MCP for Alert

A Splunk App that exposes an MCP (Model Context Protocol) server endpoint, enabling AI/LLM clients (such as Claude Desktop) to manage Splunk alerts programmatically via JSON-RPC 2.0. The MCP server supports two categories of alerts via separate tools: create_alert: Standard Alert -- A regular Splunk scheduled saved search with alert conditions. Use for infrastructure monitoring, log-based alerting, and operational alerts. create_es_detection: ES Detection Rule -- An Enterprise Security correlation search / detection rule. Created under the ES app with global permissions, visible in ES Content Management. Each category has dedicated create, update, and delete tools. ES detection tools automatically inject required parameters (correlation search flags, notable action, naming conventions). The server provides 11 alert operations as MCP tools: create_alert Create a standard Splunk alert with full saved/searches API support (48+ explicit params, 400+ via pass-through) create_es_detection Create an ES detection rule (correlation search) under the ES app with global permissions list_alerts List alerts with pagination and filtering get_alert Retrieve details of a specific alert update_alert Modify any standard alert property — supports all Splunk saved/searches API parameters update_es_detection Update an ES detection rule with ES-specific validation delete_alert Remove a standard alert delete_es_detection Remove an ES detection rule from the ES app namespace list_fired_alerts View recently triggered alerts acknowledge_alert Mark an alert as acknowledged suppress_alert Suppress an alert for a specified duration