MCP Watch app icon

MCP Watch

Tracks AI agent activity in Splunk by analyzing _audit and _internal logs to surface MCP server queries, flag anti-patterns, and report REST endpoint usage.

Built by Alper Keske
splunk product badge
Latest Version 1.1.0
May 27, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.4, 9.3, 9.2, 9.1
Rating

0

(0)

Log in to rate this app
Support
MCP Watch support icon
Developer Supported app
Ranking

#40

in Artificial Intelligence
MCP-Watch provides visibility and governance for AI agents operating against Splunk through the Model Context Protocol. The app surfaces every SPL query executed by MCP servers, flags anti-patterns such as wildcard index searches and overly wide time ranges, and reports on REST endpoint usage. It reads exclusively from Splunk's built-in _audit and _internal indexes, requiring no additional data ingestion or dependencies. Administrators configure a lookup table with the Splunk usernames their MCP servers authenticate as, and the app then tracks query volume, identifies quality issues, and enables per-user tool access governance. Four dashboards present MCP activity across operational and compliance dimensions, while scheduled searches and alerts provide ongoing monitoring of agent behavior.

Categories

IT Operations, Artificial Intelligence

Created By

Alper Keske

Source Code

mcp-watch(Opens new window)

Type

app

Downloads

26

Licensing

Splunk End User License for Third Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing