Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

monitoring

Splunk MCP Gateway for AI Agents

Expose Splunk tools to Claude Code, Cursor, Codex, and other MCP clients through the local KosmoKrator MCP gateway.

6 functions 5 read 1 write Bearer token auth

Submit Splunk feedback View package source

Splunk MCP Gateway

Expose Splunk to MCP clients with `kosmokrator mcp:serve --integration=splunk`.

If the client has never used KosmoKrator before, install it first, then register this integration as a stdio MCP server. The gateway exposes only the selected integration in the example below.

curl -fsSL https://raw.githubusercontent.com/OpenCompanyApp/kosmokrator/main/install.sh | bash

kosmokrator mcp:gateway:install --integration=splunk --write=deny --json

{
  "mcpServers": {
    "kosmokrator-splunk": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=splunk",
        "--write=deny"
      ]
    }
  }
}

Serve Manually

kosmokrator mcp:serve --integration=splunk --write=deny

MCP Tool Names

KosmoKrator exposes integration tools through the gateway with stable names:

MCP tool	Source function	Type
`integration__splunk__splunk_search`	`splunk.splunk_search`	Write `write`
`integration__splunk__splunk_get_search_results`	`splunk.splunk_get_search_results`	Read `read`
`integration__splunk__splunk_list_indexes`	`splunk.splunk_list_indexes`	Read `read`
`integration__splunk__splunk_list_saved_searches`	`splunk.splunk_list_saved_searches`	Read `read`
`integration__splunk__splunk_get_index`	`splunk.splunk_get_index`	Read `read`
`integration__splunk__splunk_get_current_user`	`splunk.splunk_get_current_user`	Read `read`

Write Access

Start with --write=deny for read-only MCP clients. Use --write=ask or --write=allow only when the client and workspace are trusted.