splunk-mcp-server2

splunk/splunk-mcp-server2

3.4

If you are the rightful owner of splunk-mcp-server2 and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Splunk MCP Server is a Model Context Protocol server that facilitates secure interaction between AI assistants and Splunk data.

The Splunk MCP Server provides a standardized interface for AI assistants to interact with Splunk Enterprise or Splunk Cloud. It implements the Model Context Protocol (MCP), enabling seamless integration between AI tools and Splunk data. The server supports smart search integration, allowing execution of SPL queries with various output formats such as JSON, Markdown, CSV, and Summary. It includes built-in safety guardrails to automatically validate queries, preventing destructive or resource-intensive operations. Additionally, the server ensures data protection by sanitizing sensitive information like credit card numbers and social security numbers. With dual transport support, it accommodates both SSE (Server-Sent Events) and stdio transports. The server is Docker-ready, offering containerized deployment options for both Python and TypeScript implementations.

Features

  • Smart Search Integration: Execute SPL queries with multiple output formats.
  • Built-in Safety Guardrails: Automatic validation to prevent harmful queries.
  • Data Protection: Automatic sanitization of sensitive data.
  • Dual Transport Support: Supports SSE and stdio transports.
  • Docker Ready: Containerized deployment options available.

Usages

usage with Claude Desktop

{
  "mcpServers": {
    "splunk": {
      "command": "python",
      "args": ["server.py"]
    }
  }
}

usage with VS Code

{
  "mcp": {
    "servers": {
      "splunk": {
        "command": "python",
        "args": ["server.py"]
      }
    }
  }
}

usage with Docker

{
  "mcpServers": {
    "splunk": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "splunk-mcp-server"
      ]
    }
  }
}

Tools

  1. validate_spl

    Validate SPL queries for risks before execution.

  2. search_oneshot

    Execute blocking searches with immediate results.

  3. search_export

    Stream large result sets efficiently.

  4. get_indexes

    List available Splunk indexes with metadata.

  5. get_saved_searches

    Access saved search configurations.

  6. run_saved_search

    Execute pre-configured saved searches.

  7. get_config

    Retrieve server configuration.