Which integrations are available for this server?

Provides tools for querying logs and data using SPL, managing saved searches, listing dashboards and indexes, and monitoring Splunk instance health.

How do I use Splunk MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Splunk MCP Server search for failed login attempts in the last 24 hours" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

MCP Server Suite

A Model Context Protocol (MCP) server implementation built with FastMCP for simplified tool development.

Overview

This suite includes:

splunk_mcp.py: Splunk integration for querying logs and data (built with FastMCP)

FastMCP provides a cleaner, decorator-based API for building MCP servers compared to the lower-level MCP SDK.

Getting Started

Prerequisites

Python 3.8+
pip

Installation

pip install -r requirements.txt

Configuration

For the Splunk MCP server, copy and configure environment variables:

cp .env.example .env

Edit .env with your Splunk instance details:

SPLUNK_HOST=your-splunk-host.com
SPLUNK_PORT=8089
SPLUNK_USERNAME=your-username
SPLUNK_PASSWORD=your-password
SPLUNK_VERIFY_SSL=false  # Set to true in production

Alternatively, use an API token:

SPLUNK_API_TOKEN=your-api-token

Running

Splunk MCP Server:

python splunk_mcp.py

Features

Splunk MCP Server (splunk_mcp.py)

Built with FastMCP for clean, pythonic tool definitions.

Available tools:

search_splunk: Execute SPL queries with time range support
- Parameters: query (required), earliest_time, latest_time, max_results
list_saved_searches: List all saved searches in Splunk
run_saved_search: Run a saved search by name
- Parameters: search_name (required), max_results
list_dashboards: List all dashboards
list_indexes: List all indexes
splunk_health: Check Splunk instance health and version

FastMCP Benefits

The migration to FastMCP provides:

Cleaner Syntax: Use @mcp.tool() decorators instead of manual Tool definitions
Type Hints: Better IDE support and automatic parameter documentation
Less Boilerplate: No need for separate handler functions or tool routing logic
Simpler Returns: Return strings directly instead of TextContent objects
Automatic Validation: Parameter types and descriptions are inferred from function signatures

SPLUNK_HOST=localhost              # Splunk hostname or IP
SPLUNK_PORT=8089                   # Splunk management port
SPLUNK_USERNAME=admin              # Username
SPLUNK_PASSWORD=changeme           # Password
SPLUNK_VERIFY_SSL=false            # SSL verification (use true in production)
SPLUNK_API_TOKEN=your-token        # Alternative to username/password

Development

The servers use:

mcp - Anthropic's Model Context Protocol SDK
splunk-sdk - Official Splunk Python SDK
aiohttp - Async HTTP client
python-dotenv - Environment variable management

This server cannot be installed

-

security - not tested

F

license - not found

-

quality - not tested

How are these scores calculated?

Resources

Need Help?

Report Issue

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Splunk MCP Server