Beta feature: MCP Server rate limiting

Version 1.1.0 of the MCP Server includes the beta feature of rate limiting. The MCP Server is accessed by multiple agents and both the MCP app and Splunk instance share critical resources. Rate limiting requests to the Splunk MCP server helps ensure app performance and security.

Note: You must be using MCP Server version 1.1 to try this beta feature. Rate limiting is only visible and configurable by your Splunk instance administrator.

Preview disclaimer

Beta features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this Beta feature available at its sole discretion and may discontinue it at any time. Use of Beta features is subject to the Splunk Pre-Release Agreement for Hosted Services.

Support and feedback for MCP Server rate limiting beta

If you require support for the MCP Server rate limiting beta, or you want to provide feedback, do so through the Splunk Voice of the Customer (VOC) portal. See Rate Limiting for MCP 1.1.0.

How rate limiting works

The Splunk admin can set both a global rate limit and a per-tool rate limit. Once a limit is exceeded, every additional request is dropped by the start of the next window. By default, no rate limits are set.

The beta offering of rate limiting operates as follows:

Note: Rate limit counting only happens per node. It is not replicated across the stack.
Function Description
Fixed Window Counter This approach divides time into fixed intervals. For example 1-minute windows starting at 9:00, 9:01, and so on. This approach limits the number of requests within each interval.
Note: The counter resets at the beginning of each new window
Global rate limit Enforces a limit per MCP server tool/call. This means it sums all tool execution calls and applies the total against the global limit.

Both global and per tool rate limits share the per minute time window, after which the counter must be reset.
Per-tool rate limit Allows the admin to set individual limits for each tool. For example, Tool_A can allow 1,000 requests per minute, while Tool_B can allow 100 requests per minute.

Both global and per tool rate limits share the per minute time window, after which the counter must be reset.

Configure rate limiting

You can configure both the global and per-tool rate limits through the Splunk MCP Server app user interface.

Configuration requirements

  • Rate limiting is only visible and configurable by your Splunk instance administrator.

  • The administrator account must have the mcp_tool_admin capability to make changes.

Global rate limit

The global limit is configurable from the main screen of the Splunk MCP Server.

The following image shows the Global rate limit section. Select Edit to make changes:

The following image shows the Set global rate limit window. If you change the rate limit value, select Save to save those changes:

Note: The value must be a positive integer.

Per-tool rate limit

You can view and change tool rate limits from the Tools tab of the MCP Server app. Open the expanded view for any of the listed tools and use the Edit option to change the limit.

The following image shows an example expanded tool view:

Note: The value must be a positive integer.
CAUTION: If the global rate limit is lower than the per-tool rate limit, a warning icon displays at the row level with a description of the misconfiguration.