splunk/splunk-mcp-server2
If you are the rightful owner of splunk-mcp-server2 and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
The Splunk MCP Server is a Model Context Protocol server that facilitates secure interaction between AI assistants and Splunk data.
Splunk MCP Server
A Model Context Protocol (MCP) server that enables AI assistants to securely search, analyze, and validate Splunk queries with built-in safety guardrails.
Overview
The Splunk MCP Server provides a standardized interface for AI assistants (like Claude, GitHub Copilot, etc.) to interact with Splunk Enterprise or Splunk Cloud. It implements the Model Context Protocol, allowing seamless integration between AI tools and your Splunk data.
Key Features
- Smart Search Integration: Execute SPL queries with multiple output formats (JSON, Markdown, CSV, Summary)
- Built-in Safety Guardrails: Automatic validation to prevent destructive or resource-intensive queries
- Data Protection: Automatic sanitization of sensitive data (credit cards, SSNs)
- Dual Transport Support: Both SSE (Server-Sent Events) and stdio transports
- Rich Splunk Features: Access indexes, saved searches, and execute complex queries
- Docker Ready: Containerized deployment options for both implementations
What is MCP?
The Model Context Protocol (MCP) is an open standard that enables seamless integration between AI assistants and external data sources. It provides:
- Standardized Communication: A common protocol for AI assistants to interact with external tools
- Security: Built-in authentication and authorization mechanisms
- Flexibility: Support for various transport mechanisms (stdio, SSE, WebSocket)
- Tool Discovery: Assistants can discover available tools and their capabilities
Available Implementations
This project provides two feature-complete implementations:
- Built with FastMCP framework for simplified development
- Async/await architecture for efficient performance
- Includes comprehensive test suite and interactive tools
- Docker support with management scripts
- Full type safety with TypeScript
- Built on the official MCP SDK
- Compatible with Node.js 18+
- Production-ready with compiled JavaScript output
Quick Start
Choose your preferred implementation:
Python Quick Start
cd python
cp .env.example .env
# Edit .env with your Splunk credentials
pip install -e .
python server.py
TypeScript Quick Start
cd typescript
cp .env.example .env
# Edit .env with your Splunk credentials
npm install
npm start
Core Capabilities
Available Tools
validate_spl
- Validate SPL queries for risks before executionsearch_oneshot
- Execute blocking searches with immediate resultssearch_export
- Stream large result sets efficientlyget_indexes
- List available Splunk indexes with metadataget_saved_searches
- Access saved search configurationsrun_saved_search
- Execute pre-configured saved searchesget_config
- Retrieve server configuration
Safety Features
The server includes intelligent guardrails to protect your Splunk environment:
- Risk Scoring: Queries are analyzed and assigned risk scores (0-100)
- Configurable Thresholds: Set your own risk tolerance levels
- Query Blocking: Dangerous queries are blocked before execution
- Performance Protection: Detects resource-intensive patterns
- Audit Trail: All queries are validated and logged
Supported Clients
- Claude Desktop
- Claude Code
- VS Code Copilot
- Any MCP-compatible client
Architecture
Both implementations follow the same architecture:
βββββββββββββββ MCP Protocol βββββββββββββββ REST API ββββββββββββ
β AI Assistantβ βββββββββββββββββββΊ β MCP Server β βββββββββββββββΊ β Splunk β
β (Client) β stdio/SSE/WS β (This Repo) β Port 8089 β Instance β
βββββββββββββββ βββββββββββββββ ββββββββββββ
Security Considerations
- Credentials: Store securely in
.env
files (never commit to version control) - Network: Use SSL/TLS for production deployments
- Permissions: Apply principle of least privilege for Splunk accounts
- Validation: All queries are validated before execution
- Sanitization: Sensitive data is automatically masked in outputs
Project Structure
splunk-mcp-server/
βββ README.md # This file
βββ LICENSE # MIT License
βββ python/ # Python implementation
β βββ README.md # Detailed Python documentation
β βββ server.py # Main server implementation
β βββ guardrails.py # Query validation logic
β βββ tests/ # Test suite and tools
βββ typescript/ # TypeScript implementation
βββ README.md # Detailed TypeScript documentation
βββ server.ts # Main server implementation
βββ guardrails.ts # Query validation logic
βββ tests/ # Test scripts
Contributing
We welcome contributions! Please see the implementation-specific README files for development setup and guidelines.
License
This project is licensed under the MIT License - see the file for details.
Support
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- MCP Documentation: modelcontextprotocol.io
- Splunk REST API: Splunk Documentation
Choose your preferred implementation above to get started with detailed setup instructions, configuration options, and usage examples.