npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

splunk-mcp

v0.4.1

Published

A Model Context Protocol server for interacting with Splunk Enterprise/Cloud

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

michelsmichels

Keywords

mcpsplunksignalfxmodel-context-protocol

Readme

Splunk MCP (Model Context Protocol) Server

A TypeScript-based Model Context Protocol server for interacting with Splunk Enterprise/Cloud. This tool provides a set of capabilities for searching Splunk data, managing KV stores, and accessing Splunk resources through the MCP protocol.

Features

  • Splunk Search: Execute Splunk searches with natural language queries
  • Index Management: List and inspect Splunk indexes
  • User Management: View and manage Splunk users
  • KV Store Operations: List and manage KV store collections
  • Async Support: Built with async/await patterns for better performance
  • Detailed Logging: Comprehensive logging with emoji indicators for better visibility
  • SSL Configuration: Flexible SSL verification options for different security requirements
  • TypeScript: Fully typed implementation for better developer experience

Available MCP Tools

The following tools are available via the MCP interface:

Tools Management

  • ping
    • Simple ping endpoint to verify MCP server is alive

Health Check

  • health_check / health
    • Returns a list of available Splunk apps to verify connectivity

User Management

  • current_user
    • Returns information about the currently authenticated user
  • list_users
    • Returns a list of all users and their roles

Index Management

  • list_indexes
    • Returns a list of all accessible Splunk indexes
  • get_index_info
    • Returns detailed information about a specific index
    • Parameters: index_name (string)
  • get_indexes_and_sourcetypes
    • Returns a comprehensive list of indexes and their sourcetypes

Search

  • search_splunk
    • Executes a Splunk search query
    • Parameters:
      • search_query (string): Splunk search string
      • earliest_time (string, optional): Start time for search window (default: -24h)
      • latest_time (string, optional): End time for search window (default: now)
      • max_results (integer, optional): Maximum number of results to return (default: 100)
  • list_saved_searches
    • Returns a list of saved searches in the Splunk instance

KV Store

  • list_kvstore_collections
    • Lists all KV store collections with metadata including app, fields, and accelerated fields

Usage with MCP Clients

Claude Desktop

Add the server to your Claude Desktop configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "splunk": {
      "command": "bunx",
      "args": ["splunk-mcp"],
      "env": {
        "SPLUNK_HOST": "your_splunk_host",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "your_username",
        "SPLUNK_PASSWORD": "your_password",
        "SPLUNK_SCHEME": "https",
        "VERIFY_SSL": "true"
      }
    }
  }
}

Or using npx:

{
  "mcpServers": {
    "splunk": {
      "command": "npx",
      "args": ["-y", "splunk-mcp"],
      "env": {
        "SPLUNK_HOST": "your_splunk_host",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "your_username",
        "SPLUNK_PASSWORD": "your_password",
        "SPLUNK_SCHEME": "https",
        "VERIFY_SSL": "true"
      }
    }
  }
}

Cline / Other MCP Clients

Configure the MCP server in your client's settings with the command:

bunx splunk-mcp

And provide the required environment variables through your client's configuration.

Example Queries

Once connected, you can use natural language to interact with Splunk:

  • "Search for errors in the last hour"
  • "List all available indexes"
  • "Show me the current user information"
  • "Get information about the 'main' index"
  • "List all saved searches"
  • "Show me all KV store collections"

Error Handling

The MCP implementation includes consistent error handling:

  • Invalid search commands or malformed requests
  • Insufficient permissions
  • Resource not found
  • Invalid input validation
  • Unexpected server errors
  • Connection issues with Splunk server

All error responses include a detailed message explaining the error.

Installation

Prerequisites

  • Node.js 18 or higher
  • Access to a Splunk Enterprise or Splunk Cloud instance

Using bunx (Recommended)

You can run the server directly using bunx without installation:

bunx splunk-mcp

Using npx

Alternatively, use npx:

npx splunk-mcp

Local Installation

  1. Clone the repository:

    git clone <repository-url>
cd splunk-mcp

  2. Install dependencies:

    npm install

  3. Build the project:

    npm run build

  4. Run the server:

    npm start

Development

For development with hot reload:

npm run dev

Configuration

Environment Variables

Create a .env file in the project root with the following variables:

SPLUNK_HOST=your_splunk_host
SPLUNK_PORT=8089
SPLUNK_USERNAME=your_username
SPLUNK_PASSWORD=your_password
SPLUNK_SCHEME=https
VERIFY_SSL=true

Alternatively, use token-based authentication:

SPLUNK_HOST=your_splunk_host
SPLUNK_PORT=8089
SPLUNK_TOKEN=your_auth_token
SPLUNK_SCHEME=https
VERIFY_SSL=true

Note: If SPLUNK_TOKEN is set, it will be used for authentication and username/password will be ignored.

SSL Configuration

The tool provides flexible SSL verification options:

  1. Default (Secure) Mode:

    VERIFY_SSL=true
    • Full SSL certificate verification
    • Hostname verification enabled
    • Recommended for production environments

  2. Relaxed Mode:

    VERIFY_SSL=false
    • SSL certificate verification disabled
    • Useful for testing or self-signed certificates

Development

Project Structure

splunk-mcp/
├── src/
│   ├── index.ts           # Main MCP server
│   ├── splunk-client.ts   # Splunk API client
│   └── types.ts           # TypeScript type definitions
├── dist/                  # Compiled JavaScript (generated)
├── package.json
├── tsconfig.json
└── README.md

Building

npm run build

Linting

npm run lint

Formatting

npm run format

Testing

npm test

Security Notes

  1. Environment Variables:

    • Never commit .env files to version control
    • Use .env.example as a template
    • Consider using secure credential storage for production

  2. SSL Verification:

    • VERIFY_SSL=true recommended for production
    • Can be disabled for development/testing with self-signed certificates
    • Configure through environment variables

  3. Authentication:

    • Supports both username/password and token-based authentication
    • Token authentication is preferred when available
    • Ensure credentials have appropriate permissions

License

Apache-2.0

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.