Splunk

v1.0.0Monitoring & Observabilitystable

A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources

splunkmcpai-integration
Share:
104
Stars
0
Downloads
0
Weekly
0/5

What is Splunk?

Splunk is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to fastmcp-based tool for interacting with splunk enterprise/cloud through natural language. this tool provides a set of capabilities for searching splunk data, managing kv stores, and accessing splunk r...

A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources

This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • A FastMCP-based tool for interacting with Splunk Enterprise/

Use Cases

Search and analyze Splunk data using natural language queries. Manage KV stores and access Splunk resources through conversational interface.
livehybrid

Maintainer

LicenseApache 2.0
Languagepython
Versionv1.0.0
UpdatedMay 15, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y splunk

Manual Installation

npx -y splunk

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Splunk

The Splunk MCP server is a FastMCP-based integration that lets AI assistants interact with Splunk Enterprise and Splunk Cloud using natural language. It exposes tools for running SPL searches, managing KV store collections, listing indexes and sourcetypes, and retrieving user and health information — all through a conversational interface. Security analysts and DevOps engineers use it to query Splunk data, investigate alerts, and manage configurations without leaving their AI workflow.

Prerequisites

  • Splunk Enterprise or Splunk Cloud instance with API access on port 8089
  • Splunk username and password, or a Splunk authentication token
  • Python 3.10 or later with uv or Poetry installed
  • An MCP-compatible client such as Claude Desktop or Claude Code
  • Network access from the MCP server host to your Splunk management port
1

Clone the repository

Download the splunk-mcp source code from GitHub to your local machine.

git clone https://github.com/livehybrid/splunk-mcp
cd splunk-mcp
2

Install dependencies

Use uv (recommended) or Poetry to install Python dependencies. uv provides the fastest install experience.

uv sync
3

Configure environment variables

Set the required Splunk connection variables. SPLUNK_TOKEN overrides username/password if provided. Set VERIFY_SSL to false only in development environments with self-signed certificates.

export SPLUNK_HOST=splunk.example.com
export SPLUNK_PORT=8089
export SPLUNK_USERNAME=admin
export SPLUNK_PASSWORD=yourpassword
export SPLUNK_SCHEME=https
export VERIFY_SSL=true
4

Run in STDIO mode for Claude Desktop

Start the server in STDIO mode, which is compatible with Claude Desktop and other MCP clients that use standard I/O transport.

uv run python splunk_mcp.py stdio
5

Configure your MCP client

Add the Splunk MCP server to your Claude Desktop configuration file, passing the environment variables so the server can authenticate to Splunk.

Splunk Examples

Client configuration

Add splunk-mcp to Claude Desktop using the STDIO transport. Replace the values with your actual Splunk credentials.

{
  "mcpServers": {
    "splunk": {
      "command": "uv",
      "args": ["run", "python", "/path/to/splunk-mcp/splunk_mcp.py", "stdio"],
      "env": {
        "SPLUNK_HOST": "splunk.example.com",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "admin",
        "SPLUNK_PASSWORD": "yourpassword",
        "SPLUNK_SCHEME": "https",
        "VERIFY_SSL": "true"
      }
    }
  }
}

Prompts to try

Once connected, use natural language to query and manage Splunk resources.

- "Search Splunk for failed login events in the last 24 hours"
- "List all Splunk indexes and their sourcetypes"
- "Show me the top 10 error messages from the web server logs today"
- "Create a KV store collection called user_sessions"
- "Check the health status of the Splunk instance"
- "Who is the currently authenticated Splunk user?"

Troubleshooting Splunk

SSL certificate verification error when connecting to Splunk

If your Splunk instance uses a self-signed certificate, set VERIFY_SSL=false in your environment. In production, configure a valid certificate on Splunk instead.

Authentication fails with username and password

Try generating a Splunk API token in the Splunk UI (Settings → Tokens) and set SPLUNK_TOKEN instead of username/password. Tokens bypass two-factor authentication requirements.

Server connects but searches return no results

Verify SPLUNK_PORT is set to the management port (default 8089) and not the web UI port (8000). Also confirm the Splunk user has search permissions on the target indexes.

Frequently Asked Questions about Splunk

What is Splunk?

Splunk is a Model Context Protocol (MCP) server that fastmcp-based tool for interacting with splunk enterprise/cloud through natural language. this tool provides a set of capabilities for searching splunk data, managing kv stores, and accessing splunk resources It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Splunk?

Install via npm with the command: npx -y splunk. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with Splunk?

Splunk works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Splunk free to use?

Yes, Splunk is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.

Browse More Monitoring & Observability MCP Servers

Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "splunk": { "command": "npx", "args": ["-y", "splunk"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Splunk?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides