Can I use Splunk as a CLI?

Yes. KosmoKrator exposes a Splunk CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Splunk through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Splunk tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Splunk credentials stored?

Splunk credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Splunk MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

data

Splunk MCP, CLI, and Lua Integration for AI Agents

Splunk integration docs for AI agents: MCP gateway setup, Splunk CLI commands, Lua API reference, credentials, and function schemas.

Splunk for agents

Credentials can be configured manually in web or CLI hosts.

Use this integration from Lua code mode, the headless integrations CLI, or the KosmoKrator MCP gateway. The same package metadata powers all three surfaces.

Agent Surfaces

Splunk CLIHeadless setup, JSON output, direct function calls. Splunk MCPExpose selected tools to local MCP clients. Splunk LuaAgent-facing namespace and Lua reference. FeedbackReport missing tools, auth issues, or bad metadata.

Machine-Readable Metadata

integration_slug: splunk
route_slug: splunk
package: splunk
auth_strategy: bearer_token
cli_setup_supported: true
cli_runtime_supported: true
mcp_gateway_supported: true
lua_supported: true

Function Catalog

Function	Type	Parameters	Description
`splunk.splunk_search`	Write `write`	5	Run a Splunk search query (SPL). Creates an asynchronous search job and returns the search ID (SID). Use splunk_get_search_results to retrieve results once the job completes.
`splunk.splunk_export_search`	Read `read`	4	Run a Splunk export search and return the parsed or raw response.
`splunk.splunk_list_search_jobs`	Read `read`	3	List Splunk search jobs with pagination and optional server-side filtering.
`splunk.splunk_get_search_job`	Read `read`	1	Get status and metadata for a Splunk search job by SID.
`splunk.splunk_delete_search_job`	Write `write`	1	Cancel or delete a Splunk search job by SID.
`splunk.splunk_get_search_results`	Read `read`	3	Retrieve results from a completed Splunk search job. Pass the search ID (SID) returned by splunk_search. Supports pagination with offset and count parameters.
`splunk.splunk_get_search_events`	Read `read`	3	Retrieve event rows from a completed Splunk search job.
`splunk.splunk_get_search_log`	Read `read`	1	Retrieve the search.log text for a Splunk search job.
`splunk.splunk_list_indexes`	Read `read`	2	List all Splunk indexes available to the authenticated user. Returns index names, sizes, event counts, and retention settings.
`splunk.splunk_get_index`	Read `read`	1	Get details for a specific Splunk index by name. Returns configuration, size, event count, and retention policy.
`splunk.splunk_create_index`	Write `write`	2	Create a Splunk index with optional index settings.
`splunk.splunk_update_index`	Write `write`	2	Update Splunk index configuration parameters.
`splunk.splunk_delete_index`	Write `write`	1	Delete a Splunk index by name.
`splunk.splunk_list_saved_searches`	Read `read`	3	List all saved searches configured in Splunk. Returns search names, queries, schedules, and alert settings.
`splunk.splunk_get_saved_search`	Read `read`	1	Get a Splunk saved search by name.
`splunk.splunk_create_saved_search`	Write `write`	3	Create a Splunk saved search with optional schedule or alert settings.
`splunk.splunk_update_saved_search`	Write `write`	2	Update a Splunk saved search by name.
`splunk.splunk_delete_saved_search`	Write `write`	1	Delete a Splunk saved search by name.
`splunk.splunk_dispatch_saved_search`	Write `write`	2	Dispatch a saved search and return the generated search job.
`splunk.splunk_list_apps`	Read `read`	2	List installed Splunk apps.
`splunk.splunk_get_app`	Read `read`	1	Get an installed Splunk app by name.
`splunk.splunk_list_users`	Read `read`	2	List Splunk users visible to the authenticated token.
`splunk.splunk_get_user`	Read `read`	1	Get a Splunk user by username.
`splunk.splunk_get_current_user`	Read `read`	0	Get the current authenticated Splunk user context. Returns username, roles, capabilities, and tenant information.
`splunk.splunk_get_server_info`	Read `read`	0	Get Splunk server version, build, and platform information.
`splunk.splunk_api_get`	Read `read`	2	Call a safe relative Splunk services path with GET.
`splunk.splunk_api_post`	Write `write`	3	Call a safe relative Splunk services path with POST form parameters.
`splunk.splunk_api_delete`	Write `write`	2	Call a safe relative Splunk services path with DELETE.