The Splunk MCP tool provides a natural language interface to Splunk Enterprise/Cloud operations, enabling AI assistants to execute searches, manage indexes, handle users, and perform KV store operations. Built with Python using FastMCP and the Splunk SDK, it features async support for better performance, detailed logging with emoji indicators, and flexible SSL configuration options. The implementation can run in both STDIO mode for command-line integration and SSE mode for web server integration, making it particularly valuable for security analysts and system administrators who need to query and manage Splunk resources through conversational interfaces.
Lists all available MCP tools with their descriptions and parameters
Returns a list of available Splunk apps to verify connectivity
Simple ping endpoint to verify MCP server is alive
Returns information about the currently authenticated user
Returns a list of all users and their roles
Returns a list of all accessible Splunk indexes
Returns detailed information about a specific index. Parameters: index_name (string)
Returns a comprehensive list of indexes and their sourcetypes
Executes a Splunk search query. Parameters: search_query (string), earliest_time (string, optional), latest_time (string, optional), max_results (integer, optional)
Returns a list of saved searches in the Splunk instance
Lists all KV store collections
Creates a new KV store collection. Parameters: collection_name (string)
Deletes an existing KV store collection. Parameters: collection_name (string)
No reviews yet. Be the first to review!
Sign in to join the conversation
Highlight AIOur bundler currently only supports TypeScript-based servers. Check back soon!