Connect Cursor to Splunk MCP Server
Learn how to connect the Cursor MCP client to a Splunk MCP Server using OAuth 2.1 Authorization Code flow. Users can authenticate through a secure browser flow, after which Cursor can discover and invoke MCP tools exposed by your Splunk stack.
This topic is for engineers and Splunk administrators who want to integrate Cursor's MCP client with a Splunk MCP server secured by OAuth 2.1.
The following steps are covered:
-
Create an OAuth client in Splunk
-
Register the Splunk MCP Server in Cursor
-
Restrict OAuth scopes to those supported
-
Attempt authentication and understand the known issue impacting the flow
Prerequisites
You must meet the following requirements before you can connect Cursor to a Splunk MCP Server:
-
You must be running Splunk version 10.3.2512.11 with the OAuth Clients feature enabled.
-
You must be running Splunk MCP Server version 1.2.1 or higher. Splunk MCP Server version 1.2.1 or lower is not compatible with Cursor OAuth.
-
You must be running the latest stable version of the Cursor app.
Access and environment requirements
-
Splunk administrator credentials are required to create and manage OAuth clients
-
A web browser for login and consent through OAuth
-
Network connectivity from Cursor to your Splunk MCP Server endpoint
Connect Cursor to Splunk MCP steps
Complete the following steps to connect Cursor to a Splunk MCP Server through OAuth version 2.1.
Step 1: Open Splunk OAuth client configuration
-
Sign in to Splunk Web with your admin account.
-
Navigate to Settings and then to Authentication methods.
-
Open Splunk OAuth Clients (preview).Note: If Splunk OAuth Clients (preview) is not visible, your stack might not have the feature enabled. Contact your stack administrator.
Step 2: Create an OAuth client for Cursor
When creating the OAuth client, provide the following:
-
Client Name: A descriptive name such as
cursor. -
Redirect URIs: Cursor MCP uses the static redirect URL of
cursor://anysphere.cursor-mcp/oauth/callback.
After creating the client, copy the Client ID and Client secret. The secret is shown only once. For Cursor's static redirect URL see https://cursor.com/docs/mcp#static-redirect-url.
Step 3: Register the Splunk MCP Server in Cursor
Complete the following steps in the Cursor app:
-
Open Settings, and then Tools and MCPs.
-
Select New MCP Server.
-
Provide the MCP server configuration as shown in the following example:At minimum, specify the MCP endpoint, Client ID, Client Secret, and restrict scopes to those supported by the MCP client.JSON
"splunk-mcp-server": { "url": "<MCP endpoint>", "auth": { "CLIENT_ID": "<Client ID>", "CLIENT_SECRET": "<Client Secret>", "scopes": ["openid", "offline_access"] } }Note: Use the scopesopenidandoffline_access. Limiting scopes reduces surface area and aligns with common MCP client expectations.
Step 4: Authenticate in Cursor
Complete the following steps:
-
From the MCPs list in Cursor, select your newly added Splunk MCP server.
-
Cursor initiates the OAuth flow, opening your browser to the Splunk sign-in page.
-
Sign in and approve access for the Cursor application.
-
Cursor attempts to complete the Authorization Code flow using its static redirect URL.
Step 5: Validate the Splunk MCP Server connection
After the connection and authorization flow completes successfully, Cursor displays the Splunk MCP server as connected and users are able to view all tools exposed by the Splunk MCP server.
Validate using the following steps:
-
Confirm the Splunk MCP server appears in Cursor's MCP server list.
-
Open the server details and verify the available Splunk MCP tools are listed as shown in the following image:
-
Run a simple tool invocation to confirm Cursor can communicate with the Splunk MCP server as shown in the following image:
Troubleshooting
See the following table for issues you might experience when connecting Cursor and the Splunk MCP Server:
For Cursor documentation on MCP see https://cursor.com/docs/mcp#static-redirect-url
| Issue | Resolution |
|---|---|
| Redirect mismatch | Ensure the Splunk OAuth client redirect URI is exactly as follows: cursor://anysphere.cursor-mcp/oauth/callback |
| Scope mismatch | Restrict to openid and offline_access in the Cursor MCP spec. |
| Certificate validation error |
If the authentication fails certificate validation error, your system doesn't trust the server's SSL certificate. Export the SSL certificate from the Splunk server, add it to your OS trusted certificate store, mark it as trusted, then restart Cursor and retry authentication. |
| OAuth compatibility issue | If Cursor cannot complete OAuth with the Splunk MCP Server app, verify that the Splunk MCP server app is version 1.2.1 or higher. Cursor is not compatible with OAuth for MCP server app versions lower than 1.2.1. |