mcp-server-splunk
The Splunk MCP Server is a Go-based implementation that integrates with Splunk to provide a set of tools for managing Splunk alerts, saved searches, and other resources using the MCP protocol. It supports both STDIO and SSE modes for interaction and can be seamlessly integrated with Cursor.
MCP Server for Splunk
A Go implementation of the MCP server for Splunk, supporting STDIO and SSE (Server-Sent Events HTTP API). The server uses the github.com/mark3labs/mcp-go SDK and implements various tools like listing Splunk saved searches, alerts, fired alerts, indexes, and macros with configurable parameters for pagination and filtering. It integrates with Cursor, allowing STDIO or SSE server integration to include remote data into LLM context. Installation can be done via local Docker build or Smithery.
MCP Tools Implemented
- List Splunk Saved Searches
- List Splunk Alerts
- List Splunk Fired Alerts
- List Splunk Indexes
- List Splunk Macros
MCP Prompts and Resources
- Implements prompts to find Splunk alerts and uses multiple MCP tools for comprehensive analysis.
Usage
STDIO Mode
Configuration and commands to list available tools and call specific tools.
SSE Mode
Instructions to start the server and maintain sessions for tool operations.
Installation
- Hosting on Smithery through Dockerfile and smithery.yaml.
Local Docker Build and Run
Instructions for building and running the server using Docker.
Cursor Integration
Configure MCP settings in Cursor to include remote data directly into the LLM context with sample prompts provided.