Unlocking AI-Driven Operations with Splunk MCP Server on Azure Marketplace

Splunk has officially launched its Model Context Protocol (MCP) server on the Azure Marketplace, expanding its availability into Azure and enabling seamless integration with AI agents and assistive tools in Microsoft Azure environments. This milestone brings Splunk’s powerful operational and security insights closer to organizations leveraging Azure for cloud-native workloads.

What Is the Splunk MCP Server?

The Splunk MCP server is a cloud-hosted service that acts as a universal adapter between AI systems and Splunk data. It enables secure, standardized two-way communication between AI agents and the Splunk Cloud Platform, allowing natural language interfaces and intelligent automation to interact directly with telemetry, logs, metrics, and knowledge objects.

By abstracting the complexity of custom integrations, the MCP server empowers AI tools to execute SPL searches, retrieve system metadata, interact with KV stores, and access saved searches, dashboards, and other knowledge objects. This unlocks a new paradigm of intelligent operations where AI agents actively participate in threat detection, incident response, and performance optimization.

Why Azure Matters

With the MCP server now available on Azure Marketplace, Splunk customers operating in Microsoft’s cloud ecosystem can deploy the server natively within their Azure-based Splunk Cloud Platform environments. This provides:

• Cloud-native integration with Azure-hosted workloads and services
• Streamlined deployment via Marketplace listing, eliminating manual setup
• Enterprise-grade security through token-based authentication and role-based access control
• Operational efficiency by enabling AI-driven automation across Splunk data sources

This release complements the existing AWS availability and ensures parity for customers who prefer Azure as their strategic cloud platform.

Key Capabilities

The MCP server supports a growing set of tools and capabilities, including:

• Operational Insights: Agents can run searches, retrieve index metadata, and access system information using tools like run_splunk_query, get_indexes, and get_splunk_info.
• Natural Language Interfaces: AI agents can generate, explain, and optimize SPL queries using tools like generate_spl, explain_spl, and optimize_spl. You also can you Splunk AI Assistant to generate SPL (see this this blog post for more details).
• Security and Access Management: Role-based access via the mcp_user role ensures secure and scoped usage.
• Knowledge Object Discovery: AI tools can retrieve saved searches, alerts, lookups, macros, and other objects using get_knowledge_objects.

Deployment Options on Azure

Splunk offers two deployment models for the MCP server:

1. On-Cloud MCP Server

• Hosted by Splunk in Azure regions
• Requires no app installation
• Access managed via roles
• Ideal for Splunk Cloud Platform customers

2. On-Deployment MCP Server

• Requires installation of the Splunk MCP Server app from Splunkbase
• Available to Splunk Enterprise and Cloud customers in Azure
• Access managed via capabilities (mcp_tool_execute)
• Offers more control over updates and configuration

Both models support remote access, allowing AI clients to connect from any environment using standard HTTP protocols.

Getting Started

To begin using the MCP server on Azure:

• Enable REST API and token authentication on your Splunk deployment
• Create the mcp_user role and assign it to authorized users
• Generate authentication tokens with the audience set to mcp
• Configure your MCP client (e.g., Claude) with the appropriate endpoint and token

Sample configuration for Claude Desktop:

{
  "mcpServers": {
    "splunk-mcp-server": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",

"https://<YOUR_SPLUNK_DEPLOYMENT_NAME>.api.scs.splunk.com/<YOUR_SPLUNK_DEPLOYMENT_NAME>/mcp/v1/",
        "--header",
        "Authorization: Bearer <YOUR_TOKEN>"
      ]
    }
  }
}

Conclusion

The availability of Splunk’s MCP server on Azure Marketplace marks a significant step toward democratizing access to AI-driven operations. By bridging the gap between Splunk data and intelligent agents, organizations can reduce manual overhead, improve response times, and unlock new efficiencies across their cloud environments.

To learn more, visit the MCP Server for Splunk Platform and explore the Azure Marketplace for deployment details.

Thanks to Marie Schmidt, Partner Technology Strategist at Microsoft, for her contribution and help in this project.