_builder/agents
{
  "id": "financial_assistant",
  "name": "Financial Assistant",
  "instructions": "You are a
    specialized data assistant...",
  "tools": [
    "find_client_exposure"
  ]
}
POST Converse with Your Agent 
POST /api/agent_builder/converse
{
  "agent_id": "financial_assistant",
  "input": "Which clients are
    most at risk from bad news
    this week?",
  "conversation_id": "..."
}
① Register Tool ② Create Agent ③ Converse
MCP Connector — Extend Your Agent's Toolbox

Import Any MCP Tool Into Your Agent

MCP Ecosystem
GitHub
Confluence
PagerDuty
Slack
Jira
Any MCP
listTools
MCP Connector
Kibana Stack Management
Auto-Discovery Auth Built-in
callTool
Your Elastic Agent
Agent Builder
Tools Guardrails

How It Works

  • Stack Management → Connectors → New MCP
  • Point to any remote MCP server URL + auth
  • Auto-discovers tools via listTools
  • Assign discovered tools to any agent

What This Unlocks

  • Incident management via PagerDuty MCP
  • Code search & PRs via GitHub MCP
  • Messaging via Slack, Teams MCP
  • Knowledge bases via Confluence, Notion MCP

Bidirectional Power

  • Elastic serves its own tools as an MCP server
  • Claude, Cursor, Copilot can call Elastic tools
  • Cross-platform agent-to-agent orchestration
  • Any MCP client gets Elastic search + security
Native Automation — Elastic Workflows TECH PREVIEW

Elastic Workflows

Native automation engine that combines predictable execution with AI agent reasoning — directly where your data lives.

Triggers
Elastic Alerts
⏰ Schedule / Cron
▶️ Manual Run
Agent Builder
Workflow Engine
🔀
Conditions
if / else branching
🔄
Loops
for-each iteration
AI Prompts
LLM reasoning steps
HTTP Steps
Call any API
ES Search
Query & index data
Cases
Case management
Defined in YAML — platform handles execution
Actions
💬 Slack Messages
🎫 Jira Tickets
PagerDuty
📧 Email / Notify
Any API / Service

Agent + Workflow Integration

Add any workflow as a tool in Agent Builder. Agents invoke workflows based on user intent — combining AI reasoning with deterministic, repeatable execution. No integration gap between reasoning and action.

Why This Matters

Agents reason. Workflows execute. Together: restart a service, update a record, send a notification, triage an alert — all from a single conversation. Automation where your data lives.

Interoperability — MCP, A2A & REST API

Build Once. Expose Everywhere.

Your Elastic Agent connects to the world through three protocols — each optimized for a different integration pattern.

MCP
ELASTIC
Agent Builder
💬
Claude
⌨️
Cursor

VS Code

LangChain
Dev Tools & AI Assistants — tools available where developers already work
A2A
ELASTIC
Agent Builder
🌐
Gemini

Strands
🏢
MS Foundry
🤝
Any Agent
Agent-to-Agent — peer collaboration, delegation, not just tool calls
REST
ELASTIC
Agent Builder
📱
Apps

Backend
🔄
CI/CD

Workflows
Custom Integrations — embed in any app, workflow, or pipeline
Architecture Patterns — What You Can Build

Three Patterns. One Platform.

Start simple. Evolve as your use case demands. The same retrieval and inference stack powers all three.

Pattern 1

Simple RAG

User asks a question → retrieve context → LLM generates grounded answer.

User Query
Hybrid Search + Rerank
LLM → Answer
Use: Docs Q&A, knowledge base, support chatbot
Pattern 2

Agentic RAG

Agent reasons about the query → decides which tools to call → retrieves, acts, responds.

User Query
Agent → Reason + Plan
Search
ES|QL
MCP
Response + Citations
Use: IT ops, incident triage, compliance research
Pattern 3

Multi-Agent (A2A)

Orchestrator delegates to specialist agents via A2A. Each agent owns a domain.

User Query
Orchestrator Agent
Search Agent
Analytics Agent
Action Agent
Use: Enterprise workflows, cross-domain automation

Progressive complexity: Start with Pattern 1 in Playground today. Graduate to Pattern 2 with Agent Builder + Tools. Scale to Pattern 3 with A2A. Same platform, same data, same security model throughout.

Model Catalog — Elastic Inference Service (/_inference)

One API. Every Model You Need (/_inference)

Fully managed, GPU-accelerated. Swap models per step. Unified inference API across all providers.

Anthropic
Claude Opus 4.6 Claude Opus 4.5 Claude Sonnet 4.6
O OpenAI
GPT-5.2 GPT-4.1 GPT-4.1 Mini GPT-OSS-120B
Google
Gemini 2.5 Pro Gemini 2.5 Flash
Native on Elastic
J Jina AI Elastic
Jina v5 small Jina v5 nano Jina v3 Reranker v3 Reranker v2
Elastic Native
ELSER (Sparse) E5 Multilingual
Third-Party & BYO
Microsoft Alibaba ONNX / PyTorch Custom Models

Register & Use Any Model

PUT _inference/chat_completion/my-openai-endpoint
{
  "service": "elastic",
  "service_settings": {
    "model_id": "openai-gpt-4.1"
  }
}
Embeddings — Jina v5 on Elastic Inference

Jina SOTA Multilingual Embeddings. Native on Elastic.

v5-text-small — 677M params

Highest scoring multilingual model under 1B parameters. Matches jina-v4 (3.8B) at 5.6x smaller.

MTEB English v271.7
71.7
MMTEB Multilingual67.7
67.7
Retrieval Avg (5 benchmarks)63.28
63.28

v5-text-nano — 239M params

Matches all sub-500M models including KaLM-mini-v2.5 (494M).

MTEB English v271.0
71.0
MMTEB Multilingual65.5
65.5

Why This Matters

  • 5.6x smaller than v4 — same quality
  • Native on EIS — zero infra setup
  • GPU-accelerated, fully managed, auto-scaling
  • Multilingual out of the box
  • Works with vector search and hybrid search

Setup — 4 Lines

PUT _inference/text_embedding/jina-v5
{
  "service": "elastic",
  "service_settings": {
    "model_id":
      "jina-embeddings-v5-text-small"
  }
}
The Missing Piece — Why Context Is Everything

An Agent Without Context
Is Just Expensive Guesswork

Every use case we just covered depends on one thing: getting the right information to the agent at the right time. That's not a model problem. That's a search problem.

💸

Without Context

Stuffing 200k tokens. $4+ per turn. 12s latency. Still hallucinates.

With Context Engineering

Right docs, right time. Sub-second retrieval. Grounded answers with citations.

Context Engineering — Elastic Provides Everything You Need

Elastic Provides Everything You Need

Context Engineering — from data prep to retrieval to agentic AI to evaluation

Data Prep & Inference

  • Sparse & dense vector encoding models
  • Multi-lingual embedding models
  • Multi-modal embedding models
  • GPU-based inference service
  • Automatic chunking
  • 200+ connectors
  • Web crawlers
  • Automated parsing
  • Quantization

Retrieval

  • Vector search
  • Lexical search
  • Hybrid search
  • Geospatial search
  • Filtering & faceting
  • Reranking models
  • Learning to rank (LTR)
  • Query rules & rescoring
  • Query understanding models
  • RAG Workflows
  • LLM integration

Agentic AI

  • Tool building
  • Agentic workflows
  • Tool selection
  • Memory systems
  • Prompt management
  • MCP/Agent interfaces

Evaluation & Monitoring

  • Relevance benchmarking
  • A/B testing
  • Behavioral analytics
  • Cost & token tracking
  • Query logging, metrics, tracing
Vector DB — Elasticsearch
The foundation powering all four pillars — storing vectors, documents, and metadata at petabyte scale
Hybrid Search — 3-Phase Retrieval Pipeline

Three Search Methods. One API (_search)

Elastic's retrieval pipeline goes beyond vector search — three phases that progressively refine results for maximum relevance.

Phase 1 — Retrieval

Multi-Method Search

BM25 — Exact keyword matching
Semantic Search — Dense vector similarity
Hybrid Search + RRF — BM25 + Vector + ELSER fused via Reciprocal Rank Fusion
Weighted RRF — Custom weights per retriever
Phase 2 — Rescoring

Business Logic Layer

Popularity Rescoring — Boost by clicks, views, sales
Function Score — Custom decay, geo, field values
Learning to Rank (LTR) — ML-trained ranking models
Phase 3 — Reranking

Semantic Precision

Semantic Rerank — Cross-encoder reranking models
Jina Reranker v3 — Native on EIS
Cohere Rerank — Supported via inference API
ES|QL ES|QL — Piped Query Language

Query Your Data Without the JSON Pain

ES|QL is Elastic's piped query language — familiar syntax, powerful transforms, and native integration across the entire stack.

Before — JSON Query DSL

POST logs-*/_search
{
  "query": {
    "bool": {
      "filter": [
        { "term": { "status": "error" }},
        { "range": { "@timestamp": {
          "gte": "now-24h"
        }}}
      ]
    }
  },
  "aggs": { "by_service": {
    "terms": { "field": "service.name" }
  }}
}

After — ES|QL

FROM logs-*
| WHERE status == "error"
  AND @timestamp > now() - 24 hours
| STATS count = COUNT(*)
  BY service.name
| SORT count DESC

3 lines vs 18 lines. Same result. Readable by anyone.

AI
Agent Builder
ES|QL tools for agents
Alerting
Alerting
Detection rules in ES|QL
Dashboards
Dashboards
Lens + ES|QL panels
ES|QL
Workflows
Query steps in automation
Security Security — Access Control in Agent Builder

Two Layers of Access Control

Control what agents can do through tool assignment, and what data users can see through Elasticsearch security — two independent layers working together.

Layer 1 — Agent Builder

Tool-Based Access Control

Agents only access the tools assigned to them. No tool = no access to that data or action. Many-to-many relationship.

Finance Agent
HR Agent
IT Ops Agent
──────
Revenue Search Tool
Employee Data Tool
Logs ES|QL Tool
Assign tools per agent — each agent only sees its assigned tools
Many-to-many — one tool can serve multiple agents, one agent can use many tools
Admin controls — decide which users can create or manage tools
Layer 2 — Data Search

Index / Field / Document Security

When a tool queries Elasticsearch, the data-layer security kicks in — filtering results based on user roles and permissions.

Index-Level
Control which indices each role can access — finance_read vs hr_admin see different index sets
Field-Level
Hide sensitive fields (SSN, salary, PII) from specific roles — even within the same index
Document-Level
Filter individual documents per user with query-based rules — same search, different results

How they work together: An agent can only call its assigned tools (Layer 1). When a tool runs a search, Elasticsearch enforces index/field/document-level permissions for that user (Layer 2). Two independent layers — no single point of bypass.

Agent Skills — SKILL.md Open Standard

Turn AI Agents Into Elastic Experts

What is SKILL.md?

The open agentskills.io standard. Each skill is a folder with a SKILL.md file — structured metadata + instructions. When an AI agent reads it, it learns how to perform Elastic tasks correctly — right APIs, right patterns, right guardrails.

26 Skills Available

  • Elasticsearch — Search, indexing, ES|QL, auth, audit, file-ingest, troubleshooting
  • Kibana — Agent-builder, alerting, audit, connectors, dashboards, streams, vega
  • Observability — LLM-obs, logs-search, SLOs, service-health
  • Security — Alert triage, case mgmt, detection rules, sample data
  • Cloud — Access mgmt, create/manage projects, network security, setup

Works With

Claude CodeCursorCopilotWindsurfGemini CLIClineCodex
Elastic Agent Skills — CLI install flow showing 26 skills and GitHub repo
Vibe Coding — Build With Natural Language

What You Can Build With Vibe Coding + Elastic Skills

Describe what you want in plain English. Elastic Agent Skills handle the rest — correct APIs, correct config, correct best practices.

Search

"Build me a hybrid search API"

Creates index mapping, sets up ELSER, configures hybrid search with RRF, writes API endpoint — following Elastic best practices.

Search
APM

"Create an APM dashboard"

Builds full observability dashboard — service maps, latency charts, error panels, SLO tracking. Correct APIs, correct JSON.

Observability
Security

"Set up brute force detection"

Creates EQL/ES|QL detection rules, configures alert actions, sets severity and risk scoring correctly.

Security
Agent Builder

"Build a RAG agent for our docs"

Sets up ingestion, creates vector index, configures inference, builds agent in Agent Builder — end-to-end in one conversation.

Agent Builder
Ops

"Why is my cluster yellow?"

Checks shard allocation, identifies unassigned shards, diagnoses root cause, applies fix — all through correct ES APIs.

Ops
Ingestion

"Ingest my Kafka logs"

Configures Fleet integration, sets up ingest pipelines with grok processors, creates index templates, verifies data flow.

Ingestion

github.com/elastic/agent-skills — Open source. Apache 2.0. Contribute your own.

Industry Use Cases — Regulated & High-Compliance

Agents for Regulated Industries

Where compliance is non-negotiable. Elastic gives you data sovereignty, audit trails, and granular access control out of the box.

BFSI

BFSI

  • Fraud investigation — transaction patterns + compliance rules via hybrid search
  • KYC document retrieval — scanned docs in minutes, not days
  • Compliance Q&A with citations and audit trails
Hybrid Search Audit Trail
Public Sector

Public Sector

  • Citizen services — navigate permits, benefits in plain language
  • Policy research — legislation via hybrid search, not keyword
  • On-prem, air-gapped, FedRAMP-ready deployment
On-Prem Air-Gapped
Healthcare

Healthcare

  • Clinical decision support — indexed medical literature with citations
  • Document-level security for HIPAA compliance
  • Risk assessment with ES|QL aggregations
HIPAA DLS

Key differentiator: Data-layer security (index/field/document level), on-prem deployment, auditable retrieval trails. Your data stays where compliance requires.

Industry Use Cases — Commercial & Digital

Agents for Every Business

From IT help desks to shopping assistants — the same platform scales across every commercial use case.

Mid-Market

Mid-Market

  • IT support — resolves L1/L2 from runbooks + past resolutions
  • HR policy assistant — multi-language via Jina v5
  • Incident response — correlates logs, metrics, traces automatically
IT Ops HR
Digital Natives

Digital Natives

  • Developer docs agent — search by intent, get right code snippet
  • In-product search — users self-serve via REST API or MCP
  • Log analysis — "why did deploy-42 fail?" with ES|QL
DevEx MCP
E-Commerce

E-Commerce

  • Shopping assistant — semantic intent + price filters in one query
  • Personalization — behavioral signals + product vectors
  • Returns & support — multi-language, MCP-connected logistics
Semantic Vectors

200+ connectors — Confluence, SharePoint, Google Drive, ServiceNow, Salesforce. Federate all your data through one agent.

APM Observability — Monitor Your Agents in Production

LLM Observability — Built In, Not Bolted On

Your agents are only as good as your ability to monitor them. Elastic gives you full-stack observability for every agent interaction.

Trace Every Interaction

  • End-to-end trace spans for each agent turn
  • Tool invocations, retrieval calls, LLM requests
  • Latency breakdown per step
  • Error propagation and root cause analysis

Cost & Token Tracking

  • Input/output tokens per request
  • Cost per conversation and per user
  • Model comparison (cost vs. quality)
  • Budget alerts and anomaly detection

Quality & Safety

  • Retrieval relevance scoring
  • Hallucination detection signals
  • User feedback loops (thumbs up/down)
  • Guardrail trigger monitoring
Latency
Per-step & end-to-end response time
💰
Cost
Token usage & spend per conversation
🎯
Relevance
Retrieval quality & reranking scores
🛡
Safety
Guardrail triggers & hallucination signals

Why this matters: Most agent platforms require third-party tools for monitoring. With Elastic, your agents run on the same platform you already use for logs, metrics, traces, and APM — zero integration gap.

Competitive Analysis — How Elastic Compares

Competitive Landscape

Elastic is the only platform combining search, observability, security, and agent builder with native MCP/A2A support.

CapabilityElasticPinecone / WeaviateMongoDB AtlasOpenSearch
Hybrid Search (BM25+Vector+Sparse)Native~ Limited~ Basic~ Partial
Learned Sparse (ELSER)Built-inNoNoNo
Agent Builder + PlaygroundGANoNoNo
MCP + A2A SupportNativeNoNoNo
Agent Skills (Open Standard)26 skillsNoNoNo
Managed Model Catalog (EIS)Full~ Limited~ Some~ Basic
200+ Data ConnectorsYesFew~ Some~ Fork lag
Observability + SecurityUnifiedNoNo~ Limited
Why Elastic — One Platform, Three Superpowers

One Platform. Three Superpowers.

Search

Hybrid retrieval, model catalog, Jina v5, ELSER. Your agent's knowledge layer.

Observe

Logs, metrics, traces, APM. Monitor agents in production.

Protect

SIEM, endpoint, SOAR. Document-level security. Compliance built in.

Build Something Today

Elastic Cloud

14-day free trial. Agent Builder included. Playground for no-code prototyping.

Agent Skills

Install 26 Elastic skills in Claude Code, Cursor, or any agent.

npx @anthropic/skills install elastic

Docs & Community

Quick-start guides, GitHub repos, Elastic Community Slack, Search Labs.

Elastic

The best agent is the one
your users actually trust.

That starts with the right context, at the right time, from a platform you can inspect, control, and extend.

Resources
→  elastic.co/elasticsearch/agent-builder →  elastic.co/search-labs →  github.com/elastic/elasticsearch-labs →  github.com/elastic/agent-skills →  elastic.co/docs/explore-analyze/workflows
Speaker Notes