splunk-mcp

livehybrid/splunk-mcp

3.5
databasescloud_platforms

If you are the rightful owner of splunk-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language.

Tools
6
Resources
0
Prompts
0

Splunk MCP (Model Context Protocol) Tool

A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources through an intuitive interface.

Operating Modes

The tool operates in three modes:

  1. SSE Mode (Default)

    • Server-Sent Events based communication
    • Real-time bidirectional interaction
    • Suitable for web-based MCP clients
    • Default mode when no arguments provided
    • Access via /sse endpoint

  2. API Mode

    • RESTful API endpoints
    • Access via /api/v1 endpoint prefix
    • Start with python splunk_mcp.py api

  3. STDIO Mode

    • Standard input/output based communication
    • Compatible with Claude Desktop and other MCP clients
    • Ideal for direct integration with AI assistants
    • Start with python splunk_mcp.py stdio

Features

  • Splunk Search: Execute Splunk searches with natural language queries
  • Index Management: List and inspect Splunk indexes
  • User Management: View and manage Splunk users
  • KV Store Operations: Create, list, and manage KV store collections
  • Async Support: Built with async/await patterns for better performance
  • Detailed Logging: Comprehensive logging with emoji indicators for better visibility
  • SSL Configuration: Flexible SSL verification options for different security requirements
  • Enhanced Debugging: Detailed connection and error logging for troubleshooting
  • Comprehensive Testing: Unit tests covering all major functionality
  • Error Handling: Robust error handling with appropriate status codes
  • SSE Compliance: Fully compliant with MCP SSE specification

Available MCP Tools

The following tools are available via the MCP interface:

Tools Management

  • list_tools
    • Lists all available MCP tools with their descriptions and parameters

Health Check

  • health_check
    • Returns a list of available Splunk apps to verify connectivity
  • ping
    • Simple ping endpoint to verify MCP server is alive

User Management

  • current_user
    • Returns information about the currently authenticated user
  • list_users
    • Returns a list of all users and their roles

Index Management

  • list_indexes
    • Returns a list of all accessible Splunk indexes
  • get_index_info
    • Returns detailed information about a specific index
    • Parameters: index_name (string)
  • indexes_and_sourcetypes
    • Returns a comprehensive list of indexes and their sourcetypes

Search

  • search_splunk
    • Executes a Splunk search query
    • Parameters:
      • search_query (string): Splunk search string
      • earliest_time (string, optional): Start time for search window
      • latest_time (string, optional): End time for search window
      • max_results (integer, optional): Maximum number of results to return
  • list_saved_searches
    • Returns a list of saved searches in the Splunk instance

KV Store

  • list_kvstore_collections
    • Lists all KV store collections
  • create_kvstore_collection
    • Creates a new KV store collection
    • Parameters: collection_name (string)
  • delete_kvstore_collection
    • Deletes an existing KV store collection
    • Parameters: collection_name (string)

SSE Endpoints

When running in SSE mode, the following endpoints are available:

  • /sse: Returns SSE connection information in text/event-stream format

    • Provides metadata about the SSE connection
    • Includes URL for the messages endpoint
    • Provides protocol and capability information

  • /sse/messages: The main SSE stream endpoint

    • Streams system events like heartbeats
    • Maintains persistent connection
    • Sends properly formatted SSE events

  • /sse/health: Health check endpoint for SSE mode

    • Returns status and version information in SSE format

Error Handling

The MCP implementation includes consistent error handling:

  • Invalid search commands or malformed requests
  • Insufficient permissions
  • Resource not found
  • Invalid input validation
  • Unexpected server errors
  • Connection issues with Splunk server

All error responses include a detailed message explaining the error.

Installation

Using UV (Recommended)

UV is a fast Python package installer and resolver, written in Rust. It's significantly faster than pip and provides better dependency resolution.

Prerequisites
Quick Start with UV

  1. Clone the repository:

    git clone <repository-url>
cd splunk-mcp

  2. Install dependencies with UV:

    # Install main dependencies
uv sync

# Or install with development dependencies
uv sync --extra dev

  3. Run the application:

    # SSE mode (default)
uv run python splunk_mcp.py

# STDIO mode
uv run python splunk_mcp.py stdio

# API mode
uv run python splunk_mcp.py api
UV Commands Reference
# Install dependencies
uv sync

# Install with development dependencies
uv sync --extra dev

# Run the application
uv run python splunk_mcp.py

# Run tests
uv run pytest

# Run with specific Python version
uv run --python 3.11 python splunk_mcp.py

# Add a new dependency
uv add fastapi

# Add a development dependency
uv add --dev pytest

# Update dependencies
uv sync --upgrade

# Generate requirements.txt
uv pip compile pyproject.toml -o requirements.txt

Using Poetry (Alternative)

If you prefer Poetry, you can still use it:

# Install dependencies
poetry install

# Run the application
poetry run python splunk_mcp.py

Using pip (Alternative)

# Install dependencies
pip install -r requirements.txt

# Run the application
python splunk_mcp.py

Operating Modes

The tool operates in three modes:

  1. SSE Mode (Default)

    • Server-Sent Events based communication
    • Real-time bidirectional interaction
    • Suitable for web-based MCP clients
    • Default mode when no arguments provided
    • Access via /sse endpoint

  2. API Mode

    • RESTful API endpoints
    • Access via /api/v1 endpoint prefix
    • Start with python splunk_mcp.py api

  3. STDIO Mode

    • Standard input/output based communication
    • Compatible with Claude Desktop and other MCP clients
    • Ideal for direct integration with AI assistants
    • Start with python splunk_mcp.py stdio

Usage

Local Usage

The tool can run in three modes:

  1. SSE mode (default for MCP clients):
# Start in SSE mode (default)
poetry run python splunk_mcp.py
# or explicitly:
poetry run python splunk_mcp.py sse

# Use uvicorn directly:
SERVER_MODE=api poetry run uvicorn splunk_mcp:app --host 0.0.0.0 --port 8000 --reload
  1. STDIO mode:
poetry run python splunk_mcp.py stdio

Docker Usage

The project supports both the new docker compose (V2) and legacy docker-compose (V1) commands. The examples below use V2 syntax, but both are supported.

  1. SSE Mode (Default):
docker compose up -d mcp
  1. API Mode:
docker compose run --rm mcp python splunk_mcp.py api
  1. STDIO Mode:
docker compose run -i --rm mcp python splunk_mcp.py stdio

Testing with Docker

The project includes a dedicated test environment in Docker:

  1. Run all tests:
./run_tests.sh --docker
  1. Run specific test components:
# Run only the MCP server
docker compose up -d mcp

# Run only the test container
docker compose up test

# Run both with test results
docker compose up --abort-on-container-exit

Test results will be available in the ./test-results directory.

Docker Development Tips

  1. Building Images:
# Build both images
docker compose build

# Build specific service
docker compose build mcp
docker compose build test
  1. Viewing Logs:
# View all logs
docker compose logs

# Follow specific service logs
docker compose logs -f mcp
  1. Debugging:
# Run with debug mode
DEBUG=true docker compose up mcp

# Access container shell
docker compose exec mcp /bin/bash

Note: If you're using Docker Compose V1, replace docker compose with docker-compose in the above commands.

Security Notes

  1. Environment Variables:
  • Never commit .env files
  • Use .env.example as a template
  • Consider using Docker secrets for production
  1. SSL Verification:
  • VERIFY_SSL=true recommended for production
  • Can be disabled for development/testing
  • Configure through environment variables
  1. Port Exposure:
  • Only expose necessary ports
  • Use internal Docker network when possible
  • Consider network security in production

Environment Variables

Configure the following environment variables:

  • SPLUNK_HOST: Your Splunk host address
  • SPLUNK_PORT: Splunk management port (default: 8089)
  • SPLUNK_USERNAME: Your Splunk username
  • SPLUNK_PASSWORD: Your Splunk password
  • SPLUNK_TOKEN: (Optional) Splunk authentication token. If set, this will be used instead of username/password.
  • SPLUNK_SCHEME: Connection scheme (default: https)
  • VERIFY_SSL: Enable/disable SSL verification (default: true)
  • FASTMCP_LOG_LEVEL: Logging level (default: INFO)
  • SERVER_MODE: Server mode (sse, api, stdio) when using uvicorn

SSL Configuration

The tool provides flexible SSL verification options:

  1. Default (Secure) Mode:
VERIFY_SSL=true
  • Full SSL certificate verification
  • Hostname verification enabled
  • Recommended for production environments
  1. Relaxed Mode:
VERIFY_SSL=false
  • SSL certificate verification disabled
  • Hostname verification disabled
  • Useful for testing or self-signed certificates

Testing

The project includes comprehensive test coverage using pytest and end-to-end testing with a custom MCP client:

Running Tests

Basic test execution:

poetry run pytest

With coverage reporting:

poetry run pytest --cov=splunk_mcp

Related MCP Servers

View all databases servers →
mysql_mcp_server

mysql_mcp_server

4.5

by designcomputer

MySQL MCP Server is a Model Context Protocol implementation that facilitates secure interaction between AI applications and MySQL databases.

databases
mcp-server-neon

mcp-server-neon

4.4

by neondatabase-labs

Neon MCP Server is an open-source tool that enables natural language interaction with Neon Postgres databases.

databases
mcp-notion-server

mcp-notion-server

4.4

by suekou

MCP Server for the Notion API, enabling LLM to interact with Notion workspaces. Additionally, it employs Markdown conversion to reduce context size when communicating with LLMs, optimizing token usage and making interactions more efficient.

databases
pg-mcp-server

pg-mcp-server

4.4

by stuzero

unknown

databases
mcp-alchemy

mcp-alchemy

4.3

by runekaagaard

MCP Alchemy is a model context protocol server that connects Claude Desktop to various databases, enabling advanced database exploration and query execution.

databases
notion-mcp-server

notion-mcp-server

4.3

by makenotion

This project implements an MCP server for the Notion API, allowing integration with LLMs.

databases
mcp-server-duckdb

mcp-server-duckdb

4.2

by ktanaka101

A Model Context Protocol (MCP) server implementation for DuckDB, providing database interaction capabilities through MCP tools.

databases
mongodb-mcp-server

mongodb-mcp-server

4.2

by mongodb-js

A Model Context Protocol server for interacting with MongoDB Databases and MongoDB Atlas.

databases
notion-mcp-server

notion-mcp-server

4.2

by awkoy

Notion MCP Server is a Model Context Protocol server implementation that enables AI assistants to interact with Notion's API, providing tools for reading, creating, and modifying Notion content through natural language interactions.

ai_chatbot
supabase-mcp

supabase-mcp

4.2

by supabase-community

Connect your Supabase projects to AI assistants using the Model Context Protocol (MCP) server.

databases
mcp-graphql

mcp-graphql

3.9

by blurrah

A Model Context Protocol server that enables LLMs to interact with GraphQL APIs, providing schema introspection and query execution capabilities.

databases
db-mcp-server

db-mcp-server

3.9

by FreePeak

A powerful multi-database server implementing the Model Context Protocol (MCP) to provide AI assistants with structured access to databases.

databases
sqlite-explorer-fastmcp-mcp-server

sqlite-explorer-fastmcp-mcp-server

3.9

by hannesrudolph

SQLite Explorer MCP Server provides safe, read-only access to SQLite databases using the FastMCP framework.

databases
mcp-server

mcp-server

3.9

by keboola

Keboola MCP Server connects AI agents and MCP clients to Keboola, enabling data access and transformations without glue code.

cloud_platforms
airtable-mcp

airtable-mcp

3.8

by felores

A Model Context Protocol server for interacting with Airtable's API, enabling programmatic management of Airtable bases, tables, fields, and records.

databases
anyquery

anyquery

3.7

by julien040

Anyquery is a versatile SQL query engine that allows users to run SQL queries on various data sources, including files, databases, and applications, with support for LLMs and MySQL server functionality.

databases
mcp-server-elasticsearch

mcp-server-elasticsearch

3.7

by elastic

This server connects agents to your Elasticsearch data using the Model Context Protocol, allowing interaction with Elasticsearch indices through natural language conversations.

databases
openehr-mcp-server

openehr-mcp-server

3.7

by deak-ai

An MCP server designed to interface with openEHR REST APIs, specifically the EHRbase implementation.

databases
airtable-mcp-server

airtable-mcp-server

3.6

by domdomegg

A Model Context Protocol server that provides read and write access to Airtable databases, enabling LLMs to inspect database schemas and manage records.

databases
atlas-mcp-server

atlas-mcp-server

3.6

by cyanheads

ATLAS (Adaptive Task & Logic Automation System) is a project, knowledge, and task management system for LLM Agents, implemented as a Model Context Protocol (MCP) server.

developer_tools
xiyan_mcp_server

xiyan_mcp_server

3.6

by XGenerationLab

XiYan MCP Server is a Model Context Protocol server that enables natural language queries to databases, powered by XiYan-SQL, a state-of-the-art text-to-SQL model.

databases
mcp-server-splunk

mcp-server-splunk

3.6

by jkosik

A Go implementation of the MCP server for Splunk, supporting STDIO and SSE (Server-Sent Events HTTP API) using the github.com/mark3labs/mcp-go SDK.

cloud_platforms
mcp-mongo-server

mcp-mongo-server

3.6

by kiliczsh

A Model Context Protocol server that enables LLMs to interact with MongoDB databases, providing capabilities for inspecting collection schemas and executing MongoDB operations through a standardized interface.

databases
mcp-snowflake-server

mcp-snowflake-server

3.6

by isaacwasserman

A Model Context Protocol (MCP) server implementation that provides database interaction with Snowflake.

databases
mongo-mcp

mongo-mcp

3.6

by QuantGeekDev

A Model Context Protocol (MCP) server that enables LLMs to interact directly with MongoDB databases. Query collections, inspect schemas, and manage data seamlessly through natural language.

databases
mcp-database-server

mcp-database-server

3.6

by executeautomation

The MCP Database Server provides database access capabilities to Claude, supporting SQLite, SQL Server, and PostgreSQL databases.

databases
redshift-utils-mcp

redshift-utils-mcp

3.6

by vinodismyname

Redshift Utils MCP Server is a Model Context Protocol server designed to integrate LLM capabilities with Amazon Redshift databases.

databases