Overview
Go implementation of an MCP server for Splunk. It supports STDIO and SSE (Server-Sent Events HTTP API) transports and leverages the github.com/mark3labs/mcp-go SDK. The server exposes five Splunk-related MCP tools: list_splunk_saved_searches, list_splunk_alerts, list_splunk_fired_alerts, list_splunk_indexes, and list_splunk_macros, each with parameters for pagination, filtering, and sensible defaults. Tools can be invoked via STDIO or SSE; usage examples show listing tools and calling a specific tool. The project includes MCP Prompts and Resources: internal/splunk/prompt.go implements an MCP Prompt to locate Splunk alerts for a keyword and instructs Cursor to use multiple MCP tools to review alerts, indexes, and macros to provide the best answer. There is also an MCP Resource implemented as a local CSV-based context for Splunk content. The README also describes deployment options (Smithery, Docker) and Cursor integration for embedding remote data into LLM contexts.
Features
list_splunk_saved_searches
Lists saved Splunk searches with pagination and a maximum of 100 results.
list_splunk_alerts
Lists Splunk alerts with pagination, optional title filtering, and default values for count and offset.
list_splunk_fired_alerts
Lists fired Splunk alerts with pagination and optional filters (ss_name, earliest).
list_splunk_indexes
Lists Splunk indexes with pagination.
list_splunk_macros
Lists Splunk macros with pagination.
STDIO mode support
Default transport: STDIO for local usage and integration.
SSE mode support
Server-Sent Events HTTP API transport for streaming interactions.
Cursor integration and prompts
MCP prompts and Cursor integration to review Splunk data (alerts/indexes/macros) for comprehensive answers.
Who Is This For?
- Developers:Invoke MCP tools to access Splunk data within ML workflows.
- Splunk users:List and review saved searches, alerts, indexes, and macros via MCP.
- Cursor users:Integrate Splunk data into Cursor prompts and chat workflows.
