Configure the Splunk MCP Server
Follow these steps to set up the Splunk MCP Server for your deployment.
Follow these steps to set up the Splunk MCP Server for your deployment.
Prerequisites
Enable API access and token authentication:
-
Splunk Cloud Platform: Enable REST API access for your Splunk platform deployment. For more information, see the Accessing the Splunk Cloud Platform REST API topic.
-
All deployments: Enable token authentication for all Splunk platform instance deployments. For more information, see Enable token authentication for a Splunk platform instance.
Step 1: Download and install the Splunk MCP Server app from Splunkbase.
For Splunk Cloud Platform, see Install an add-on on your Splunk Cloud Deployment. For Splunk Enterprise, follow standard app installation procedures. Important: You may be prompted to restart your Splunk deployment for the new capabilities to become available.
Step 2: Configure Role-Based Access
This product adds two new capabilities for access control:
| Capability | Description |
|---|---|
|
CODE
|
Grants users access to use the MCP server tools. |
|
CODE
|
Grants administrative access for tool management and token creation. |
Add the mcp_tool_execute capability to any roles (new or existing) that should have access to MCP server functionality. Additionally, they must be able to access the APIs.
Step 3: (Optional) Install Splunk AI Assistant for SPL
To enable AI tools such as generate_spl, explain_spl, optimize_spl & ask_splunk_question be available in the MCP server, Splunk AI Assistant for SPL must be installed. Read more at Install and use Splunk AI Assistant for SPL.