Connect Claude to Splunk MCP Server

The following example uses Claude code and the command line interface (CLI) to make the connection.

For more information on scope restriction in Claude Code, see the Claude Code MCP documentation at https://code.claude.com/docs/en/mcp.

  1. Register the Splunk MCP Server.

    1. Run the following command on your workstation. Replace the placeholders with the values from your administrator:

      CODE
      claude mcp add --transport http \ 
         --callback-port <callback-port> \ 
         --client-id <client-id> \ 
         --client-secret \ 
         splunk-mcp <mcp-endpoint>
    2. When prompted, paste the Client secret:

      1. The <callback-port> must exactly match the port in the Redirect URI your administrator configured in Splunk.

      2. The <client-id> is the Client ID from the Splunk OAuth client.

      3. The <mcp-endpoint> is the HTTP endpoint of the Splunk MCP Server.

  2. Restrict OAuth scopes. Open Claude Code's configuration file (~/.claude.json) and locate the splunk-mcp entry. Add a scopes field inside the OAuth block, set to openid offline_access:

    JSON
    "splunk-mcp": { 
       "type": "http", 
       "url": "<mcp-endpoint>", 
       "oauth": { 
         "clientId": "<client-id>", 
         "callbackPort": <callback-port>, 
         "scopes": "openid offline_access" 
       } 
    }
  3. Authenticate:

    1. Start Claude Code: claude

    2. From inside Claude Code run: /mcp

    3. Your browser opens to the Splunk sign-in page.

    4. Sign in with your Splunk credentials and approve access for the Claude Code application.

    5. The browser redirects to http://localhost:<callback-port>/callback and Claude Code completes authentication.

  4. Verify tools:

    1. Run /mcp again to confirm splunk-mcp is connected.

    2. Review the list of tools exposed by the Splunk MCP Server.

    3. Invoke any tool to validate end-to-end connectivity. For example, a read-only search tool.