Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk MCP Integration for Codex

Connect Splunk to Codex through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Connect Splunk to Codex

Use KosmoKrator as a local MCP proxy for Codex so coding sessions can reach selected integrations with explicit write policy.

Register kosmo mcp:serve as a local stdio server and choose the integration allowlist. The gateway is local, scoped to this integration, and starts with --write=deny so Codex can inspect read-capable tools without receiving write access by default.

Splunk MCP Config for Codex

Keep write access denied or ask-based unless the workspace is trusted.

{
  "mcpServers": {
    "kosmokrator-splunk": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=splunk",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=splunk --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only Splunk instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

Splunk Tools Visible to Codex

Codex sees stable MCP tool names generated from the Splunk integration catalog.

MCP tool	Source function	Type	Description
`integration__splunk__splunk_search`	`splunk.splunk_search`	Write	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`integration__splunk__splunk_get_search_results`	`splunk.splunk_get_search_results`	Read	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`integration__splunk__splunk_list_indexes`	`splunk.splunk_list_indexes`	Read	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`integration__splunk__splunk_list_saved_searches`	`splunk.splunk_list_saved_searches`	Read	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`integration__splunk__splunk_get_index`	`splunk.splunk_get_index`	Read	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`integration__splunk__splunk_get_current_user`	`splunk.splunk_get_current_user`	Read	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.

Related Splunk Pages

Splunk CLIUse direct JSON commands instead of MCP discovery. Splunk MCPFull gateway reference and MCP tool names. KosmoKrator for CodexClient-level gateway setup.