Does it support time-range filtering?

Yes, it follows Splunk best practices by supporting 'earliest' and 'latest' time parameters to ensure efficient index scanning.

Can I use this skill to validate SPL before running it?

Yes, the skill includes a dedicated validation script to check SPL syntax via the Splunk API without actually executing the search.

How does this skill handle large search results?

For large datasets, the skill supports pagination using count and offset parameters, as well as asynchronous job management to prevent timeouts.

What Splunk search modes are supported by this skill?

The skill supports three modes: Oneshot (inline results for <50k rows), Normal (asynchronous jobs with polling via SID), and Blocking (synchronous wait for completion).

Is it possible to modify data in Splunk using this skill?

While primarily used for read-only queries, the skill can modify data if the SPL query contains write-capable commands like '| outputlookup' or '| collect'.

Splunk Search Assistant

Name: Splunk Search Assistant
Author: grandcamel

bygrandcamel

Analíticas y Monitorización

Executes and manages SPL queries within Splunk using oneshot, normal, and blocking execution modes.

Acerca de

The Splunk Search skill empowers Claude to interact directly with Splunk instances to perform complex data analysis and log retrieval via the Splunk REST API. It provides a robust interface for executing Search Processing Language (SPL) queries across multiple execution modes, allowing users to choose between ad-hoc oneshot searches for quick results, asynchronous normal searches for long-running jobs, or synchronous blocking searches. With built-in SPL validation, time-range optimization, and result pagination support, it streamlines the process of monitoring system health, investigating security incidents, and extracting actionable insights from large datasets directly through Claude.

Características Principales

Granular time-range controls to optimize index scanning and performance
Supports multiple execution modes: Oneshot, Normal (async), and Blocking (sync)
Built-in SPL syntax validation to catch errors before job submission
Real-time search preview and paginated result retrieval for large datasets
0 GitHub stars
Comprehensive search job management including SID tracking and status polling

Casos de Uso

Automated monitoring of system metrics by managing long-running asynchronous search jobs
Ad-hoc troubleshooting and log analysis using oneshot SPL queries for rapid debugging
Validating complex SPL syntax and field extractions before deploying production alerts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add grandcamel/splunk-assistant-skills splunk-search

For use in Claude.ai and ChatGPT

Download Skill

GitHub