playbooks

home / mcp / splunk mcp server

Splunk MCP Server

This read-only MCP Server allows you to connect to Splunk data from Claude Desktop through CData JDBC Drivers. For full CRUD support, check out the first managed MCP platform: CData Connect AI (https://www.cdata.com/ai/).

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "cdatasoftware-splunk-mcp-server-by-cdata": {
      "command": "java",
      "args": [
        "-jar",
        "/PATH/TO/CDataMCP-jar-with-dependencies.jar",
        "/PATH/TO/splunk.prp"
      ]
    }
  }
}

This MCP server exposes live Splunk data through a simple, read-only MCP interface so you can ask natural language questions and retrieve up-to-date results without writing SQL. It connects to Splunk via the CData JDBC Driver and makes the data accessible to MCP clients like Claude Desktop.

How to use

You will run the local MCP server on your machine and connect an MCP client to it. Start the server with the prepared configuration file, then query the data using the client’s built-in MCP tools. You can ask questions such as What is the correlation between closed won opportunities and account industry? or How many open tickets do I have in the SUPPORT project?. The server exposes a small set of tools that let you list available tables and columns or execute read-only queries against Splunk data.

How to install

# Prerequisites
Java Runtime Environment (JRE) or JDK
Maven

# 1) Clone the project
git clone https://github.com/cdatasoftware/splunk-mcp-server-by-cdata.git
cd splunk-mcp-server-by-cdata

# 2) Build the server
mvn clean install
# This produces CDataMCP-jar-with-dependencies.jar

# 3) Download and install the CData JDBC Driver for Splunk
# Follow the installer and licensing steps from the official CData download page
# URL: https://www.cdata.com/drivers/splunk/download/jdbc

# 4) License the JDBC driver
# Windows example
# Navigate to the lib folder in the installation directory
# Run: java -jar cdata.jdbc.splunk.jar --license
# Enter name, email, and TRIAL (or your license key)

# 5) Configure your connection to Splunk
# Run the connection utility
java -jar cdata.jdbc.splunk.jar
# Configure the connection string and Test Connection
# If OAuth is used, authenticate in your browser
# Copy the connection string when prompted

# 6) Create the .prp file for the JDBC connection
# Example content (save as splunk.prp)
Prefix=splunk
ServerName=CDataSplunk
ServerVersion=1.0
DriverPath=PATH\TO\cdata.jdbc.splunk.jar
DriverClass=cdata.jdbc.splunk.SplunkDriver
JdbcUrl=jdbc:splunk:InitiateOAuth=GETANDREFRESH;
Tables=

# 7) You can now start the MCP server with the prp file (see the Running section)

Additional sections

Configuration notes, security considerations, and troubleshooting are covered in the following sections to help you get everything running smoothly and securely.

Available tools

splunk_get_tables

Retrieves a list of tables available in the data source. Output is CSV with column headers in the first line.

splunk_get_columns

Retrieves a list of columns for a specified table. Output is CSV with column headers in the first line.

splunk_run_query

Executes a SQL SELECT query against the configured Splunk data source.