Which integrations are available for this server?

Provides capabilities to integrate with Elastic log providers for fetching security event data and performing automated threat detection and log analysis. Enables AI agents to fetch and analyze enterprise security logs from Splunk to identify threats like SSH brute force attempts and perform runbook-based security reasoning.

How do I use MCP Splunk?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@MCP Splunk Analyze the last hour of logs for any SSH brute force attempts." That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

MCP Splunk — Full Setup & Architecture Guide

This guide explains:

• utilities & frameworks used
• how each component fits in the architecture
• step‑by‑step Windows local setup
• how MCP, RAG, LangGraph, Guardrails & LLM integrate
• basic → advanced usage flow

🧩 Architecture & Technology Flow

User → Streamlit UI → LangGraph Agent │ ▼ ┌────────────────────────────┐ │ AGENT ORCHESTRATION │ │ LangGraph │ └────────────┬───────────────┘ │ ┌────────────┼─────────────┐ ▼ ▼ ▼ Log Fetch Runbook RAG Detection Engine (MCP API) (Vector DB) (Pattern Logic) │ │ │ └────────────┴─────────────┘ ▼ LLM Reasoning Layer (OpenRouter / Llama3) ▼ Guardrails Validation (Pydantic) ▼ Structured Response

🧰 Utilities & Frameworks Used

Core Runtime

Python 3.10+

Primary runtime for orchestration and services.

LLM Layer

OpenRouter + Llama‑3

Used for reasoning over logs and generating security findings.

LangChain Ecosystem

LangChain

Provides embedding and vector search integration.

LangGraph

Used for deterministic agent orchestration.

✔ stateful workflows
✔ branching logic
✔ production reliability

LangSmith (Optional)

Observability & debugging for agent flows.

RAG Stack

SentenceTransformers

Creates semantic embeddings.

Model:

all-MiniLM-L6-v2

ChromaDB

Local vector database storing runbook embeddings.

MCP Service Layer

FastAPI

Provides log access endpoints.

Simulates enterprise log providers like Splunk or Elastic.

Guardrails

Pydantic

Validates LLM output structure.

Prevents malformed responses.

Detection Engine

Custom Python detection for:

✔ SSH brute force attempts
✔ suspicious IP activity

🖥️ Windows Local Setup

1️⃣ Install Python

Verify:

python --version

2️⃣ Clone Repo

git clone https://github.com/vforvishal12/mcp-splunk.git cd mcp-splunk

3️⃣ Virtual Environment

python -m venv venv venv\Scripts\activate

4️⃣ Install Dependencies

pip install -r requirements.txt

If needed:

pip install streamlit fastapi uvicorn requests python-dotenv pip install langchain langgraph chromadb sentence-transformers pip install openai pydantic

5️⃣ Environment Variables

Create .env

OPENAI_API_KEY=your_key

6️⃣ Build Vector DB

Run once:

python

from agent.rag import build_vector_db build_vector_db() exit()

7️⃣ Start MCP Server

uvicorn mcp_server:app --port 9000

Verify:

http://localhost:9000/service_health

8️⃣ Launch App

streamlit run app.py

Open:

http://localhost:8501

🔄 Execution Flow

User submits query
Agent fetches logs via MCP
Logs parsed & categorized
Threat detection executed
Runbook context retrieved (RAG)
LLM generates security analysis
Guardrails validate output
Structured results displayed

🧠 Basic vs Advanced Usage

Basic

✔ run locally
✔ detect suspicious activity

Advanced

✔ integrate Splunk/Elastic
✔ stream logs via Kafka
✔ enable LangSmith tracing
✔ deploy via Docker & Kubernetes

🚀 Production Upgrade Path

Replace file logs → streaming ingestion
deploy vector DB remotely
enable SIEM alerting
multi-host correlation

This server cannot be installed

-

security - not tested

F

license - not found

-

quality - not tested

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Report Issue

Related Servers

MCP Splunk