Connect Cursor to Splunk MCP Server

Learn how to connect the Cursor MCP client to a Splunk MCP Server using OAuth 2.1 Authorization Code flow. Users can authenticate through a secure browser flow, after which Cursor can discover and invoke MCP tools exposed by your Splunk stack.

This topic is for engineers and Splunk administrators who want to integrate Cursor's MCP client with a Splunk MCP server secured by OAuth 2.1.

The following steps are covered:

  • Create an OAuth client in Splunk

  • Register the Splunk MCP Server in Cursor

  • Restrict OAuth scopes to those supported

  • Attempt authentication and understand the known issue impacting the flow

Prerequisites

You must meet the following requirements before you can connect Cursor to a Splunk MCP Server:

  • You must be running Splunk version 10.3.2512.11 with the OAuth Clients feature enabled.

  • You must be running Splunk MCP Server version 1.2.1 or higher. Splunk MCP Server version 1.2.1 or lower is not compatible with Cursor OAuth.

  • You must be running the latest stable version of the Cursor app.

Access and environment requirements

  • Splunk administrator credentials are required to create and manage OAuth clients

  • A web browser for login and consent through OAuth

  • Network connectivity from Cursor to your Splunk MCP Server endpoint

Connect Cursor to Splunk MCP steps

Complete the following steps to connect Cursor to a Splunk MCP Server through OAuth version 2.1.

Step 1: Open Splunk OAuth client configuration

  1. Sign in to Splunk Web with your admin account.

  2. Navigate to Settings and then to Authentication methods.

  3. Open Splunk OAuth Clients (preview).
    Note: If Splunk OAuth Clients (preview) is not visible, your stack might not have the feature enabled. Contact your stack administrator.

Step 2: Create an OAuth client for Cursor

When creating the OAuth client, provide the following:

  • Client Name: A descriptive name such as cursor.

  • Redirect URIs: Cursor MCP uses the static redirect URL of cursor://anysphere.cursor-mcp/oauth/callback.

After creating the client, copy the Client ID and Client secret. The secret is shown only once. For Cursor's static redirect URL see https://cursor.com/docs/mcp#static-redirect-url.

Note: Ensure this exact value is registered in Splunk.

Step 3: Register the Splunk MCP Server in Cursor

Complete the following steps in the Cursor app:

  1. Open Settings, and then Tools and MCPs.

  2. Select New MCP Server.

  3. Provide the MCP server configuration as shown in the following example:
    JSON
    "splunk-mcp-server": {
      "url": "<MCP endpoint>",
      "auth": {
        "CLIENT_ID": "<Client ID>",
        "CLIENT_SECRET": "<Client Secret>",
        "scopes": ["openid", "offline_access"]
      }
    }
    At minimum, specify the MCP endpoint, Client ID, Client Secret, and restrict scopes to those supported by the MCP client.
    Note: Use the scopes openid and offline_access. Limiting scopes reduces surface area and aligns with common MCP client expectations.

Step 4: Authenticate in Cursor

Complete the following steps:

  1. From the MCPs list in Cursor, select your newly added Splunk MCP server.

  2. Cursor initiates the OAuth flow, opening your browser to the Splunk sign-in page.

  3. Sign in and approve access for the Cursor application.

  4. Cursor attempts to complete the Authorization Code flow using its static redirect URL.

Step 5: Validate the Splunk MCP Server connection

After the connection and authorization flow completes successfully, Cursor displays the Splunk MCP server as connected and users are able to view all tools exposed by the Splunk MCP server.

Validate using the following steps:

  1. Confirm the Splunk MCP server appears in Cursor's MCP server list.

  2. Open the server details and verify the available Splunk MCP tools are listed as shown in the following image:

  3. Run a simple tool invocation to confirm Cursor can communicate with the Splunk MCP server as shown in the following image:

Troubleshooting

See the following table for issues you might experience when connecting Cursor and the Splunk MCP Server:

For Cursor documentation on MCP see https://cursor.com/docs/mcp#static-redirect-url

Issue Resolution
Redirect mismatch Ensure the Splunk OAuth client redirect URI is exactly as follows: cursor://anysphere.cursor-mcp/oauth/callback
Scope mismatch Restrict to openid and offline_access in the Cursor MCP spec.
Certificate validation error

If the authentication fails certificate validation error, your system doesn't trust the server's SSL certificate. Export the SSL certificate from the Splunk server, add it to your OS trusted certificate store, mark it as trusted, then restart Cursor and retry authentication.

OAuth compatibility issue If Cursor cannot complete OAuth with the Splunk MCP Server app, verify that the Splunk MCP server app is version 1.2.1 or higher. Cursor is not compatible with OAuth for MCP server app versions lower than 1.2.1.