Sold by: Splunk
AWS Free Tier
The official Splunk remote MCP server is built to help you unlock data potential in Splunk Cloud Platform with the AI and Agentic tools of your choice. Seamlessly integrate advanced analytics and intelligent automation to gain deeper insights, enhance operational efficiency, and drive informed decisions. Leverage a trusted, Splunk supported solution designed for optimal performance and unparalleled data utilization within your Splunk Cloud Platform environment. Rest assured, your data remains safe and secure, with robust controls honoring your existing Role Based Access Control (RBAC) policies. Maximize your data's impact with cutting edge AI and flexible agentic capabilities.
4.5
Overview
The digital landscape is rapidly evolving, bringing increased complexity and an explosion of data. Organizations face constant challenges in maintaining operational reliability, responding to threats, and ensuring efficiency. The Splunk Model Context Protocol (MCP) server in Splunk Cloud Platform is designed to revolutionize how you interact with your data. It empowers you to leverage the emerging AI agent ecosystem and assistive AI tools to significantly improve threat detection, incident response, operational reliability, and data platform efficiency, while reducing the complexity of managing modern environments.
Our robust, battle tested insights you rely on every day for security, observability, and operational insights are now accessible in a whole new way. The advantage of the ready-to-use cloud-hosted Splunk MCP server lies in its seamless integration. It connects effortlessly with any MCP compatible AI assistants, agents, and tools you choose to deploy. It acts as the ultimate translator, allowing diverse AI entities to connect to your Splunk data.
This open and flexible architecture empowers you to build sophisticated, automated workflows. With the Splunk MCP Server, AI agents and assistive tools can access a rich tapestry of skills, capabilities, and critical data, including telemetry, logs, and metrics, to identify threats, troubleshoot issues, and dramatically improve operational resilience. This means your AI is not just analyzing data, it is actively participating in your security and operations workflows. They can perform complex Splunk searches, discover data and knowledge objects, interact with KV stores, and many more tools and capabilities as the MCP server continues to evolve. The result is a significant reduction in manual tasks and a shift towards proactive, intelligent operations.
Highlights
- Splunk MCP server makes data insights accessible to everyone by connecting AI to Splunk Cloud Platform for natural language interactions.
- This Splunk cloud-hosted, MCP solution offers safe, hassle free integration, enabling you to leverage AI agents and assistive tools for enhanced threat detection, incident response, operational reliability, and efficiency.
- It honors your existing access controls, integrates with other tools in your ecosystem, and boosts productivity by automating repetitive tasks.
Details
Sold by
Categories
Delivery method
Integration protocol
Type
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
No refunds.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
API-Based Agents & Tools
API-Based Agents and Tools integrate through standard web protocols. Your applications can make API calls to access agent capabilities and receive responses.
Additional details
Usage instructions
To get started using the Splunk's Remote MCP server, follow the instructions below:
🧰 Available Tools This MCP server support the following tools and more:
- Execute an SPL search on Splunk
- Get information about Splunk deployment
- Get information about indexes
- Search knowledge objects, such as saved searches and dashboards
- Get a list of installed apps
📦 Prerequisites
- Splunk Administrator needs to perform the following steps on their deployment
- enable REST API access
- enable token authentication on the deployment.
- create a new role 'mcp_user', the new role does not need to have any capabilities.
- assign the role 'mcp_user' to any users on the deployment who are authorized to use the MCP server.
- create the token for the authorized users with audience as 'mcp' and set the appropriate expiration, if the user does not have the permission to create tokens themselves.
- Splunk User needs to perform the following steps on their device
- Install an MCP client, such as Claude.
- Install dependencies for the MCP client such as Node.js and npm
- Get an appropriate token from the Splunk Administrator or create one themselves, if they have the permission. The audience for the token must be 'mcp'.
🔑 Authentication Replace YOUR_TOKEN with your actual token below.
The MCP client will have the same privileges as the user that the token is associated with. Tokens are credentials, so you must closely guard them, and not share them with anyone who does not explicitly need access to Splunk platform services. Learn more at Set up authentication with tokens .
⚙️ Endpoint Replace <YOUR_SPLUNK_DEPLOYMENT_NAME> with the name of your Splunk deployment.
📚 Claude Desktop Edit the configuration file at:
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
- Windows: %APPDATA%\Claude\claude_desktop_config.json
Add the below code:
{ "mcpServers": { "splunk-mcp-server": { "command": "npx", "args": [ "-y", "mcp-remote", "https://<YOUR_SPLUNK_DEPLOYMENT_NAME>.api.scs.splunk.com/<YOUR_SPLUNK_DEPLOYMENT_NAME>/mcp/v1/", "--header", "Authorization: Bearer <YOUR_TOKEN>" ] } } }📘 Learn More
- �� Splunk's MCP Server Documentation: https://help.splunk.com/en/splunk-cloud-platform/mcp-server-for-splunk-platform/about-mcp-server-for-splunk-platform
- �� Access requirements and limitations for the Splunk Cloud Platform REST API: https://docs.splunk.com/Documentation/SplunkCloud/latest/RESTTUT/RESTandCloud
- �� Manage authentication tokens in Splunk Cloud Platform: https://help.splunk.com/en/splunk-cloud-platform/administer/manage-users-and-security/9.3.2411/authenticate-into-the-splunk-platform-with-tokens/manage-or-delete-authentication-tokens
- �� Create and manage roles with Splunk Web: https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/Addandeditroles
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Observe Inc. is redefining modern AI-powered observability at scale. The only company to offer a platform built on an open data lake with a proprietary Knowledge Graph and AI SRE, Observe enables users to troubleshoot faster at drastically lower cost.
The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS..
The Splunk Enterprise container image accelerates the speed at which organizations deploy Splunk Enterprise in AWS.
This is Splunk distribution of the OpenTelemetry Collector. It provides a unified way to receive, process, and export metric, trace, and log data for Splunk.
If you are looking for security and operational visibility across your AWS environment including applications, infrastructure and AWS services such as CloudTrail, Config, VPC Flow Logs, and more then Splunk Cloud is the right solution for you.
Customer reviews
IlkerAkyol
Unified alerts have strengthened our real-time security decisions and support ongoing compliance
Reviewed on Jan 12, 2026
Review provided by PeerSpot
What is our primary use case?
I have some experience with Splunk solutions as I worked in a cybersecurity company, an MSSP company, for about two years. Before that, I worked within global technology IT companies like British Telecom and other Telco companies. I sit on both sides of the table in both domains.
I have some experience, though not very deep, with some projects involving Splunk MCP Server SIEM solutions. During my last job with CFN Chemicals, I worked as an IT manager within a chemical manufacturing company where we used a SIEM solution with Splunk MCP Server .
Installation of Splunk MCP Server is generally acceptable, but depending on the service and overall experience, I received service from one of the MSSP companies that provided a Splunk MCP Server solution for us. Some customizations and alert configurations after the installation are more problematic. It is important to configure Splunk MCP Server according to the organization's requirements and structure, which is mostly not handled well in our region.
I mostly handle things myself using Splunk MCP Server portal and its documents or checking in a demo environment, which I believe is the best way. The MSSP company's response time is acceptable, but their overall experience and knowledge may not be as high as European MSSP companies, according to my experience.
The product has a significant impact on my real-time decision-making by providing automated messages and notifications for security issues proactively. These notifications are essential for us to check if there is an issue before a major incident, even if they can sometimes be false positives. Alerts from this perspective, even one or two times per year, are very valuable, so the product does its job well.
What is most valuable?
Splunk MCP Server is a standard SIEM solution.
Splunk MCP Server offers a huge opportunity to configure the solution according to organizational needs, but this is not easy for most companies. It is better to get support from external MSSP companies. As far as I can see, MSSP companies in Turkey are also not very capable, and this is the issue.
I learned that Splunk's capabilities in Machine Learning and AI are very powerful. I started to read and try to understand this part, but I have not had a chance to work with it in a real product, demo, or production environment.
I used the product from both MSSP companies and managed it mutually, so I had a chance to access the product. This is one of the powerful sides of Splunk MCP Server.
The product does provide benefits in terms of performance, but my team has not had the chance to learn and develop themselves. We cooperated with the MSSP company on this part, which has been acceptable.
Splunk MCP Server is one of the main functions of our security strategy and cyber defense strategy. It is crucial to configure it to get information, logs, and alerts from other infrastructure and security systems. If this integration part is not done properly, Splunk MCP Server cannot detect and alert us, which is a critical aspect. We need to develop ourselves, as my company and MSSPs need to advance their integration capabilities with customers.
What needs improvement?
There is definitely room for improvement in terms of customization and alert configuration.
For how long have I used the solution?
I have two to three years of experience with Splunk MCP Server.
How are customer service and support?
I rate the support as seven out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The last deployment of Splunk MCP Server occurred before I started at CFN Chemicals, so I do not know the exact timeline. However, the deployment, standard configuration, and installation are generally acceptable and do not take much time.
After that, the pre-configuration and final configuration according to organizational needs is the main and more difficult part.
What about the implementation team?
I used third-party services from an MSP company to deploy the product.
What's my experience with pricing, setup cost, and licensing?
Since we mostly use it on-premises, I am not fully aware of all licensing pricing information, but I can see that the price is very high.
I do not know if cloud license prices are more moderate or acceptable compared to on-premises licenses.
I believe that the on-premises license cost is higher than the cloud license cost; I could not confirm this, but this is one of the main reasons I believe Splunk MCP Server solution costs are very high for Turkish companies.
What other advice do I have?
I have very limited knowledge of solutions such as Splunk User Behavior Analytics , Splunk Attack Analyzer , Splunk SOAR , or Splunk AppDynamics . I have heard the names or features of these products, but I never had a chance to use them.
I started to work as a programmer or project engineer around 1998, or even 1996.
Since I am based in Turkey and we have strict regulations for the Telco domain and finance sector, we need to deploy SIEM solutions on-premises.
All these domains require an on-premises deployment of a SIEM solution.
There are different regulatory authorities in Turkey depending on sectors such as Telco, energy, and finance. A SIEM solution is almost mandatory in all these sectors, and Splunk MCP Server is one of the best to meet the regulatory requirements. The main hurdle is that you need to use an on-premises environment due to regulatory perspectives.
Considering the ongoing improvements with the cloud and especially Machine Learning and AI, I rate Splunk MCP Server between eight to nine, and it is closer to nine. I have given this product an overall rating of nine.