Splunk Assistant Skills

80%

_{Faster than manual
SPL workflows}

14

_{Specialized skills
one conversation}

83

_{Production-ready
Python scripts}

0

_{SPL syntax
to memorize}

Talk to Splunk like a colleague, not a query language.
_{Natural language search, job management, and administration for Splunk via Claude Code.}

> "Show me error patterns in the main index from the last hour"

Claude: Running SPL query...
  index=main error earliest=-1h | stats count by host, sourcetype | sort -count

Found 847 errors across 12 hosts. Top sources:
  web-prod-01  nginx:error     423
  api-srv-03   application     298
  db-master    postgresql      126

Get Started • Skills • Use Cases • Architecture

The Difference

The SPL Way

index=main sourcetype=access_combined
| eval response_time=response_time/1000
| where response_time > 2
| stats avg(response_time) as avg_rt,
        max(response_time) as max_rt,
        count by host
| sort -count
| head 10

Hope you remembered the syntax...

The Natural Way

"Show me slow API responses over 2 seconds,
 grouped by host, top 10"

Just ask.

Time Saved

Task	Traditional Splunk	Splunk Assistant	Saved
Write complex SPL query	5-15 min	30 sec	90%
Check job status & results	2-3 min	10 sec	95%
Export large dataset	5-10 min	1 min	85%
Create saved search	3-5 min	30 sec	90%
Debug search errors	5-20 min	1 min	80%

Typical user: Save 3-5 hours per week.

Quick Start

Option A: Install as Claude Code Plugin (Recommended)

# Install from GitHub
claude plugin add github:grandcamel/Splunk-Assistant-Skills

Option B: Manual Installation

1. Clone and Install Dependencies

git clone https://github.com/grandcamel/Splunk-Assistant-Skills.git
cd Splunk-Assistant-Skills
pip install -r requirements.txt

2. Get API Token

Log into Splunk Web
Go to Settings > Tokens
Click New Token, select your user
Copy the generated token

3. Configure

# Set environment variables
export SPLUNK_TOKEN="your-jwt-token"
export SPLUNK_SITE_URL="https://splunk.example.com"

# Or create .claude/settings.local.json for profiles

4. Install CLI

# Install the splunk-as CLI
pip install splunk-as

# Verify installation
splunk-as --version

5. Start Using

# CLI usage (recommended)
splunk-as search oneshot "index=main | stats count by sourcetype" --earliest -1h

# Or with Claude Code
> "Search for errors in the main index from the last hour"

That's it. Claude now has full Splunk access.

Full Setup Guide

Setup (Assistant Skills)

If you installed via the plugin system, run the setup wizard:

/assistant-skills-setup

This configures:

Shared Python venv at ~/.assistant-skills-venv/
Required dependencies from requirements.txt
Environment variables (prompts you to set credentials)
claude-as shell function for running Claude with dependencies

After setup, use claude-as instead of claude:

claude-as  # Runs Claude with Assistant Skills venv activated

Environment Variables