The Model Content Protocol (MCP) is an open standard and framework that enables seamless, secure, and standardized two-way communication between AI applications like large language models and external data sources or tools. It acts as a universal adapter, allowing AI systems to access, execute, and integrate functionalities from diverse systems through a common protocol, simplifying data sharing and tool interoperability without custom coding for each integration.

Splunk's Model Context Protocol (MCP) server leverages this to provide a standardized, secure, and scalable interface to connect AI assistants, agents, and other intelligent systems with data in the Splunk platform for both Enterprise and Cloud customers.

• On-Cloud MCP server: Deployed on Splunk Cloud, this is available to Splunk Cloud Platform in AWS regions as of July 2025.

• On-Deployment MCP server: This is available to Splunk Enterprise and Splunk Cloud customers in AWS, Azure, and GCP regions through the application in Splunk base as beta as of August 2025.

Both deployment options are for the remote server, which means that they are hosted centrally in one location for your deployment, allowing connection from many clients running in different environments

Key features

• Universal Connectivity: Enables AI agents and tools to securely access Splunk data resources.

• Enterprise Security: Built-in authentication, authorization, and Role-Based Access Control (RBAC).

• Rapid Deployment: Eliminates time spent on custom integration, offering a ready-to-use solution.

• Core Capabilities:

  • Explore the data

  • Discover relevant knowledge objects like saved searches and lookups

  • Run searches in Splunk