splunk-mcp

Overview Schema Related Servers Score Discussions

current_user

Retrieve authenticated user details including username, roles, email, and app settings from Splunk Enterprise/Cloud to verify access permissions and configuration.

Instructions

Get information about the currently authenticated user.

This endpoint retrieves:
- Basic user information (username, real name, email)
- Assigned roles
- Default app settings
- User type

Returns:
    Dict[str, Any]: Dictionary containing user information

Input Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

splunk_mcp.py:455-542 (handler)

The main handler function for the 'current_user' tool. It connects to Splunk, determines the current username from environment or context, retrieves the user object, extracts roles and other properties handling different formats, and returns a dictionary with user details including username, real_name, email, roles, capabilities, default_app, and type.

@mcp.tool()
async def current_user() -> Dict[str, Any]:
    """
    Get information about the currently authenticated user.
    
    This endpoint retrieves:
    - Basic user information (username, real name, email)
    - Assigned roles
    - Default app settings
    - User type
    
    Returns:
        Dict[str, Any]: Dictionary containing user information
    """
    try:
        service = get_splunk_connection()
        logger.info("👤 Fetching current user information...")
        
        # First try to get username from environment variable
        current_username = os.environ.get("SPLUNK_USERNAME", "admin")
        logger.debug(f"Using username from environment: {current_username}")
        
        # Try to get additional context information
        try:
            # Get the current username from the /services/authentication/current-context endpoint
            current_context_resp = service.get("/services/authentication/current-context", **{"output_mode":"json"}).body.read()
            current_context_obj = json.loads(current_context_resp)
            if "entry" in current_context_obj and len(current_context_obj["entry"]) > 0:
                context_username = current_context_obj["entry"][0]["content"].get("username")
                if context_username:
                    current_username = context_username
                    logger.debug(f"Using username from current-context: {current_username}")
        except Exception as context_error:
            logger.warning(f"⚠️ Could not get username from current-context: {str(context_error)}")
        
        try:
            # Get the current user by username
            current_user = service.users[current_username]
            
            # Ensure roles is a list
            roles = []
            if hasattr(current_user, 'roles') and current_user.roles:
                roles = list(current_user.roles)
            else:
                # Try to get from content
                if hasattr(current_user, 'content'):
                    roles = current_user.content.get("roles", [])
                else:
                    roles = current_user.get("roles", [])
                
                if roles is None:
                    roles = []
                elif isinstance(roles, str):
                    roles = [roles]
            
            # Determine how to access user properties
            if hasattr(current_user, 'content') and isinstance(current_user.content, dict):
                user_info = {
                    "username": current_user.name,
                    "real_name": current_user.content.get('realname', "N/A") or "N/A",
                    "email": current_user.content.get('email', "N/A") or "N/A",
                    "roles": roles,
                    "capabilities": current_user.content.get('capabilities', []) or [],
                    "default_app": current_user.content.get('defaultApp', "search") or "search",
                    "type": current_user.content.get('type', "user") or "user"
                }
            else:
                user_info = {
                    "username": current_user.name,
                    "real_name": current_user.get("realname", "N/A") or "N/A",
                    "email": current_user.get("email", "N/A") or "N/A",
                    "roles": roles,
                    "capabilities": current_user.get("capabilities", []) or [],
                    "default_app": current_user.get("defaultApp", "search") or "search",
                    "type": current_user.get("type", "user") or "user"
                }
            
            logger.info(f"✅ Successfully retrieved current user information: {current_user.name}")
            return user_info
            
        except KeyError:
            logger.error(f"❌ User not found: {current_username}")
            raise ValueError(f"User not found: {current_username}")
            
    except Exception as e:
        logger.error(f"❌ Error getting current user: {str(e)}")
        raise

splunk_mcp.py:455-455 (registration)
The @mcp.tool() decorator registers the current_user function as an MCP tool.
```
@mcp.tool()
```

splunk_mcp.py:298-332 (helper)

Helper function get_splunk_connection() used by current_user to establish connection to the Splunk service supporting both token and username/password authentication.

def get_splunk_connection() -> splunklib.client.Service:
    """
    Get a connection to the Splunk service.
    Supports both username/password and token-based authentication.
    If SPLUNK_TOKEN is set, it will be used for authentication and username/password will be ignored.
    Returns:
        splunklib.client.Service: Connected Splunk service
    """
    try:
        if SPLUNK_TOKEN:
            logger.debug(f"🔌 Connecting to Splunk at {SPLUNK_SCHEME}://{SPLUNK_HOST}:{SPLUNK_PORT} using token authentication")
            service = splunklib.client.connect(
                host=SPLUNK_HOST,
                port=SPLUNK_PORT,
                scheme=SPLUNK_SCHEME,
                verify=VERIFY_SSL,
                token=f"Bearer {SPLUNK_TOKEN}"
            )
        else:
            username = os.environ.get("SPLUNK_USERNAME", "admin")
            logger.debug(f"🔌 Connecting to Splunk at {SPLUNK_SCHEME}://{SPLUNK_HOST}:{SPLUNK_PORT} as {username}")
            service = splunklib.client.connect(
                host=SPLUNK_HOST,
                port=SPLUNK_PORT,
                username=username,
                password=SPLUNK_PASSWORD,
                scheme=SPLUNK_SCHEME,
                verify=VERIFY_SSL
            )
        logger.debug(f"✅ Connected to Splunk successfully")
        return service
    except Exception as e:
        logger.error(f"❌ Failed to connect to Splunk: {str(e)}")
        raise

Tool Definition Quality

A4.2/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It clearly describes what information is retrieved (e.g., basic info, roles, settings) and the return type, but lacks details on authentication requirements, error handling, or rate limits. This is adequate but has gaps for a tool with no annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and front-loaded, starting with the core purpose followed by bullet points for retrieved information and return details. Every sentence adds value without redundancy, making it efficient and easy to parse.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's low complexity (0 parameters, no output schema, no annotations), the description is largely complete, covering purpose, retrieved data, and return type. However, it could benefit from more behavioral context, such as authentication notes, to fully compensate for the lack of annotations.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0 parameters with 100% coverage, so no parameter documentation is needed. The description appropriately does not discuss parameters, focusing instead on the tool's function and output, which aligns with the schema's simplicity.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description explicitly states the verb 'Get' and resource 'information about the currently authenticated user,' making the purpose specific and clear. It distinguishes this tool from siblings like 'list_users' by focusing on the current authenticated user rather than listing all users.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context by specifying 'currently authenticated user,' suggesting it should be used when user-specific data is needed. However, it does not explicitly state when to use alternatives like 'list_users' or provide exclusions, leaving some ambiguity.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/livehybrid/splunk-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server