Configure and connect

Perform the following tasks to allow Splunk’s MCP server to connect to your Splunk software deployment.

Enable API access and token authentication

Enable REST API access for your Splunk Cloud Platform deployment.

Enable REST API access for your Splunk Cloud Platform deployment. See Access requirements and limitations for the Splunk Cloud Platform REST API.
Enable token authentication. See Enable token authentication for a Splunk platform instance.

Configure role based access to the MCP server

Configure role based access for the MCP server for Splunk Platform.

The administrator must configure role based access to the MCP server for Splunk Platform.

Create a new role named mcp_user. This role does not require any capabilities.
Assign the mcp_user role to the users that are authorized to use the MCP server functionality.

Create an authentication token to use with the MCP server

Generate a new token to use when authenticating to the MCP server.

Generate a new token to use when authenticating to the MCP server. Tokens are credentials, so you must closely guard them and not share them with anyone who does not explicitly need access to Splunk platform services. Each user provides their unique authentication token to a trusted MCP client.

Generate a new authentication token. In the token generation workflow set the audience field to mcp. See Create authentication tokens. If the audience is not set to mcp, your MCP client will not be able to connect the MCP server.
Set the appropriate expiration if the user does not have the permission to create their own token.

Documentation

Configure and connect

Enable API access and token authentication

Configure role based access to the MCP server

Create an authentication token to use with the MCP server