Splunk

Provides guarded access to Splunk data via MCP with validation, streaming, and index/search capabilities.
  • typescript

21

GitHub Stars

typescript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "splunk-splunk-mcp-server2": {
      "command": "python",
      "args": [
        "server.py"
      ]
    }
  }
}

You can deploy the Splunk MCP Server to let AI assistants securely search, analyze, and validate Splunk queries with built-in guardrails. It exposes a standardized MCP interface so AI tools can discover capabilities, run safe searches, and stream results while protecting sensitive data and Splunk resources.

How to use

You use the server by running one of the available implementations locally or connecting to a remote MCP endpoint. The server exposes tools for validating SPL queries, performing oneshot searches, exporting large results, listing indexes and saved searches, and running saved configurations. Your MCP client will interact with these tools through the standard MCP protocol, enabling secure, guarded access to Splunk data without exposing raw credentials or allowing unsafe operations.

How to install

Prerequisites: you need Python and Node.js installed on your system to run the two provided implementations.

Choose your preferred implementation and follow the steps.

Python Quick Start

cd python
cp .env.example .env
# Edit .env with your Splunk credentials
pip install -e .
python server.py

TypeScript Quick Start

cd typescript
cp .env.example .env
# Edit .env with your Splunk credentials
npm install
npm start

Configuration notes

Two parallel implementations are provided. Each runs as a local process using standard input/output or server-side streams for communication with your MCP client. You can choose the Python or TypeScript version based on your preferred language and ecosystem.

Security and best practices

  • Store credentials securely in environment files and never commit them to version control.
  • Run in a trusted network and enable TLS for production deployments.
  • Apply least-privilege principles for Splunk accounts used by the server.
  • All queries are validated and outputs are sanitized to protect sensitive data.

Notes

The server supports both local (stdio) and transport-based (SSE/stdio) communications, allowing you to plug in various MCP clients. If you need to customize how you run the server, adjust the environment file and the startup command to suit your deployment environment.

Available tools

validate_spl

Validate SPL queries for risks before execution to prevent unsafe or resource-intensive operations.

search_oneshot

Execute blocking searches and return immediate results for quick insight.

search_export

Stream large result sets efficiently for exporting data.

get_indexes

List available Splunk indexes with metadata to understand data sources.

get_saved_searches

Access saved search configurations for quick reuse.

run_saved_search

Execute pre-configured saved searches to retrieve predefined insights.

get_config

Retrieve server configuration details and current settings.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational