Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk MCP, CLI, and Lua Integration for AI Agents

Splunk integration docs for AI agents: MCP gateway setup, Splunk CLI commands, Lua API reference, credentials, and function schemas.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Splunk for agents

Credentials can be configured manually in web or CLI hosts.

Use this integration from Lua code mode, the headless integrations CLI, or the KosmoKrator MCP gateway. The same package metadata powers all three surfaces.

Machine-Readable Metadata

integration_slug: splunk
route_slug: splunk
package: splunk
auth_strategy: bearer_token Bearer token
cli_setup_supported: true
cli_runtime_supported: true
mcp_gateway_supported: true
lua_supported: true
supports_multi_account: true

Quick Links

Lua APIAgent-facing namespace and function reference. Splunk CLIHeadless setup and direct function calls. Splunk MCPMCP gateway setup for external clients. Submit feedbackReport missing tools, auth problems, wrong docs, or runtime issues. ContributeAdd tools or improve metadata in the integrations repo.

Splunk MCP Client Matrix

Use these pages when a specific agent client or framework needs copy-pasteable MCP setup for Splunk.

Claude Code Splunk MCP setup for Claude Code. Cursor Splunk MCP setup for Cursor. Codex Splunk MCP setup for Codex. OpenAI Agents Splunk MCP setup for OpenAI Agents SDK. Claude Agent SDK Splunk MCP setup for Claude Agent SDK. Vercel AI SDK Splunk MCP setup for Vercel AI SDK. LangChain Splunk MCP setup for LangChain. LangGraph Splunk MCP setup for LangGraph. CrewAI Splunk MCP setup for CrewAI. MCP clients Splunk MCP setup for Generic MCP Clients.

Splunk CLI Matrix

Use these pages for direct Splunk CLI workflows in scripts, CI, cron, and agent wrappers.

CI Splunk CLI for CI. Cron Jobs Splunk CLI for cron jobs. Shell Scripts Splunk CLI for shell scripts. Headless Automation Splunk CLI for headless automation. Coding Agents Splunk CLI for coding agents.

Function Catalog

Function	Type	Parameters	Description
`splunk.splunk_search`	Write `write`	3	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`splunk.splunk_get_search_results`	Read `read`	3	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`splunk.splunk_list_indexes`	Read `read`	0	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`splunk.splunk_list_saved_searches`	Read `read`	0	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`splunk.splunk_get_index`	Read `read`	1	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`splunk.splunk_get_current_user`	Read `read`	0	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.