Agents run searches to surface suspicious activity, read-only.
Security and observability
Splunk MCP server
Give AI agents governed access to the Splunk MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
What is the Splunk MCP server?
The Splunk MCP server is an open Model Context Protocol (MCP) server that connects AI agents to Splunk searches, indexes, and alerts. Through it an agent can run searches, read events, and inspect alerts without bespoke integration code, while the Averta MCP Gateway keeps every action scoped and audited.
splunk-run-search
Run an SPL search query.
splunk-search-events
Search events with filters.
splunk-list-indexes
List indexes and their sizes.
splunk-list-alerts
List alerts and their states.
splunk-get-alert
Read an alert's configuration.
splunk-list-dashboards
List dashboards and panels.
splunk-get-metrics
Read metrics over a window.
splunk-list-sources
List data sources and types.
splunk-get-saved-search
Read a saved search definition.
splunk-list-incidents
List incidents and notable events.
Why the Averta MCP Gateway
Centralized governance
Unified authentication, audit logging, and rate control for every Splunk MCP connection.
Observability and control
Real-time visibility into usage, anomalies, and SLA compliance across every request.
One-click deployment
Enable the Splunk MCP server for your AI teams through one governed gateway, with no manual setup.
Enterprise hardening
High availability, security, and compliance alignment turn MCP from a developer utility into production-grade infrastructure.
OAuth and SSO enforcement
Enterprise authentication and SSO applied automatically to every Splunk endpoint.
Shared and per-user auth
Configure service accounts or per-user access, with secrets protected and centralized revocation.
One managed endpoint
Connect agents to Splunk through a single governed endpoint instead of locally run servers, improving your security posture.
Granular tool access control
Allow only the tools each role needs. Enable read-only access and block write tools like create and delete.
Works with every major AI platform
ChatGPT
Gemini
Mistral
Claude Code
Cursor
Windsurf
Cognition
OpenCode
Continue
Manus
Hermes
Lindy
OpenClaw
Your ownBuilt for enterprise teams.
Cloud, private VPC, embedded SDK, or gateway integration. Run Averta where your data, policies, and auditors need it.
Cloud (SaaS)
Fully managed by Averta. Fastest path to production, no infrastructure to run.
Private / VPC
Deploy in your own environment, so data never leaves your boundary.
Embedded SDK & Proxy
Drop Averta into your stack at the SDK or proxy layer, wherever your agents run.
Gateway Integration
Route agent traffic through the gateway, so policy and audit apply at the edge.
Splunk MCP use cases
Where teams put the Splunk MCP server to work, governed end to end through the Averta MCP Gateway.
Splunk MCP · Threat huntingFind failed logins in the last hour by source.
YouGrouped failed logins by source.
- Running the SPL search
- Grouping by source
All actions logged and governed
Powering safe AI execution at leading teams.
Cyfrin secures its production AI agents with Averta.
Book a demo“Averta gave our agents enforceable boundaries for the dev environment, so instructions like ‘don’t read .env files’ became policy instead of polite suggestions.”
Mikhail Karan
Head of Engineering
Explore other MCP servers
Browse all
ServiceNow MCP server
IT service management
Give AI agents governed access to the ServiceNow MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
Zendesk MCP server
Customer support
Give AI agents governed access to the Zendesk MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
Azure MCP server
Cloud infrastructure
Give AI agents governed access to the Azure MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
Notion MCP server
Productivity
Give AI agents governed access to the Notion MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
GitHub MCP server
Developer tools
Give AI agents governed access to the GitHub MCP server through one audited gateway. Scoped repo permissions, full observability, and tamper-evident logs on every tool call.
Linear MCP server
Project management
Give AI agents governed access to the Linear MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
Supabase MCP server
Database
Give AI agents governed access to the Supabase MCP server through one audited gateway. Scoped permissions, full observability, and tamper-evident logs on every tool call.
Splunk MCP server, answered
Security and setup questions teams ask before connecting the Splunk MCP server to AI agents.
Yes. The Averta MCP Gateway sits between your AI agents and any MCP server, giving each agent scoped, per-agent permissions, applying allow, escalate, or block policies on every tool call, and recording a tamper-evident audit of every action. The “Why the Averta MCP Gateway” section on this page covers what it enforces.
It is as safe as the controls around it. The server can run searches across security data through one token, so scoping and auditing are essential. The Averta MCP Gateway keeps reads automatic and changes behind approval, with every call recorded.
Yes. Tool-level policy lets searches and reads run automatically while alert and dashboard changes escalate for approval, all recorded.
Route agents through Averta's MCP Gateway for scoped per-agent permissions, tool-level policy, and tamper-evident audit across every Splunk action.
Yes. Splunk provides MCP access to its platform. Routing it through the Averta MCP Gateway gives each agent scoped, read-first search access with a tamper-evident audit trail.
See Averta OS in action
Book a demo and see how Averta OS secures your AI agents from input to execution.
Book a demo