Splunk

v1.0.0Monitoring & Observabilitystable

Unofficial. Splunk MCP server. Implemented in Python and TypeScript/JS. Runs searches, queries Splunk, and outputs data as JSON, CSV, or Markdown for agentic LLM workflows. Includes guardrails for input SPL validation and output sanitization. SSE/std

splunk-mcp-server2mcpai-integration
Share:
32
Stars
0
Downloads
0
Weekly
0/5

What is Splunk?

Splunk is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to unofficial. splunk mcp server. implemented in python and typescript/js. runs searches, queries splunk, and outputs data as json, csv, or markdown for agentic llm workflows. includes guardrails for inp...

Unofficial. Splunk MCP server. Implemented in Python and TypeScript/JS. Runs searches, queries Splunk, and outputs data as JSON, CSV, or Markdown for agentic LLM workflows. Includes guardrails for input SPL validation and output sanitization. SSE/std

This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Unofficial. Splunk MCP server. Implemented in Python and Typ

Use Cases

Execute Splunk queries and retrieve data as JSON, CSV, or Markdown outputs.
Analyze data with agentic LLM workflows using guardrails for SPL validation.
Access Splunk search capabilities through natural language interface.
splunk

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 2, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx splunk-mcp-server2

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Splunk

Splunk MCP Server 2 is an unofficial but comprehensive MCP server that exposes Splunk's Search Processing Language (SPL) capabilities to AI agents, enabling them to run blocking searches, stream large result sets, validate SPL queries, and access saved searches — all with output in JSON, CSV, or Markdown format. The server includes built-in guardrails: SPL risk validation before execution, configurable max event counts, and output sanitization to mask sensitive data. Both Python and TypeScript implementations are provided, and the server supports stdio and SSE transports for flexible deployment.

Prerequisites

  • Python 3.8+ (for the Python implementation) or Node.js 18+ (for the TypeScript implementation)
  • Access to a running Splunk Enterprise or Splunk Cloud instance with valid credentials
  • Splunk username and password, or a Splunk API token with search permissions
  • An MCP-compatible client such as Claude Desktop, Cursor, or VS Code with MCP support
1

Clone the repository

Clone the splunk-mcp-server2 repository to your local machine.

git clone https://github.com/splunk/splunk-mcp-server2.git
cd splunk-mcp-server2
2

Set up the Python implementation

Navigate to the python directory, copy the example env file, fill in your Splunk credentials, and install dependencies.

cd python
cp .env.example .env
# Edit .env with your Splunk connection details
pip install -e .
3

Configure environment variables

Edit the .env file inside the python or typescript directory with your Splunk connection details.

# .env file contents:
SPLUNK_HOST=<your-splunk-host>
SPLUNK_PORT=8089
SPLUNK_USERNAME=<your-username>
SPLUNK_PASSWORD=<your-password>
# Optional: use a token instead of username/password
# SPLUNK_TOKEN=<your-api-token>
VERIFY_SSL=true
SPL_MAX_EVENTS_COUNT=1000
SPL_RISK_TOLERANCE=50
SPL_SANITIZE_OUTPUT=true
4

Start the server

Start the Python server in stdio or SSE mode. The default transport is stdio, which is required for most MCP clients.

python server.py
5

Configure your MCP client

Add the server to your MCP client configuration file, pointing to the Python executable in your virtual environment.

{
  "mcpServers": {
    "splunk": {
      "command": "python",
      "args": ["/path/to/splunk-mcp-server2/python/server.py"],
      "env": {
        "SPLUNK_HOST": "<your-splunk-host>",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "<your-username>",
        "SPLUNK_PASSWORD": "<your-password>",
        "VERIFY_SSL": "true",
        "SPL_MAX_EVENTS_COUNT": "1000",
        "SPL_RISK_TOLERANCE": "50",
        "SPL_SANITIZE_OUTPUT": "true"
      }
    }
  }
}

Splunk Examples

Client configuration

Claude Desktop configuration for the Splunk MCP server using the Python implementation.

{
  "mcpServers": {
    "splunk": {
      "command": "python",
      "args": ["/path/to/splunk-mcp-server2/python/server.py"],
      "env": {
        "SPLUNK_HOST": "splunk.example.com",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "admin",
        "SPLUNK_PASSWORD": "<your-password>",
        "VERIFY_SSL": "true",
        "SPL_MAX_EVENTS_COUNT": "500",
        "SPL_RISK_TOLERANCE": "50",
        "SPL_SANITIZE_OUTPUT": "true"
      }
    }
  }
}

Prompts to try

Example prompts for querying and analyzing Splunk data through the MCP server.

- "Run a Splunk search for failed login attempts in the last 24 hours and return the results as Markdown"
- "List all available Splunk indexes on my instance"
- "Validate this SPL query before running it: index=main sourcetype=access_combined status=500"
- "Run the saved search 'Daily Error Summary' and show me the top 10 results"
- "Search Splunk for the top 5 source IPs with the most events today and output as CSV"

Troubleshooting Splunk

Connection refused or timeout when connecting to Splunk

Verify SPLUNK_HOST and SPLUNK_PORT (default management port is 8089, not 8000). Ensure the Splunk management port is accessible from the machine running the MCP server and that any firewall rules permit the connection.

SPL query is rejected by the validate_spl tool

Increase SPL_RISK_TOLERANCE in your .env file (scale 0-100) if your query is legitimate but flagged. Review the validation feedback to understand which part of the SPL was considered risky and rewrite accordingly.

SSL certificate verification fails

Set VERIFY_SSL=false in your .env for self-signed certificates in dev environments. For production, ensure the Splunk server's certificate chain is trusted by your system's CA store.

Frequently Asked Questions about Splunk

What is Splunk?

Splunk is a Model Context Protocol (MCP) server that unofficial. splunk mcp server. implemented in python and typescript/js. runs searches, queries splunk, and outputs data as json, csv, or markdown for agentic llm workflows. includes guardrails for input spl validation and output sanitization. sse/std It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Splunk?

Follow the installation instructions on the Splunk GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Splunk?

Splunk works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Splunk free to use?

Yes, Splunk is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Browse More Monitoring & Observability MCP Servers

Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "splunk-mcp-server2": { "command": "npx", "args": ["-y", "splunk-mcp-server2"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Splunk?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides