MCP For Splunk
MCP Server for integrating with Splunk Enterprise
What is MCP For Splunk?
MCP For Splunk is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server for integrating with splunk enterprise
MCP Server for integrating with Splunk Enterprise
This server falls under the Monitoring & Observability and Analytics categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- MCP Server for integrating with Splunk Enterprise
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-for-splunkConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP For Splunk
MCP for Splunk is a Model Context Protocol server that bridges AI assistants with Splunk Enterprise, enabling natural language querying of logs, dashboards, and operational data. It exposes over 70 ITSI-specific tools alongside general search, administration, and health-monitoring capabilities. Teams can use it to run saved searches, troubleshoot degraded services, explore data schemas, and manage users — all through an AI chat interface without writing raw SPL.
Prerequisites
- Python 3.10+ and the uv package manager installed
- A running Splunk Enterprise instance with network access from your machine
- Splunk credentials (host, port, username, password)
- An MCP-compatible client such as Claude Desktop
Clone the repository
Clone the mcp-for-splunk repository to your local machine.
git clone https://github.com/deslicer/mcp-for-splunk.git
cd mcp-for-splunkRun the smart installer (macOS/Linux)
The included smart-install script sets up the Python environment and dependencies automatically.
./scripts/smart-install.shConfigure your Splunk credentials
Copy the example environment file and fill in your Splunk host, port, username, and password.
cp env.example .env
# Edit .env with your Splunk connection details:
# SPLUNK_HOST=your-splunk-host
# SPLUNK_PORT=8089
# SPLUNK_USERNAME=admin
# SPLUNK_PASSWORD=your-password
# SPLUNK_SCHEME=httpsStart the MCP server
Launch the server in local mode. It listens on localhost:8003/mcp/ by default.
uv run mcp-server --local --detachedVerify the server is working
Run the built-in test command to confirm the server can connect to Splunk.
uv run mcp-server --testAdd the server to your MCP client
Configure Claude Desktop or another MCP client to connect to the running server via HTTP transport.
MCP For Splunk Examples
Client configuration
Add the Splunk MCP server to Claude Desktop config using HTTP transport pointing to the local server.
{
"mcpServers": {
"splunk": {
"command": "uv",
"args": ["run", "mcp-server", "--local"],
"cwd": "/path/to/mcp-for-splunk",
"env": {
"SPLUNK_HOST": "your-splunk-host",
"SPLUNK_PORT": "8089",
"SPLUNK_USERNAME": "admin",
"SPLUNK_PASSWORD": "your-password",
"SPLUNK_SCHEME": "https"
}
}
}
}Prompts to try
Examples of questions you can ask Claude once connected to your Splunk instance.
- "List all available saved searches in Splunk"
- "Run a search for errors in the main index in the last 24 hours"
- "Show me the health status of my Splunk deployment"
- "What data sources are available in Splunk and what are their schemas?"
- "Find all failed login attempts in the last hour and summarize them"Troubleshooting MCP For Splunk
Server fails to start with connection errors
Verify your .env file has the correct SPLUNK_HOST, SPLUNK_PORT, SPLUNK_USERNAME, and SPLUNK_PASSWORD. Ensure the Splunk management port (default 8089) is accessible from your machine and not blocked by a firewall.
uv command not found after installation
Install uv with `curl -LsSf https://astral.sh/uv/install.sh | sh` and ensure ~/.local/bin is in your PATH. Restart your terminal after installation.
MCP client cannot connect to the server
Check that the server is running with `uv run mcp-server --test`. If using HTTP transport, ensure localhost:8003 is reachable and not blocked. For multi-tenant setups, pass X-Splunk-Host and related headers in client configuration.
Frequently Asked Questions about MCP For Splunk
What is MCP For Splunk?
MCP For Splunk is a Model Context Protocol (MCP) server that mcp server for integrating with splunk enterprise It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP For Splunk?
Follow the installation instructions on the MCP For Splunk GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP For Splunk?
MCP For Splunk works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP For Splunk free to use?
Yes, MCP For Splunk is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
MCP For Splunk Alternatives — Similar Monitoring & Observability Servers
Looking for alternatives to MCP For Splunk? Here are other popular monitoring & observability servers you can use with Claude, Cursor, and VS Code.
Netdata
★ 78.9kReal-time infrastructure monitoring with metrics, logs, alerts, and ML-based anomaly detection.
Kubeshark
★ 11.9keBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
Mission Control
★ 4.9kSelf-hosted AI agent orchestration platform: dispatch tasks, run multi-agent workflows, monitor spend, and govern operations from one mission control dashboard.
Grafana
★ 3.0kThis MCP server enables natural-language querying of Grafana logs by automatically detecting log sources and service labels. It provides read-only access to log data with intelligent caching for efficient repeat queries.
Sentrux
★ 2.4kReal-time architectural sensor that helps AI agents close the feedback loop, enabling recursive self-improvement of code quality. Pure Rust.
OpenInference
★ 986OpenTelemetry Instrumentation for AI Observability
Browse More Monitoring & Observability MCP Servers
Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP For Splunk in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP For Splunk?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.