Automating Splunk query results

senmng · ‎03-03-2026

I would like to use AI tool to automate the Splunk search capability. For instance, instead of using Splunk search using the query ,i would like to automate in such a way that I need to get the results by giving prompting in an UI client.

((index=*) OR (index = *)) sourcetype IN ("*","*") "errorcode" | dedup sessionID

instead of writing this query in search bar, i would like to prompt in UI client using AI agent to ask to return the results the sessions with this errorcode by filtering out using unique session id

livehybrid · ‎03-04-2026

Hi @senmng

You problably want to look at the Splunk MCP app/server if you are wanting to query Splunk from your AI tooling, if its supported.

The search you provided - Thats possibly the most inefficient search Ive ever seen - I'm assuming this is just an example??

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Automating Splunk query results

other

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Automating Splunk query results

other

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!