splunk-mcp

Execute a Splunk search query and return the results. Args: search_query: The search query to execute earliest_time: Start time for the search (default: 24 hours ago) latest_time: End time for the search (default: now) max_results: Maximum number of results to return (default: 100) Returns: List of search results

Get a list of all available Splunk indexes. Returns: Dictionary containing list of indexes

Get metadata for a specific Splunk index. Args: index_name: Name of the index to get metadata for Returns: Dictionary containing index metadata

List all saved searches in Splunk Returns: List of saved searches with their names, descriptions, and search queries

Get information about the currently authenticated user. This endpoint retrieves: - Basic user information (username, real name, email) - Assigned roles - Default app settings - User type Returns: Dict[str, Any]: Dictionary containing user information

List all KV store collections across apps. Returns: List of KV store collections with metadata including app, fields, and accelerated fields

Get a list of all indexes and their sourcetypes. This endpoint performs a search to gather: - All available indexes - All sourcetypes within each index - Event counts for each sourcetype - Time range information Returns: Dict[str, Any]: Dictionary containing: - indexes: List of all accessible indexes - sourcetypes: Dictionary mapping indexes to their sourcetypes - metadata: Additional information about the search

List all available MCP tools. Returns: List of all available tools with their name, description, and parameters.

Simple ping endpoint to check server availability and get basic server information. This endpoint provides a lightweight way to: - Verify the server is running and responsive - Get basic server information including version and server time - Check connectivity without making complex API calls Returns: Dict[str, Any]: Dictionary containing status and basic server information