Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About nonno_pinto
nonno_pinto
Explorer
Member since:
06-04-2024
03-25-2026
Community Statistics
| Posts | 22 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 06-04-2024 |
Activity Feed
- Got Karma for Re: AI Toolkit "Connection Management is not yet configured by your Admin". 03-24-2026 10:41 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 03-02-2026 01:21 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-27-2026 08:18 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-27-2026 08:07 AM
- Posted Re: Splunk DB Connect "The Task Server is currently unavailable" on Splunk Enterprise. 02-26-2026 08:31 AM
- Posted Re: Heavy Forwarders not showing in Agent Management on Deployment Server on Deployment Architecture. 02-26-2026 08:19 AM
- Posted Re: Heavy Forwarders not showing in Agent Management on Deployment Server on Deployment Architecture. 02-26-2026 08:08 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-26-2026 07:43 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-26-2026 12:16 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-16-2026 07:19 AM
- Posted Re: Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-16-2026 01:54 AM
- Posted Re: Splunk MCP Server returns fabricated/hallucinated data with Claude Desktop on All Apps and Add-ons. 02-13-2026 02:22 AM
- Posted Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-13-2026 02:11 AM
- Tagged Splunk MCP server only returns status and result count on All Apps and Add-ons. 02-13-2026 02:11 AM
- Posted Re: AI Toolkit "Connection Management is not yet configured by your Admin" on Security. 01-09-2026 06:44 AM
- Posted Re: AI Toolkit "Connection Management is not yet configured by your Admin" on Security. 12-24-2025 02:36 AM
- Posted Re: AI Toolkit "Connection Management is not yet configured by your Admin" on Security. 12-24-2025 02:12 AM
- Posted AI Toolkit "Connection Management is not yet configured by your Admin" on Security. 12-23-2025 05:55 AM
- Posted Re: Export table to excel dashboard studio on Dashboards & Visualizations. 12-01-2025 12:40 AM
- Posted Re: Export table to excel dashboard studio on Dashboards & Visualizations. 12-01-2025 12:33 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-02-2026
01:21 AM
I can confirm that with Codex CLI it works fine. Sometimes i have a truncate response that I'm investigating, but at least the partial answer is correct.
... View more
02-27-2026
08:18 AM
Or maybe the model sees the result count and just create the response? To me, it happens with every model I've tried except for GPT.
... View more
02-27-2026
08:07 AM
Please, don't hold it against me, but could you share a raw request and a raw response, anonymized? Because I'm missing something...
... View more
02-26-2026
08:31 AM
We also had a similar issue, couple times and each time with a different cause. Once, we had an error in the JAVA path: the server manager changed it and the db connect app cannot find it, we had to change the JAVA path in the UI of the app. Lately, it was an issue with the server certification. We solved by running this command cp $SPLUNK_PATH$/bin/auth/server.pem $SPLUNK_PATH$/bin/auth/server.pem_bk rm $SPLUNK_PATH$/bin/auth/server.pem and reloading splunk. Sometimes it get some error with the certificate and it just need to recreate it.
... View more
02-26-2026
08:19 AM
Good luck. In the meanwhile, give it a try, but yeah, I also suppose that if it's a brand new installation you shouldn't have any issue with that.
... View more
02-26-2026
08:08 AM
Did you already tried this path? Upgrade pre-9.2 deployment servers | Splunk Enterprise (last updated 2025-07-04T12:57:05.003Z) Unfortunately, it's a common issue when upgrading to newest versions where Splunk changed the interal indexes usage.
... View more
02-26-2026
07:43 AM
Thanks. I've configured the MCP in zed and tried with Claude Sonnett 4.6 model but still get the same problem. Could you please share the MCP server version you are using, the model you are using in zed and an example of request and full response? Maybe just some tool have this issue and I'm trying only th bugged ones.
... View more
02-26-2026
12:16 AM
What configuration are you using on Zed? I've been trying both a cloud and a local Splunk env and both return "Context server request timeout" First time using Zed, then maybe I'm missing something very stupid.
... View more
02-16-2026
07:19 AM
There are a couple problem on this point: it's not just Claude, it's also Gemini CLI and MCP client on n8n most important, in my understanding mcp standard is mainly sponsored by Anthropic, then why Claude should not follow the standard?
... View more
02-16-2026
01:54 AM
I gave a look to the standard MCP server definition and I must admit that that's not an error, Splunk is just following the suggested standard. Structured content is returned as a JSON object in the structuredContent field of a result. For backwards compatibility, a tool that returns structured content SHOULD also return the serialized JSON in a TextContent block. It should also return same content in the result field, but it's not mandatory at all (source: MCP protocol ). This makes things harder, if possibile.
... View more
02-13-2026
02:22 AM
I'm having same issue. Trying to troubleshoot the problem I took a look to the code and set log to debug mode and wrote a new log that returns the full response. For debug mode (there's also a function, but still haven't managed how to use it): logging_config.py function set_debug_mode change both logging.INFO to logging.DEBUG To print the whole json response: function _build_response set a custo log like this one "logger.DEBUG("GZ: full payload response %s", payload_obj)" It workend on my on prem env, still haven't tried on cloud
... View more
02-13-2026
02:11 AM
I've been trying to use Splunk MCP Server on multiple server installations and MCP clients and I'm having the same issue on all scenarios: MCP server only returns a status and a count of the results, not results themselves. Splunk MCP Server: 1. Splunk Enterprise (on Linux Ubuntu) Version: 10.0.1 Splunk MCP Server: v. 1.0.1 2. Splunk Cloud Version: 10.1.2507.15 Splunk MCP Server: 1.0.1 Both case I have AI toolkit and AI Assistant for SPL installed and updated to latest versions. MCP clients: 1. Gemini CLI 2. Claude Desktop 3. MCP client on n8n running as docker on a local Linux machine The issue is always the same: everything works, BUT the MCP server doesn't return a JSON with results, just the status of the request and a result count. When working with LLMs (Gemini and Claude), they make up some data; but if you ask for the raw response, you see there is no data except for status and count. I've worked a little on mcp server code and I've noticed a couple things: MCP server appears to return the full data, or at least it has the function needed to do so MCP server has a function to set logging DEBUG mode, but no instruction on how to use it and no settings on app UI. I've managed to set DEBUG mode only changing the code Has anyone had the same problems and managed to fix them? UPDATE: I've tested Splunk MCP server 1.0.1 working with codex CLI. Updating to 1.0.2 it also works with Gemini CLI, i think due to this fix they introduced: • Fix: Mirrors the structuredContent field payload to the content text field.
... View more
- Tags:
- Splunk MCP Server
Labels
- Labels:
-
development
-
troubleshooting
01-09-2026
06:44 AM
I managed to connect to my GPT account. I just had to ask for a free dev license (10GB) in order to manage roles. Then, i made an account with user, admin and mltk_admin roles, restarted splunk and connected to my GPT api key. A colleague has a similar situation and it's not able to connect, but that's all I did. Please ping the solution here if I'm missing any step
... View more
12-24-2025
02:36 AM
I'll have to try with dev license. I was searching a faster road, since dev license takes days. I'll try it, thanks
... View more
12-24-2025
02:12 AM
1 Karma
Unfortunately, in free license you don't have role management, so I can just hope my admin role (the default and only one in splunk free license) has mltk_admin role. What do you mean with the configuration under AI Toolkit? This is Connection Management page under AI Toolkit
... View more
12-23-2025
05:55 AM
I have a local Splunk Enterprise with free license. I'm trying to connect AI Toolkit with my GPT token, but returns this error: Connection Management is not yet configured by your Admin. Please reach out to your Admin for assistance. Is it a free license limit?
... View more
Labels
- Labels:
-
other
12-01-2025
12:40 AM
Yes, but my question was about excel export. I'm not searching for the easiest solution, but if this solution exist in any way.
... View more
12-01-2025
12:33 AM
And, more in general, for Excel export of search result, is there any options?
... View more
11-28-2025
06:10 AM
Hi, I'd like to export some tables results in Excel from Dashboard Studio. With the classic dashboard we had a js script that, imported, allows to export in excel. As for my understanding, Dashboard Studio doesn't allow custom js, but also doesn't have a built-in Excel exporter. Is there any workaround? I do work in splunk cloud env, v9.3 Thanks
... View more
Labels
- Labels:
-
Dashboard Studio
01-16-2025
05:22 AM
Hi everyone! My goal is to create an alert to monitor in ALL saved search if there's any email that no longer exist (mainly, colleagues that left the company or similar). My idea was to search for the same patter of Mail Delivery Subsystem that happens when sending an email from Gmail (or any other) to a non-existing mail. Bud didn't find anything in _internal index, nor with a rest to saved search and index=mail is empty. Amy idea?
... View more
06-04-2024
03:56 AM
After few tries, i changed test case and saw the problem was that is was asking splunk to save an event "in the future", and apparently that's not possibile
... View more
06-04-2024
02:26 AM
I have a small query that splits events depending on a multivalue field and each of n's date from the multivalue needs to become the _time of n's "collected" row. index=test source=test
| eval fooDates=coalesce(fooDates, foo2), fooTrip=mvsort(mvdedup(split(fooDates, ", "))), fooCount=mvcount(fooTrip), fooValue=fooValue/fooCount
| mvexpand fooTrip
| fields - _raw
| eval _time=strptime(fooTrip, "%F")
| table _time VARIOUS FIELDS
| collect index=test source="fooTest" addtime=true The ouput table view is exactly what i'm expecting, but when i search for these fields on new source, they have today time (or, with addtime=false, earliest from the time picker). Also using testmode=true, i still see results as supposed to be. What's wrong? Thanks
... View more
Labels
- Labels:
-
summary indexing
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-25-2026
03:04 AM
|
