Sold by: Splunk
The official Splunk remote MCP server is built to help you unlock data potential in Splunk Cloud Platform with the AI and Agentic tools of your choice. Seamlessly integrate advanced analytics and intelligent automation to gain deeper insights, enhance operational efficiency, and drive informed decisions. Leverage a trusted, Splunk supported solution designed for optimal performance and unparalleled data utilization within your Splunk Cloud Platform environment. Rest assured, your data remains safe and secure, with robust controls honoring your existing Role Based Access Control (RBAC) policies. Maximize your data's impact with cutting edge AI and flexible agentic capabilities.
Overview
The digital landscape is rapidly evolving, bringing increased complexity and an explosion of data. Organizations face constant challenges in maintaining operational reliability, responding to threats, and ensuring efficiency. The Splunk Model Context Protocol (MCP) server in Splunk Cloud Platform is designed to revolutionize how you interact with your data. It empowers you to leverage the emerging AI agent ecosystem and assistive AI tools to significantly improve threat detection, incident response, operational reliability, and data platform efficiency, while reducing the complexity of managing modern environments.
Our robust, battle tested insights you rely on every day for security, observability, and operational insights are now accessible in a whole new way. The advantage of the ready-to-use cloud-hosted Splunk MCP server lies in its seamless integration. It connects effortlessly with any MCP compatible AI assistants, agents, and tools you choose to deploy. It acts as the ultimate translator, allowing diverse AI entities to connect to your Splunk data.
This open and flexible architecture empowers you to build sophisticated, automated workflows. With the Splunk MCP Server, AI agents and assistive tools can access a rich tapestry of skills, capabilities, and critical data, including telemetry, logs, and metrics, to identify threats, troubleshoot issues, and dramatically improve operational resilience. This means your AI is not just analyzing data, it is actively participating in your security and operations workflows. They can perform complex Splunk searches, discover data and knowledge objects, interact with KV stores, and many more tools and capabilities as the MCP server continues to evolve. The result is a significant reduction in manual tasks and a shift towards proactive, intelligent operations.
Highlights
- Splunk MCP server makes data insights accessible to everyone by connecting AI to Splunk Cloud Platform for natural language interactions.
- This Splunk cloud-hosted, MCP solution offers safe, hassle free integration, enabling you to leverage AI agents and assistive tools for enhanced threat detection, incident response, operational reliability, and efficiency.
- It honors your existing access controls, integrates with other tools in your ecosystem, and boosts productivity by automating repetitive tasks.
Details
Sold by
Categories
Delivery method
Integration protocol
Type
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Splunk MCP Server | $0.00 |
Vendor refund policy
No refunds.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
API-Based Agents & Tools
API-Based Agents and Tools integrate through standard web protocols. Your applications can make API calls to access agent capabilities and receive responses.
Additional details
Usage instructions
To get started using the Splunk's Remote MCP server, follow the instructions below:
🧰 Available Tools This MCP server support the following tools and more:
- Execute an SPL search on Splunk
- Get information about Splunk deployment
- Get information about indexes
- Search knowledge objects, such as saved searches and dashboards
- Get a list of installed apps
📦 Prerequisites
- Splunk Administrator needs to perform the following steps on their deployment
- enable REST API access
- enable token authentication on the deployment.
- create a new role 'mcp_user', the new role does not need to have any capabilities.
- assign the role 'mcp_user' to any users on the deployment who are authorized to use the MCP server.
- create the token for the authorized users with audience as 'mcp' and set the appropriate expiration, if the user does not have the permission to create tokens themselves.
- Splunk User needs to perform the following steps on their device
- Install an MCP client, such as Claude.
- Install dependencies for the MCP client such as Node.js and npm
- Get an appropriate token from the Splunk Administrator or create one themselves, if they have the permission. The audience for the token must be 'mcp'.
🔑 Authentication Replace YOUR_TOKEN with your actual token below.
The MCP client will have the same privileges as the user that the token is associated with. Tokens are credentials, so you must closely guard them, and not share them with anyone who does not explicitly need access to Splunk platform services. Learn more at Set up authentication with tokens .
⚙️ Endpoint Replace <YOUR_SPLUNK_DEPLOYMENT_NAME> with the name of your Splunk deployment.
📚 Claude Desktop Edit the configuration file at:
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
- Windows: %APPDATA%\Claude\claude_desktop_config.json
Add the below code:
{ "mcpServers": { "splunk-mcp-server": { "command": "npx", "args": [ "-y", "mcp-remote", "https://<YOUR_SPLUNK_DEPLOYMENT_NAME>.api.scs.splunk.com/<YOUR_SPLUNK_DEPLOYMENT_NAME>/mcp/v1/", "--header", "Authorization: Bearer <YOUR_TOKEN>" ] } } }📘 Learn More
- �� Splunk's MCP Server Documentation: https://help.splunk.com/en/splunk-cloud-platform/mcp-server-for-splunk-platform/about-mcp-server-for-splunk-platform
- �� Access requirements and limitations for the Splunk Cloud Platform REST API: https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTTUT/RESTandCloud
- �� Manage authentication tokens in Splunk Cloud Platform: https://help.splunk.com/en/splunk-cloud-platform/administer/manage-users-and-security/9.3.2411/authenticate-into-the-splunk-platform-with-tokens/manage-or-delete-authentication-tokens
- �� Create and manage roles with Splunk Web: https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/Addandeditroles
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
The Observability Cloud
By Observe, Inc.
Observe Inc. is redefining modern AI-powered observability at scale. The only company to offer a platform built on an open data lake with a proprietary Knowledge Graph and AI SRE, Observe enables users to troubleshoot faster at drastically lower cost.
Splunk Enterprise
By Splunk
The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS..
Splunk Enterprise Docker Image
By Splunk
The Splunk Enterprise container image accelerates the speed at which organizations deploy Splunk Enterprise in AWS.
This is Splunk distribution of the OpenTelemetry Collector. It provides a unified way to receive, process, and export metric, trace, and log data for Splunk.
Splunk Cloud
By Splunk
If you are looking for security and operational visibility across your AWS environment including applications, infrastructure and AWS services such as CloudTrail, Config, VPC Flow Logs, and more then Splunk Cloud is the right solution for you.
Splunk Enterprise - Term License with Standard Success Plan - 50 GB/day, 12-month contract plan.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.