Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk CLI for CI

Use the Splunk CLI for CI with headless JSON commands, schema discovery, credentials, and permission controls.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Splunk CLI for CI

Run integration calls from CI jobs with JSON output, explicit credentials, and predictable exit status.

Use this shape when a pipeline needs to read or update an external service. The Splunk CLI uses the same integration registry as the TUI, Lua runtime, and MCP gateway, but returns predictable command output for automation.

Command Shape

# Splunk CLI for CI
kosmokrator integrations:configure splunk --set access_token="$SPLUNK_ACCESS_TOKEN" --enable --read allow --write ask --json
kosmo integrations:call splunk.splunk_search '{"query":"example_query","earliest_time":"example_earliest_time","latest_time":"example_latest_time"}' --json

Discovery Before Execution

Agents and scripts can inspect Splunk docs and schemas before choosing a function.

kosmo integrations:docs splunk --json
kosmo integrations:docs splunk.splunk_search --json
kosmo integrations:schema splunk.splunk_search --json
kosmo integrations:search "Splunk" --json
kosmo integrations:list --json

Useful Splunk CLI Functions

Function	Type	Parameters	Description
`splunk.splunk_search`	Write	query, earliest_time, latest_time	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`splunk.splunk_get_search_results`	Read	sid, offset, count	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`splunk.splunk_list_indexes`	Read	none	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`splunk.splunk_list_saved_searches`	Read	none	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`splunk.splunk_get_index`	Read	name	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`splunk.splunk_get_current_user`	Read	none	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.

Automation Notes

Use --json for machine-readable output.
Keep credentials out of argv by using environment variables or stored KosmoKrator configuration.
Configure read/write policy before unattended runs; use --force only for trusted automation.
Use the MCP gateway instead when the agent needs dynamic tool discovery inside a conversation.

Related Splunk CLI Pages

Cron Jobs Splunk CLI for cron jobs. Shell Scripts Splunk CLI for shell scripts. Headless Automation Splunk CLI for headless automation. Coding Agents Splunk CLI for coding agents.