Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk MCP Integration for LangGraph

Connect Splunk to LangGraph through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Connect Splunk to LangGraph

Run KosmoKrator integration calls from LangGraph nodes while preserving local credentials and permissions.

Use a graph node that calls the KosmoKrator CLI for deterministic steps or an MCP client for dynamic tool selection. The gateway is local, scoped to this integration, and starts with --write=deny so LangGraph can inspect read-capable tools without receiving write access by default.

Splunk MCP Config for LangGraph

Headless CLI calls fit repeatable graph edges; MCP fits exploratory agent nodes.

{
  "mcpServers": {
    "kosmokrator-splunk": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=splunk",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=splunk --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only Splunk instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

Splunk Tools Visible to LangGraph

LangGraph sees stable MCP tool names generated from the Splunk integration catalog.

MCP tool	Source function	Type	Description
`integration__splunk__splunk_search`	`splunk.splunk_search`	Write	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`integration__splunk__splunk_get_search_results`	`splunk.splunk_get_search_results`	Read	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`integration__splunk__splunk_list_indexes`	`splunk.splunk_list_indexes`	Read	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`integration__splunk__splunk_list_saved_searches`	`splunk.splunk_list_saved_searches`	Read	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`integration__splunk__splunk_get_index`	`splunk.splunk_get_index`	Read	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`integration__splunk__splunk_get_current_user`	`splunk.splunk_get_current_user`	Read	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.

Related Splunk Pages

Splunk CLIUse direct JSON commands instead of MCP discovery. Splunk MCPFull gateway reference and MCP tool names. KosmoKrator for LangGraphClient-level gateway setup.