Splunk
A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources
What is Splunk?
Splunk is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to fastmcp-based tool for interacting with splunk enterprise/cloud through natural language. this tool provides a set of capabilities for searching splunk data, managing kv stores, and accessing splunk r...
A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources
This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- A FastMCP-based tool for interacting with Splunk Enterprise/
Use Cases
Maintainer
Works with
Installation
NPM
npx -y splunkManual Installation
npx -y splunkConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Splunk
The Splunk MCP server is a FastMCP-based integration that lets AI assistants interact with Splunk Enterprise and Splunk Cloud using natural language. It exposes tools for running SPL searches, managing KV store collections, listing indexes and sourcetypes, and retrieving user and health information — all through a conversational interface. Security analysts and DevOps engineers use it to query Splunk data, investigate alerts, and manage configurations without leaving their AI workflow.
Prerequisites
- Splunk Enterprise or Splunk Cloud instance with API access on port 8089
- Splunk username and password, or a Splunk authentication token
- Python 3.10 or later with uv or Poetry installed
- An MCP-compatible client such as Claude Desktop or Claude Code
- Network access from the MCP server host to your Splunk management port
Clone the repository
Download the splunk-mcp source code from GitHub to your local machine.
git clone https://github.com/livehybrid/splunk-mcp
cd splunk-mcpInstall dependencies
Use uv (recommended) or Poetry to install Python dependencies. uv provides the fastest install experience.
uv syncConfigure environment variables
Set the required Splunk connection variables. SPLUNK_TOKEN overrides username/password if provided. Set VERIFY_SSL to false only in development environments with self-signed certificates.
export SPLUNK_HOST=splunk.example.com
export SPLUNK_PORT=8089
export SPLUNK_USERNAME=admin
export SPLUNK_PASSWORD=yourpassword
export SPLUNK_SCHEME=https
export VERIFY_SSL=trueRun in STDIO mode for Claude Desktop
Start the server in STDIO mode, which is compatible with Claude Desktop and other MCP clients that use standard I/O transport.
uv run python splunk_mcp.py stdioConfigure your MCP client
Add the Splunk MCP server to your Claude Desktop configuration file, passing the environment variables so the server can authenticate to Splunk.
Splunk Examples
Client configuration
Add splunk-mcp to Claude Desktop using the STDIO transport. Replace the values with your actual Splunk credentials.
{
"mcpServers": {
"splunk": {
"command": "uv",
"args": ["run", "python", "/path/to/splunk-mcp/splunk_mcp.py", "stdio"],
"env": {
"SPLUNK_HOST": "splunk.example.com",
"SPLUNK_PORT": "8089",
"SPLUNK_USERNAME": "admin",
"SPLUNK_PASSWORD": "yourpassword",
"SPLUNK_SCHEME": "https",
"VERIFY_SSL": "true"
}
}
}
}Prompts to try
Once connected, use natural language to query and manage Splunk resources.
- "Search Splunk for failed login events in the last 24 hours"
- "List all Splunk indexes and their sourcetypes"
- "Show me the top 10 error messages from the web server logs today"
- "Create a KV store collection called user_sessions"
- "Check the health status of the Splunk instance"
- "Who is the currently authenticated Splunk user?"Troubleshooting Splunk
SSL certificate verification error when connecting to Splunk
If your Splunk instance uses a self-signed certificate, set VERIFY_SSL=false in your environment. In production, configure a valid certificate on Splunk instead.
Authentication fails with username and password
Try generating a Splunk API token in the Splunk UI (Settings → Tokens) and set SPLUNK_TOKEN instead of username/password. Tokens bypass two-factor authentication requirements.
Server connects but searches return no results
Verify SPLUNK_PORT is set to the management port (default 8089) and not the web UI port (8000). Also confirm the Splunk user has search permissions on the target indexes.
Frequently Asked Questions about Splunk
What is Splunk?
Splunk is a Model Context Protocol (MCP) server that fastmcp-based tool for interacting with splunk enterprise/cloud through natural language. this tool provides a set of capabilities for searching splunk data, managing kv stores, and accessing splunk resources It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Splunk?
Install via npm with the command: npx -y splunk. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).
Which AI clients work with Splunk?
Splunk works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Splunk free to use?
Yes, Splunk is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.
Splunk Alternatives — Similar Monitoring & Observability Servers
Looking for alternatives to Splunk? Here are other popular monitoring & observability servers you can use with Claude, Cursor, and VS Code.
Netdata
★ 78.9kReal-time infrastructure monitoring with metrics, logs, alerts, and ML-based anomaly detection.
Kubeshark
★ 11.9keBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
Mission Control
★ 4.9kSelf-hosted AI agent orchestration platform: dispatch tasks, run multi-agent workflows, monitor spend, and govern operations from one mission control dashboard.
Grafana
★ 3.0kThis MCP server enables natural-language querying of Grafana logs by automatically detecting log sources and service labels. It provides read-only access to log data with intelligent caching for efficient repeat queries.
Sentrux
★ 2.4kReal-time architectural sensor that helps AI agents close the feedback loop, enabling recursive self-improvement of code quality. Pure Rust.
OpenInference
★ 986OpenTelemetry Instrumentation for AI Observability
Browse More Monitoring & Observability MCP Servers
Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Splunk in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Splunk?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.