rsfl/splunk-mcp-server

splunk-mcp-server

Proof of Concept Splunk MCP server plus MCP file Server by Rod Soto

Environment

• Windows 11 Home 10.0.26100 Build 26100
• Claude Desktop (Windows 0.10.14)
• Splunk 9.3
• Node.js v8.17.0
• NPM 10.9.2

Install Instructions

• Install Node.js, NPM and Claude Desktop

• Create a directory to store MCP files

• Install dependencies

  • cd folder you created
  • npm init -y
  • npm install
  • npm install @modelcontextprotocol/server-filesystem
  • npm install @modelcontextprotocol/sdk
  • npm install splunk-sdk

• Download the files (packages.json {npm dependencies}, claude_desktop_config.json {claude config}, splunk-server.js {mcp server code})

• Place "claude_desktop_config.json" at "C:\Users*user*\AppData\Roaming\Claude"

• Modify directories at desktop json file and splunk auth information

• Remember to close and re open claude desktop for your changes to take effect (Use task manager in windows)

  Operation

  • Ask Claude if there are MCP Servers running, you should get an answer showing file and Splunk MCP Server running
  • Ask Claude for relevant indexes in your splunk instances or input SPL and ask cloude to execute it.
  • Windows paths need double backslashes (\) or forward slashes (/).
  • MCP servers are started automatically by Claude Desktop when it reads your config file - they don't start separately.
  • Ask a simple question as in how many files are inside the folder, Claude can read their content as well.
  • Have fun :)

  MCP Logs

  • Location of MCP Logs is "C:\Users*user*\AppData\Roaming\Claude\logs"

Note: This is a POC. Here are some links for MCP security

• https://www.nccgroup.com/us/research-blog/5-mcp-security-tips/#:~:text=In%20an%20environment%20where%20several,good%20health%20(and%20security).

Also Splunk

• https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/introduction-to-securing-the-splunk-platform/about-securing-the-splunk-platform

  ##Remember if you allow it MCP/Claude can WRITE to your system.