// SCAN REPORT

Splunk

12 tools. 0 can modify or destroy data without limits.

Read-only server. Low risk, but rate limits prevent runaway API costs.

Last updated: 11 Jun 2026

0 can modify or destroy data

12 read-only

12 tools total

Community server · catalogue entry verified 11/06/2026

How to control Splunk ↓

TOOL MAP

What Splunk exposes to your agents

Read (12) Write / Execute (0) Destructive / Financial (0)

Running more than one server? Check your whole stack →

THE RISK

What can go wrong

Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.

POLICY

How to control Splunk

PolicyLayer is an MCP gateway — it sits between your AI agents and Splunk, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations

{
  "current_user": {
    "limits": [
      {
        "counter": "current_user_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Splunk — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON SPLUNK →

Free to start. No card required.

FULL CATALOGUE

All 12 Splunk tools

READ 12 tools

Read current_user Get information about the currently authenticated user. This endpoint retrieves: - Basic user inf Read get_index_info Get metadata for a specific Splunk index. Args: index_name: Name of the index to get metadata Read get_indexes_and_sourcetypes Get a list of all indexes and their sourcetypes. This endpoint performs a search to gather: - All Read health Get basic Splunk connection information and list available apps (same as health_check but for endpoint consist Read health_check Get basic Splunk connection information and list available apps Read list_indexes Get a list of all available Splunk indexes. Returns: Dictionary containing list of indexes Read list_kvstore_collections List all KV store collections across apps. Returns: List of KV store collections with metadat Read list_saved_searches List all saved searches in Splunk Returns: List of saved searches with their names, descripti Read list_tools List all available MCP tools. Returns: List of all available tools with their name, descripti Read list_users List all Splunk users (requires admin privileges) Read ping Simple ping endpoint to check server availability and get basic server information. This endpoint pro Read search_splunk Execute a Splunk search query and return the results. Args: search_query: The search query to

FAQ

Questions about Splunk

Is the Splunk MCP server safe to use without restrictions? +

The Splunk server is primarily read-only with 12 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the Splunk MCP server expose? +

12 tools across 1 categories: Read. 12 are read-only. 0 can modify, create, or delete data.

How do I enforce a policy on Splunk? +

Register the Splunk MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Splunk tool call.

Deterministic rules across all 12 Splunk tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON SPLUNK →

Free to start. No card required.

12 Splunk tools catalogued and risk-classified — across an index of 43,000+ MCP servers.