MCP Server for Splunk

get_troubleshooting_guide

Retrieve detailed troubleshooting guides for Splunk topics, with diagnostics, solutions, and best practices to resolve issues.

Instructions

Get detailed Splunk troubleshooting documentation for specific topics. Returns comprehensive troubleshooting guides with diagnostics, solutions, and best practices as an embedded resource.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`topic`	Yes	Troubleshooting topic. Use list_troubleshooting_topics() to see all available topics. Common topics include: - 'metrics-log' - About metrics.log for performance monitoring - 'splunk-logs' - What Splunk logs about itself - 'platform-instrumentation' - Platform instrumentation overview - 'search-problems' - Splunk web and search problems - 'indexing-performance' - Indexing performance issues - 'indexing-delay' - Event indexing delays - 'authentication-timeouts' - Authentication timeout issues
`version`	No	Splunk version for documentation. Examples: - '9.4' - Splunk 9.4 documentation - '9.3' - Splunk 9.3 documentation - 'latest' - Latest version (default)	latest
`auto_detect_version`	No	Whether to auto-detect Splunk version from connected instance. Defaults to True.

Implementation Reference

src/tools/docs/splunk_docs_tools.py:1032-1124 (handler)

The GetTroubleshootingGuide class (lines 1032-1124) is the handler class for the 'get_troubleshooting_guide' tool. Its execute() method (lines 1069-1106) takes a topic, version, and auto_detect_version parameters, creates a TroubleshootingResource, and returns the content as an embedded resource.

class GetTroubleshootingGuide(BaseTool):
    """
    Get Splunk troubleshooting documentation.

    Returns detailed troubleshooting guides for specific topics.
    """

    METADATA = ToolMetadata(
        name="get_troubleshooting_guide",
        description=(
            "Get detailed Splunk troubleshooting documentation for specific topics. "
            "Returns comprehensive troubleshooting guides with diagnostics, solutions, "
            "and best practices as an embedded resource.\n\n"
            "Args:\n"
            "    topic (str): Troubleshooting topic. Use list_troubleshooting_topics() to see "
            "all available topics. Common topics include:\n"
            "        - 'metrics-log' - About metrics.log for performance monitoring\n"
            "        - 'splunk-logs' - What Splunk logs about itself\n"
            "        - 'platform-instrumentation' - Platform instrumentation overview\n"
            "        - 'search-problems' - Splunk web and search problems\n"
            "        - 'indexing-performance' - Indexing performance issues\n"
            "        - 'indexing-delay' - Event indexing delays\n"
            "        - 'authentication-timeouts' - Authentication timeout issues\n"
            "    version (str, optional): Splunk version for documentation. Examples:\n"
            "        - '9.4' - Splunk 9.4 documentation\n"
            "        - '9.3' - Splunk 9.3 documentation\n"
            "        - 'latest' - Latest version (default)\n"
            "    auto_detect_version (bool, optional): Whether to auto-detect Splunk version "
            "from connected instance. Defaults to True.\n\n"
            "Returns embedded resource with detailed troubleshooting guide.\n\n"
            "💡 Tip: Use list_troubleshooting_topics() to discover all available topics."
        ),
        category="documentation",
        tags=["troubleshooting", "diagnostics", "guides", "embedded-resource"],
        requires_connection=False,
    )

    async def execute(
        self, ctx: Context, topic: str, version: str = "latest", auto_detect_version: bool = True
    ) -> dict[str, Any]:
        """Execute troubleshooting guide retrieval and return embedded resource."""
        log_tool_execution(
            self.name, topic=topic, version=version, auto_detect_version=auto_detect_version
        )

        try:
            # Auto-detect version if requested
            if auto_detect_version and version in ["auto", "latest"]:
                version = await self._detect_splunk_version(ctx)

            resource = TroubleshootingResource(version, topic)
            content = await resource.get_content(ctx)

            uri = f"splunk-docs://{version}/troubleshooting/{topic}"

            return self.format_success_response(
                {
                    "content": [
                        {
                            "type": "resource",
                            "resource": {
                                "uri": uri,
                                "title": f"Troubleshooting: {topic}",
                                "mimeType": "text/markdown",
                                "text": content,
                            },
                        }
                    ]
                }
            )

        except Exception as e:
            error_msg = f"Failed to retrieve troubleshooting guide for topic '{topic}': {str(e)}"
            self.logger.error(error_msg)
            return self.format_error_response(error_msg)

    async def _detect_splunk_version(self, ctx: Context) -> str:
        """Detect Splunk version from connected instance."""
        try:
            from src.tools.health.status import GetSplunkHealth

            health_tool = GetSplunkHealth("get_splunk_health", "Get Splunk health status")
            health_result = await health_tool.execute(ctx)

            if (
                health_result.get("status") == "success"
                and health_result.get("data", {}).get("status") == "connected"
            ):
                return health_result["data"].get("version", "latest")
        except Exception as e:
            logger.warning(f"Failed to detect Splunk version: {e}")

        return "latest"

src/tools/docs/splunk_docs_tools.py:1039-1067 (schema)

The METADATA definition on the GetTroubleshootingGuide class (lines 1039-1067) defines the tool's name ('get_troubleshooting_guide'), description with argument documentation (topic, version, auto_detect_version), category ('documentation'), and tags.

METADATA = ToolMetadata(
    name="get_troubleshooting_guide",
    description=(
        "Get detailed Splunk troubleshooting documentation for specific topics. "
        "Returns comprehensive troubleshooting guides with diagnostics, solutions, "
        "and best practices as an embedded resource.\n\n"
        "Args:\n"
        "    topic (str): Troubleshooting topic. Use list_troubleshooting_topics() to see "
        "all available topics. Common topics include:\n"
        "        - 'metrics-log' - About metrics.log for performance monitoring\n"
        "        - 'splunk-logs' - What Splunk logs about itself\n"
        "        - 'platform-instrumentation' - Platform instrumentation overview\n"
        "        - 'search-problems' - Splunk web and search problems\n"
        "        - 'indexing-performance' - Indexing performance issues\n"
        "        - 'indexing-delay' - Event indexing delays\n"
        "        - 'authentication-timeouts' - Authentication timeout issues\n"
        "    version (str, optional): Splunk version for documentation. Examples:\n"
        "        - '9.4' - Splunk 9.4 documentation\n"
        "        - '9.3' - Splunk 9.3 documentation\n"
        "        - 'latest' - Latest version (default)\n"
        "    auto_detect_version (bool, optional): Whether to auto-detect Splunk version "
        "from connected instance. Defaults to True.\n\n"
        "Returns embedded resource with detailed troubleshooting guide.\n\n"
        "💡 Tip: Use list_troubleshooting_topics() to discover all available topics."
    ),
    category="documentation",
    tags=["troubleshooting", "diagnostics", "guides", "embedded-resource"],
    requires_connection=False,
)

src/tools/docs/__init__.py:8-21 (registration)

GetTroubleshootingGuide is imported from splunk_docs_tools at line 15 and re-exported in __all__ at line 34 of src/tools/docs/__init__.py.

from .splunk_docs_tools import (
    DiscoverSplunkDocs,
    GetAdminGuide,
    GetSPLReference,
    GetSplunkCheatSheet,
    # Documentation tools
    GetSplunkDocumentation,
    GetTroubleshootingGuide,
    ListAdminTopics,
    # Discovery tools
    ListAvailableTopics,
    ListSPLCommands,
    ListTroubleshootingTopics,
)

src/tools/__init__.py:12-12 (registration)
The docs module is imported via 'from .docs import *' at line 12 in src/tools/__init__.py, and GetTroubleshootingGuide is listed in __all__ at line 63, making it available as a core tool.
```
from .docs import *  # noqa: F401,F403
```

src/tools/docs/splunk_docs_tools.py:1108-1124 (helper)

The _detect_splunk_version helper method (lines 1108-1124) is used by the execute() method to auto-detect the Splunk version from the connected instance when auto_detect_version is enabled.

async def _detect_splunk_version(self, ctx: Context) -> str:
    """Detect Splunk version from connected instance."""
    try:
        from src.tools.health.status import GetSplunkHealth

        health_tool = GetSplunkHealth("get_splunk_health", "Get Splunk health status")
        health_result = await health_tool.execute(ctx)

        if (
            health_result.get("status") == "success"
            and health_result.get("data", {}).get("status") == "connected"
        ):
            return health_result["data"].get("version", "latest")
    except Exception as e:
        logger.warning(f"Failed to detect Splunk version: {e}")

    return "latest"

Tool Definition Quality

A3.6/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description bears full burden. It describes return content as comprehensive guides with diagnostics and best practices, but lacks details on side effects, permissions, or rate limits. Minimal additional behavioral insight beyond schema.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two short sentences, no redundancy, directly conveys the tool's function and output. Efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

No output schema, but description explains return type as embedded guides. Parameters fully documented in schema. Could mention ability to list topics via sibling, but not necessary.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 100% coverage with detailed descriptions and examples. The tool description does not add new semantic information about parameters.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool retrieves detailed Splunk troubleshooting documentation for specific topics, distinguishing it from generic documentation tools like get_splunk_documentation. The verb 'get' and resource 'troubleshooting guides' are specific.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance on when to use this tool versus siblings. There is no mention of alternatives or context where this tool is appropriate.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/deslicer/mcp-for-splunk'

If you have feedback or need assistance with the MCP directory API, please join our Discord server