Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk MCP Integration for OpenAI Agents SDK

Connect Splunk to OpenAI Agents SDK through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Connect Splunk to OpenAI Agents SDK

Attach KosmoKrator integration tools to OpenAI Agents SDK workflows through a local MCP gateway.

Start the KosmoKrator MCP gateway locally and point the OpenAI Agents SDK MCP tool at that process or wrapper. The gateway is local, scoped to this integration, and starts with --write=deny so OpenAI Agents can inspect read-capable tools without receiving write access by default.

Splunk MCP Config for OpenAI Agents SDK

Use headless JSON commands for CI-style execution and MCP for agent tool discovery.

{
  "mcpServers": {
    "kosmokrator-splunk": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=splunk",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=splunk --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only Splunk instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

Splunk Tools Visible to OpenAI Agents

OpenAI Agents sees stable MCP tool names generated from the Splunk integration catalog.

MCP tool	Source function	Type	Description
`integration__splunk__splunk_search`	`splunk.splunk_search`	Write	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`integration__splunk__splunk_get_search_results`	`splunk.splunk_get_search_results`	Read	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`integration__splunk__splunk_list_indexes`	`splunk.splunk_list_indexes`	Read	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`integration__splunk__splunk_list_saved_searches`	`splunk.splunk_list_saved_searches`	Read	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`integration__splunk__splunk_get_index`	`splunk.splunk_get_index`	Read	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`integration__splunk__splunk_get_current_user`	`splunk.splunk_get_current_user`	Read	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.

Related Splunk Pages

Splunk CLIUse direct JSON commands instead of MCP discovery. Splunk MCPFull gateway reference and MCP tool names. KosmoKrator for OpenAI AgentsClient-level gateway setup.