MCP Hub
Back to servers

Splunk MCP Server

Enables users to interact with Splunk instances to execute SPL queries, manage saved searches, and monitor system health. It provides a clean interface for listing dashboards, indexes, and logs through the Model Context Protocol.

glama
Updated
Mar 9, 2026
View Source
Claim this server

MCP Server Suite

A Model Context Protocol (MCP) server implementation built with FastMCP for simplified tool development.

Overview

This suite includes:

  • splunk_mcp.py: Splunk integration for querying logs and data (built with FastMCP)

FastMCP provides a cleaner, decorator-based API for building MCP servers compared to the lower-level MCP SDK.

Getting Started

Prerequisites

  • Python 3.8+
  • pip

Installation

pip install -r requirements.txt

Configuration

For the Splunk MCP server, copy and configure environment variables:

cp .env.example .env

Edit .env with your Splunk instance details:

SPLUNK_HOST=your-splunk-host.com
SPLUNK_PORT=8089
SPLUNK_USERNAME=your-username
SPLUNK_PASSWORD=your-password
SPLUNK_VERIFY_SSL=false  # Set to true in production

Alternatively, use an API token:

SPLUNK_API_TOKEN=your-api-token

Running

Splunk MCP Server:

python splunk_mcp.py

Features

Splunk MCP Server (splunk_mcp.py)

Built with FastMCP for clean, pythonic tool definitions.

Available tools:

  • search_splunk: Execute SPL queries with time range support
    • Parameters: query (required), earliest_time, latest_time, max_results
  • list_saved_searches: List all saved searches in Splunk
  • run_saved_search: Run a saved search by name
    • Parameters: search_name (required), max_results
  • list_dashboards: List all dashboards
  • list_indexes: List all indexes
  • splunk_health: Check Splunk instance health and version

FastMCP Benefits

The migration to FastMCP provides:

  • Cleaner Syntax: Use @mcp.tool() decorators instead of manual Tool definitions
  • Type Hints: Better IDE support and automatic parameter documentation
  • Less Boilerplate: No need for separate handler functions or tool routing logic
  • Simpler Returns: Return strings directly instead of TextContent objects
  • Automatic Validation: Parameter types and descriptions are inferred from function signatures
SPLUNK_HOST=localhost              # Splunk hostname or IP
SPLUNK_PORT=8089                   # Splunk management port
SPLUNK_USERNAME=admin              # Username
SPLUNK_PASSWORD=changeme           # Password
SPLUNK_VERIFY_SSL=false            # SSL verification (use true in production)
SPLUNK_API_TOKEN=your-token        # Alternative to username/password

Development

The servers use:

  • mcp - Anthropic's Model Context Protocol SDK
  • splunk-sdk - Official Splunk Python SDK
  • aiohttp - Async HTTP client
  • python-dotenv - Environment variable management

Reviews

No reviews yet

Sign in to write a review