MCP Server for Splunk

Overview Schema Related Servers Score Discussions

get_metadata

Retrieve distinct metadata values for Splunk indexes to discover available hosts, sourcetypes, or sources within a specified time window, aiding targeted query construction and data validation.

Instructions

Retrieve distinct metadata values for a given index to aid query construction. Use this tool when you need to discover which hosts, sourcetypes, or sources are present in an index within a recent time window. This is useful for building targeted searches or validating data availability. Results are constrained by your Splunk permissions.

Args: index (str): Target index to inspect (e.g., 'main', 'security') field (str, optional): Metadata field to list values for. One of 'host', 'sourcetype', or 'source' (default: 'host') earliest_time (str, optional): Search start time (e.g., '-24h@h') (default: '-24h@h') latest_time (str, optional): Search end time (e.g., 'now') (default: 'now') limit (int, optional): Maximum number of distinct values to return (default: 100)

Response Format: Returns a dictionary with 'status' and 'data' containing:

field: Requested field name
index: Target index
values: Array of distinct values (up to 'limit')
count: Number of values returned

Input Schema

TableJSON Schema

Name	Required	Default
`index`	Yes
`field`	No	host
`earliest_time`	No	-24h@h
`latest_time`	No	now
`limit`	No

Install Server

Other Tools

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/deslicer/mcp-for-splunk'

If you have feedback or need assistance with the MCP directory API, please join our Discord server