Best Splunk MCP Servers

Splunk is a software platform that enables users to search, monitor, and analyze machine-generated data through a web-style interface. It specializes in collecting and indexing massive amounts of data to provide real-time visibility, troubleshooting, and security for IT operations, security, and business analytics.

View all Splunk MCP Servers

Why this server?
Supports Splunk log integration through JSON log format output, allowing structured logging events to be consumed by Splunk's log aggregation platform.
ssh-mcp
Shell Access Command Line OS Automation
blackaxgit
A
license
A
quality
C
maintenance
Enables AI assistants to execute shell commands and transfer files via SFTP across remote servers using existing SSH configurations. It supports parallel execution on server groups and provides built-in safety warnings for potentially destructive commands.
Last updated 2026-05-11
6
1
Mozilla Public 2.0
Why this server?
Provides tools for querying Cribl Stream and Edge deployments, including retrieval of worker groups, fleets, sources (including Splunk collectors), destinations, pipelines, routes, event breakers, and lookups with full configuration details.
SNC Cribl MCP
Monitoring Observability Data Platforms
atree1023
A
license
A
quality
D
maintenance
Enables querying and exploring Cribl Stream and Edge deployments, providing access to worker groups, fleets, sources, destinations, pipelines, routes, event breakers, and lookups through a structured interface.
Last updated 2026-05-20
7
1
MIT No Attribution
Why this server?
Enables AI agents to interact with Splunk Enterprise/Cloud environments, providing comprehensive tools for search and analytics, data discovery, administration, health monitoring, and AI-powered troubleshooting workflows. Includes capabilities for natural language to SPL conversion, real-time search management, metadata exploration, user and app management, system health monitoring, and automated diagnostic procedures.
MCP Server for Splunk
Observability Monitoring Hybrid
deslicer
A
license
A
quality
B
maintenance
Enables AI agents to interact seamlessly with Splunk environments through 20+ tools for search, analytics, data discovery, administration, and health monitoring. Features AI-powered troubleshooting workflows and supports multiple Splunk instances with production-ready security.
Last updated 2026-05-11
53
22
Why this server?
Allows for interacting with Splunk Enterprise/Cloud through natural language queries. Supports executing Splunk searches, managing indexes, viewing users, and performing KV store operations.
splunk-mcp
Observability Monitoring Search
livehybrid
A
license
B
quality
C
maintenance
A FastMCP-based tool for interacting with Splunk Enterprise/Cloud through natural language. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources
Last updated 2025-10-29
12
102
Apache 2.0
Why this server?
Provides detection lookup files for enrichment in Splunk, enabling efficient lookup operations for threat detection.
agentic-detection-lookups
Security Search Local
detection-forge
A
license
A
quality
B
maintenance
Machine-readable detection lookups for SIEM enrichment and AI agents. Query 800+ LOLBAS and GTFOBins binaries plus process parent-child baselines — get risk levels, abuse categories, and MITRE ATT\&CK mappings without embedding data in prompts.
Last updated 2026-05-17
6
Apache 2.0
Why this server?
Provides programmatic access to Splunkbase functionality, allowing users to search for apps, retrieve app information, check compatibility with Splunk versions, and download apps from Splunkbase.
Splunkbase MCP Server
Search Developer Tools Remote
cschmidt0121
A
license
B
quality
C
maintenance
A Machine Control Protocol server providing programmatic access to Splunkbase functionality, allowing users to search, download, and manage Splunkbase apps through a standardized interface.
Last updated 2025-03-27
3
MIT
Why this server?
Allows interaction with Splunk services including support for Splunk HEC (HTTP Event Collector) as a data source within Cribl Stream.
cribl-mcp
Monitoring Data Platforms Remote
pebbletek
A
license
A
quality
D
maintenance
This server acts as a MCP bridge to interact with the Cribl REST API. It allows AI models or other MCP clients to query and manage Cribl configurations.
Last updated 2025-05-07
10
36
5
MIT
Why this server?
Enables SQL queries against Splunk machine data analytics through CData's JDBC driver
Kintone MCP Server by CDataofficial
Databases RAG Systems Local
CDataSoftware
A
license
-
quality
C
maintenance
Kintone MCP Server by CData
Last updated 2025-10-18
1
MIT
Why this server?
Enables SQL-based access to Splunk logs and analytics data.
Active Directory MCP Server byofficial
Databases Developer Tools RAG Systems
CDataSoftware
A
license
-
quality
C
maintenance
Active Directory MCP Server by CData
Last updated 2025-10-18
4
MIT

ssh-mcp

SNC Cribl MCP

MCP Server for Splunk

splunk-mcp

agentic-detection-lookups

Splunkbase MCP Server

cribl-mcp

Kintone MCP Server by CDataofficial

Active Directory MCP Server byofficial