Splunk MCP connector
Splunk is a data platform for searching, monitoring, and analyzing machine-generated data through a REST API. The Splunk MCP connector allows AI agents to create and manage search jobs, retrieve search results, and work with saved searches across your Splunk environment. It also supports monitoring job status, canceling running searches, and updating search configurations.
Authentication type
- API Key - Requires a static API key to be configured before the agent can connect to the service.
Uses
Use the Splunk MCP connector to perform the following actions:
- Monitor application performance and identify system errors in real-time
- Search machine-generated data logs to investigate security incidents and anomalies
- Execute saved searches automatically to generate compliance and audit reports
- Track alert notifications when critical system thresholds are exceeded
- Manage user access and permissions across your Splunk instance
- Create custom searches to extract insights from operational data
- Automate alert responses when fired alerts trigger suspicious activity
Example prompts
Use the following example prompts to invoke Splunk MCP connector tools from your AI assistant or Boomi Connect workflow:
Show me all fired alerts from the last 24 hours in Splunk.Search Splunk for failed login attempts in the authentication logs.Create a saved search in Splunk that monitors CPU usage above 80 percent.List all active search jobs currently running in Splunk.Execute the daily performance report saved search in Splunk.Get the status of my search job in Splunk to see if results are ready.Add a new user account to Splunk with read-only permissions.Cancel the long-running search job that's consuming too many resources.Find all saved searches related to security events in Splunk.Retrieve the search results from my completed Splunk job.
Splunk MCP connector tools
The Splunk MCP connector provides the following tools. Each tool maps to a specific action you can invoke from your AI agent or automation.
| Tool | Description |
|---|---|
| createSearchJob | Initiates a new search query to process and retrieve data from Splunk. |
| listSearchJobs | Displays all active and completed search jobs with their current status. |
| getSearchJob | Retrieves the current status and progress information for a specific search job. |
| deleteSearchJob | Stops and removes a search job from the system. |
| getSearchResults | Fetches the results generated by a completed search job. |
| listSavedSearches | Displays all saved search queries available in the Splunk instance. |
| createSavedSearch | Saves a new search query for repeated use and scheduling. |
| getSavedSearch | Retrieves the configuration and details of a specific saved search. |
| updateSavedSearch | Modifies the settings and definition of an existing saved search. |
| deleteSavedSearch | Removes a saved search query from the system. |
| executeSavedSearch | Runs a previously saved search query and generates new results. |
| listUsers | Displays all user accounts configured in the Splunk instance. |
| createUser | Adds a new user account to the Splunk system. |
| getUser | Retrieves the account details and permissions for a specific user. |
| updateUser | Modifies the settings and permissions assigned to an existing user. |
| deleteUser | Removes a user account from the Splunk system. |
| getAlerts | Retrieves alerts that have been triggered based on search conditions. |
