Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk CLI for Headless Automation

Use the Splunk CLI for headless automation with headless JSON commands, schema discovery, credentials, and permission controls.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Splunk CLI for Headless Automation

Use KosmoKrator as a non-interactive integration runtime for local automations and wrappers.

Use headless automation when another tool needs a stable local command surface. The Splunk CLI uses the same integration registry as the TUI, Lua runtime, and MCP gateway, but returns predictable command output for automation.

Command Shape

# Splunk CLI for Headless Automation
kosmokrator integrations:configure splunk --set access_token="$SPLUNK_ACCESS_TOKEN" --enable --read allow --write ask --json
kosmo integrations:call splunk.splunk_search '{"query":"example_query","earliest_time":"example_earliest_time","latest_time":"example_latest_time"}' --json

Discovery Before Execution

Agents and scripts can inspect Splunk docs and schemas before choosing a function.

kosmo integrations:docs splunk --json
kosmo integrations:docs splunk.splunk_search --json
kosmo integrations:schema splunk.splunk_search --json
kosmo integrations:search "Splunk" --json
kosmo integrations:list --json

Useful Splunk CLI Functions

Function	Type	Parameters	Description
`splunk.splunk_search`	Write	query, earliest_time, latest_time	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`splunk.splunk_get_search_results`	Read	sid, offset, count	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`splunk.splunk_list_indexes`	Read	none	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`splunk.splunk_list_saved_searches`	Read	none	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`splunk.splunk_get_index`	Read	name	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`splunk.splunk_get_current_user`	Read	none	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.

Automation Notes

Use --json for machine-readable output.
Keep credentials out of argv by using environment variables or stored KosmoKrator configuration.
Configure read/write policy before unattended runs; use --force only for trusted automation.
Use the MCP gateway instead when the agent needs dynamic tool discovery inside a conversation.

Related Splunk CLI Pages

CI Splunk CLI for CI. Cron Jobs Splunk CLI for cron jobs. Shell Scripts Splunk CLI for shell scripts. Coding Agents Splunk CLI for coding agents.