About MCP Server for Splunk platform

Splunk's Model Context Protocol (MCP) server provides a standardized, secure, and scalable interface to connect AI assistants, agents, and other intelligent systems with data in the Splunk platform.

The Model Context Protocol (MCP) is an open standard and framework that enables seamless, secure, and standardized two-way communication between AI applications like large language models and external data sources or tools. It acts as a universal adapter, allowing AI systems to access, execute, and integrate functionalities from diverse systems through a common protocol, simplifying data sharing and tool interoperability without custom coding for each integration.

Splunk's Model Context Protocol (MCP) server leverages this protocol to provide a standardized, secure, and scalable interface to connect AI assistants, agents, and other intelligent systems with data in the Splunk platform.

Release Status: General Availability (GA)

As of version 1.0.0, the Splunk MCP Server is GA. While the server infrastructure is GA, specific tools or capabilities within the server may be released in preview or beta status.

Note:

Deprecation of Legacy Cloud Endpoint

With the release of version 1.0.0, the legacy "On-Cloud" (SCS) hosting method and endpoint are deprecated.

  • Existing Users: The legacy endpoint will continue to function to allow for migration, but it will no longer receive updates. Users are strongly encouraged to migrate to the Splunk MCP Server App immediately.

Key features

  • Universal Connectivity: Enables AI agents and tools to securely access Splunk data resources via a streamable HTTP protocol.

  • Enterprise-grade Authentication and Authorization: Built-in authentication, authorization, and Role-Based Access Control (RBAC).

  • Rapid Deployment: Eliminates time spent on custom integration, offering a ready-to-use solution.

  • Granular tool management: Administrators can enable or disable specific tools at a global level to control what capabilities are exposed to clients.

  • Tool Namespacing: Tools are namespaced based on their source to prevent conflicts and ensure clarity (e.g., Core Splunk platform tools are prefixed with splunk_, while Splunk AI Assistant tools are prefixed with saia_).

  • Encrypted Token Security: Utilizes public key encryption for tokens, ensuring credentials cannot be reused outside of the MCP context.

  • Core Capabilities:

    • Explore Data: Discover relevant knowledge objects like saved searches and lookups.

    • Run Searches: Execute SPL searches directly within the Splunk platform.

    • AI Integration: If the Splunk AI Assistant for SPL is installed, access tools such as saia_generate_spl, saia_explain_spl, and saia_ask_splunk_question.