splunk -by-cdata

This MCP server exposes Splunk data through CData's JDBC-based integration, curating Splunk as a relational-like data source that LLMs can query via the MCP interface. It is configured to be read-only, enabling natural language questions to retrieve live information from Splunk without requiring SQL from the user. Tools exposed by the server include split-like utilities to list available tables and columns and to run SQL-like queries against Splunk data, enabling retrieval of data such as counts, statuses, or records from configured sources. To use it, start the MCP server with the provided Java command and point Claude Desktop or your preferred MCP client at the resulting server entry in your client config (claude_desktop_config.json or equivalent).

Once running, you can ask the AI to fetch data such as the list of available tables, the columns within a table, or run a query to retrieve specific records. The server will present tool names in the form {servername}_get_tables, {servername}_get_columns, and {servername}_run_query, where {servername} is the configured name in your config (e.g., splunk_by_cdata). For example, you can request a listing of tables or a sample query like a SELECT from a table, and the client will handle translating natural language questions into the appropriate tool invocations.

Prerequisites:

• Java (required to run the MCP server via the provided JAR)
• Maven (to build the MCP server from source; optional if you already have the built JAR)
• CData JDBC Driver for Splunk installed and licensed on the host machine

Installation steps:

1. Clone the repository and navigate into it: git clone https://github.com/cdatasoftware/splunk-mcp-server-by-cdata.git cd splunk-mcp-server-by-cdata

2. Build the MCP server JAR (required if you are starting from source): mvn clean install This will produce CDataMCP-jar-with-dependencies.jar in the target directory.

3. Install and license the CData JDBC Driver for Splunk:

   • Download the driver from: https://www.cdata.com/drivers/splunk/download/jdbc
   • Run the license utility located in the lib folder of the installation, for example: java -jar cdata.jdbc.splunk.jar --license
   • Follow prompts to enter your name, email, and a license key or TRIAL.

4. Configure a .prp file for the JDBC connection (example splunk.prp) with your connection details: Prefix=splunk ServerName=CDataSplunk ServerVersion=1.0 DriverPath=PATH/TO/cdata.jdbc.splunk.jar DriverClass=cdata.jdbc.splunk.SplunkDriver JdbcUrl=jdbc:splunk:InitiateOAuth=GETANDREFRESH; Tables=

5. Run the MCP server: java -jar /PATH/TO/CDataMCP-jar-with-dependencies.jar /PATH/TO/Salesforce.prp Note: The server uses stdio and is intended for local use with clients running on the same machine.

6. Add the server to your MCP client configuration (e.g., Claude Desktop) under mcpServers with the appropriate command and arguments to point to the jar and splunk.prp file.

Tips and considerations:

• The MCP server is read-only by design for local deployments; if you need write/update/delete capabilities, use the fuller MCP server configuration described in the related CData MCP Server for Splunk documentation.
• The server runs via STDIO, so the client that connects must reside on the same machine.
• Ensure your Splunk JDBC connection string (JdbcUrl) is valid and tested using the CData Connection String utility before creating the .prp file.
• If Claude Desktop or your client does not immediately display the MCP server, fully quit and restart the client, then re-load the MCP configuration.
• The provided tools expose data in a CSV-friendly format for tables and columns, and SQL queries via splunk_run_query; use the corresponding get_tables or get_columns to discover schema before running queries.
• If OAuth or additional authentication is required for Splunk, complete the authentication flow during the connection string setup and ensure the resulting credentials are preserved in the prp file.