splunk
Proof of Concept Splunk MCP server plus file MCP Server
claude mcp add --transport stdio rsfl-splunk-mcp-server node splunk-server.js \ --env SPLUNK_AUTH="<your_splunk_auth_token_or_credentials>" \ --env SPLUNK_HOST="<splunk_host_or_ip>" \ --env SPLUNK_PORT="<splunk_port_if_needed>" \ --env CLAUDE_CONFIG_PATH="C:\Users\<user>\AppData\Roaming\Claude\claude_desktop_config.json"
How to use
This MCP server provides an interface to interact with Splunk through the MCP framework and a filesystem-based MCP server. Once Claude Desktop reads the config file, the Splunk MCP server is started automatically and exposes capabilities to query Splunk indexes, run SPL queries, and retrieve or index data via the MCP API. You can ask Claude about available MCP servers, get information on Splunk indexes, and request execution of SPL queries. The server relies on the Splunk SDK to communicate with your Splunk instance, so ensure your Splunk host, port, and authentication details are correctly configured in the environment variables. Remember that Windows paths should escape backslashes or use forward slashes when editing JSON or config files.
How to install
Prerequisites:
- Node.js and npm installed
- Claude Desktop installed
- Access to a Splunk instance and valid credentials
Installation steps:
- Create a directory to store MCP files
- Initialize a Node.js project and install dependencies:
cd path\to\mcp-folder
npm init -y
npm install
npm install @modelcontextprotocol/server-filesystem
npm install @modelcontextprotocol/sdk
npm install splunk-sdk
- Download the required files for the MCP server:
- splunk-server.js (MCP server code)
- claude_desktop_config.json (Claude Desktop configuration)
- packages.json (npm dependencies list)
- Place claude_desktop_config.json at:
C:\Users\<your_user>\AppData\Roaming\Claude
- Modify the directories in the desktop config and set Splunk authentication information in the environment variables or config as needed.
- Restart Claude Desktop so changes take effect (you may close and reopen via Task Manager on Windows).
- Start the MCP server by allowing Claude Desktop to read the config; MCP servers are started automatically when Claude reads the config.
Operational tips:
- To check running MCP servers, ask Claude about MCP servers in operation.
- Ensure Windows paths use double backslashes (\) or forward slashes (/).
- Review MCP logs at the path shown in the README to diagnose issues.
Additional notes
Notes and tips:
- This is a PoC implementation; security considerations should be reviewed before production use.
- Ensure Splunk access credentials and host information are kept secure; do not commit sensitive data to public repos.
- MCP servers are started by Claude Desktop when it loads your config; they do not start independently.
- Logs for MCP activity are located at: C:\Users<user>\AppData\Roaming\Claude\logs
- If you modify config files, you may need to restart Claude Desktop for changes to take effect.
- Paths in Windows require escaping (e.g., C:\Users\user).
Related MCP Servers
zen
Selfhosted notes app. Single golang binary, notes stored as markdown within SQLite, full-text search, very low resource usage
MCP -Deepseek_R1
A Model Context Protocol (MCP) server implementation connecting Claude Desktop with DeepSeek's language models (R1/V3)
mcp-fhir
A Model Context Protocol implementation for FHIR
mcp
Inkdrop Model Context Protocol Server
mcp-appium-gestures
This is a Model Context Protocol (MCP) server providing resources and tools for Appium mobile gestures using Actions API..
dubco -npm
The (Unofficial) dubco-mcp-server enables AI assistants to manage Dub.co short links via the Model Context Protocol. It provides three MCP tools: create_link for generating new short URLs, update_link for modifying existing links, and delete_link for removing short links.
