Connects Claude or Cursor to Splunk Enterprise and Cloud instances through FastMCP. Runs in three modes: SSE for web clients, STDIO for Claude Desktop, or RESTful API. You get search execution with time windows and result limits, index and sourcetype enumeration, saved search access, and KV store CRUD operations. Also handles user management and role inspection. Built with async support and includes SSL configuration options for different security setups. If you're already querying Splunk through SPL and want to let an LLM construct and execute those searches conversationally, or need to automate KV store operations through natural language, this gives you the tooling without building your own Splunk SDK wrapper.
claude mcp add --transport stdio livehybrid-splunk-mcp uvx splunk-mcp