Configure Splunk Observability tools with Splunk MCP Server

You can use a new endpoint through the MCP Gateway which allows MCP clients to access Splunk Observability (o11y) tools alongside or independently of Splunk platform tools.

Requirements and guidelines

Review the following requirements and guidelines on setting up and using the new endpoint:

  • You must be using MCP Server version 1.0.0 or higher. The Splunk MCP Server app is available on Splunkbase.

    • This is not required if you are a Splunk Observability (o11y) customer and you do not use Splunk platform.

  • The MCP Gateway is only available for Splunk Cloud customers in select regions. See the Supported Regions section.

  • MCP clients including IDEs such as VS Code and Cursor, LLM chatbots such as Claude and ChatGPT, and custom applications, connect to the MCP Gateway using tokens and headers.

    • If you are using both Splunk and o11y, ensure you use the correct tokens and set of headers.

Note: The exact client configuration can differ depending on the MCP client and operating system. Your MCP client might have additional dependencies, such as Node.js and mcp-remote, that are not owned by Splunk.

Using the MCP Gateway endpoint

The following scenarios are described in more detail in subsequent sections:

Scenario Description Action required
Scenario 1: Splunk tools only You want Splunk tools only , no Splunk Observability (o11y). No action required. Continue using your existing MCP app and endpoint.
Scenario 2: Splunk and o11y tools You are an existing Splunk MCP customer and want both Splunk and o11y tools. Migrate to the new MCP Gateway endpoint.
Scenario 3: o11y tools only You want o11y tools only, no Splunk platform. Connect to the MCP Gateway endpoint with o11y tokens only.

Scenario 1: Splunk tools only

If you are an existing Splunk MCP customer who does not need Splunk Observability (o11y) tools you can continue using the Splunk MCP Server app and configuration as described in Connecting to the MCP Server and settings. No action is required if you already have a connection setup.

Scenario 2: Splunk and o11y tools

Follow this scenario if you are an existing Splunk MCP customers who also wants to access Splunk Observability (o11y) tools.

Existing Splunk customers using the MCP app must shift to the new MCP Gateway endpoint. The Splunk MCP app itself remains the same only the endpoint and required headers change.

New endpoint

The new MCP Gateway endpoint is as follows:

https://<SCS_Region>.api.scs.splunk.com/system/mcp-gateway/v1/

The <SCS_Region> must correspond to the o11y realm your organization uses. Refer to the Supported regions table in the last section of this document.

Required headers

See the following table for the required header information:
Header Value Description
Authorization Bearer <JWT_TOKEN> Your encrypted Splunk token (generated via the MCP app as described in the base documentation).
splunk_tenant <SPLUNK_TENANT_NAME> Your Splunk tenant name. Contact your Splunk administrator if you do not know this value.
X-SF-TOKEN <SIGNALFX_ACCESS_TOKEN> Your Splunk Observability (SignalFx) access token.
X-SF-REALM <O11Y_REALM> Your o11y realm. For example us1, eu0, mon0.

Sample client configuration

See the following JSON example of a client configuration:
JSON 
"mcpServers": { 
    "splunk-mcp-server": { 
      "command": "npx", 
      "args": [ 
        "-y", 
        "mcp-remote", 
        "https://<SCS_Region>.api.scs.splunk.com/system/mcp-gateway/v1/", 
        "--header", 
        "Authorization: Bearer <JWT_TOKEN>", 
        "--header", 
        "splunk_tenant: <SPLUNK_TENANT_NAME>", 
        "--header", 
        "X-SF-TOKEN: <SIGNALFX_ACCESS_TOKEN>", 
        "--header", 
        "X-SF-REALM: <O11Y_REALM>" 
      ] 
    } 
  } 
}

Migration steps

Complete the following steps:

  1. Identify your o11y realm and the corresponding SCS region from the Supported regions table in the last section of this document.

  2. Obtain your SignalFx access token and Splunk tenant name.

  3. Ensure you have a valid encrypted Splunk token. You can create one using the MCP app as needed. See Step 1 in the documentation.

  4. Update your MCP client configuration to point to the new MCP Gateway endpoint.

  5. Add the required headers including Authorization, splunk_tenant, X-SF-TOKEN, and X-SF-REALM to your client configuration.

  6. Test the connection to verify that both Splunk and o11y tools are accessible.

  7. Decommission any old endpoint configurations if no longer needed.

Scenario 3: o11y tools only

Follow this scenario if you use Splunk Observability (o11y) but do not use the Splunk platform.

You can connect to the MCP Gateway endpoint and only pass the o11y tokens. No Splunk authorization token or tenant header is required.

Endpoint

Use the following endpoint:

https://<SCS_Region>.api.scs.splunk.com/system/mcp-gateway/v1/

The <SCS_Region> must correspond to the o11y realm your organization uses. Refer to the Supported regions table in the last section of this document.

Required headers

See the following table for the required header information:
Header Value Description
X-SF-TOKEN <SIGNALFX_ACCESS_TOKEN> Your Splunk Observability (SignalFx) access token.
X-SF-REALM <O11Y_REALM> Your o11y realm. For example us1, eu0, mon0.

Sample client configuration

See the following JSON example of a client configuration:
JSON 
"mcpServers": { 
    "splunk-mcp-server": { 
      "command": "npx", 
      "args": [ 
        "-y", 
        "mcp-remote", 
        "https://<SCS_Region>.api.scs.splunk.com/system/mcp-gateway/v1/", 
        "--header", 
        "X-SF-TOKEN: <SIGNALFX_ACCESS_TOKEN>", 
        "--header", 
        "X-SF-REALM: <O11Y_REALM>" 
      ] 
    } 
  }

Setup steps

Complete the following steps:

  1. Identify your o11y realm and the corresponding SCS region from the Supported regions table in the last section of this document.

  2. Obtain your SignalFx access token.

  3. Configure your MCP client with the MCP Gateway endpoint and the two required headers.

  4. Test the connection to verify that o11y tools are accessible.

Supported regions

The MCP Gateway is available in the following regions. Use the SCS Region value to construct your endpoint URL, and ensure the region corresponds to the o11y realm your organization uses.

O11y realm AWS region Physical location MCP Gateway region Example MCP Gateway URL
EU0 eu-west-1 Ireland dub10

https://region-dub10.api.scs.splunk.com/system/mcp-gateway/v1/
EU1 eu-central-1 Frankfurt fra10

https://region-fra10.api.scs.splunk.com/system/mcp-gateway/v1/
EU2 eu-west-2 London lon10

https://region-lon10.api.scs.splunk.com/system/mcp-gateway/v1/
US0 us-east-1 N. Virginia iad10

https://region-iad10.api.scs.splunk.com/system/mcp-gateway/v1/
US1 us-west-2 Oregon pdx10

https://region-pdx10.api.scs.splunk.com/system/mcp-gateway/v1/
US3 us-west-2 Oregon pdx10

https://region-pdx10.api.scs.splunk.com/system/mcp-gateway/v1/
JP0 ap-northeast-1 Tokyo tyo10

https://region-tyo10.api.scs.splunk.com/system/mcp-gateway/v1/
AU0 ap-southeast-2 Sydney syd10

https://region-syd10.api.scs.splunk.com/system/mcp-gateway/v1/
SG0 ap-southeast-1 Singapore sin10

https://region-sin10.api.scs.splunk.com/system/mcp-gateway/v1/

Placeholder reference

Replace the <SCS_Region> placeholder in your endpoint URL with the full SCS Region value from the table above (e.g., dub10 for Ireland, pdx10 for Oregon).

Alternatively, use the example URL format shown (e.g., region-dub10, region-pdx10).

Placeholder Value
<SCS_Region> The SCS region corresponding to your o11y realm. See the Supported regions table in the previous section.
<JWT_TOKEN> Your encrypted Splunk token, generated through the Splunk MCP Server app.
<SPLUNK_TENANT_NAME> Your Splunk tenant name.
<SIGNALFX_ACCESS_TOKEN> Your Splunk Observability (SignalFx) access token.
<O11Y_REALM> Your o11y realm . For example us1, eu0, mon0.