@dxvapor/pi-splunk-cloud-logs
Pi coding agent extension for querying Splunk Cloud logs via REST API. Supports OAuth2 client credentials and bearer token auth.
Package details
Install @dxvapor/pi-splunk-cloud-logs from npm and Pi will load the resources declared by the package manifest.
$ pi install npm:@dxvapor/pi-splunk-cloud-logs- Package
@dxvapor/pi-splunk-cloud-logs- Version
1.0.0- Published
- Apr 22, 2026
- Downloads
- 23/mo · 4/wk
- Author
- dxvapor
- License
- MIT
- Types
- extension
- Size
- 36.4 KB
- Dependencies
- 0 dependencies · 2 peers
Pi manifest JSON
{
"extensions": [
"./extensions"
]
}Security note
Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.
README
pi-splunk-cloud-logs
A pi coding agent extension that gives the LLM direct access to Splunk Cloud logs via the Splunk REST API.
Features
- 🔍
splunk_search— Async SPL search with live progress polling - ⚡
splunk_oneshot— Fast synchronous search for quick/narrow queries - 📋
splunk_list_indexes— Discover available indexes before writing queries - 🗂️
splunk_list_jobs— Inspect recent search jobs - 🔐 OAuth 2 client credentials (preferred) or static bearer token
- 🖥️
/splunk-config— Interactive TUI setup - 🩺
/splunk-test— One-command connectivity check
Installation
pi install npm:@dxvapor/pi-splunk-cloud-logs
Or try it without installing:
pi -e npm:@dxvapor/pi-splunk-cloud-logs
Authentication
Option 1 — OAuth 2 client credentials (recommended)
Create an OAuth 2.1 client in your Splunk Cloud instance (Settings → Identity Provider → Manage OAuth 2.0 Clients), then:
export SPLUNK_HOST=myorg.splunkcloud.com
export SPLUNK_CLIENT_ID=your-client-id
export SPLUNK_CLIENT_SECRET=your-client-secret
The extension automatically obtains and refreshes access tokens.
Option 2 — Bearer token
Generate a token in Splunk Web (Settings → Tokens), then:
export SPLUNK_HOST=myorg.splunkcloud.com
export SPLUNK_TOKEN=eyJ...
Optional
export SPLUNK_PORT=8089 # Default: 8089
Interactive setup
Alternatively, configure inside pi at runtime:
/splunk-config
Credentials entered via /splunk-config are stored in memory only and are
never written to disk or the session file.
Usage
After starting pi with the extension loaded, just describe what you need:
Search Splunk for HTTP 5xx errors in the last hour across all hosts.
List all Splunk indexes and show me which ones have data from today.
Show me the top 10 hosts by error count in the past 24 hours.
The LLM uses the registered tools to run SPL queries automatically.
Manual tool calls (for testing)
Run: splunk_list_indexes
Run: splunk_oneshot { "query": "index=main error | head 5", "earliestTime": "-15m" }
Commands
| Command | Description |
|---|---|
/splunk-config |
Interactive connection setup |
/splunk-test |
Test connectivity and show server info |
How it works
User prompt
│
▼
LLM decides to call splunk_search
│
├── POST /services/search/jobs (create job)
├── GET /services/search/jobs/{sid} (poll status) ← repeats
└── GET /services/search/jobs/{sid}/results (fetch)
│
▼
Formatted results returned to LLM → answer
For splunk_oneshot, the export endpoint is used instead for a single
round-trip response.
Environment Variables
| Variable | Required | Description |
|---|---|---|
SPLUNK_HOST |
✅ | Splunk Cloud hostname (e.g. myorg.splunkcloud.com) |
SPLUNK_PORT |
❌ | Management port. Default: 8089 |
SPLUNK_CLIENT_ID |
✅ (OAuth) | OAuth 2 client ID |
SPLUNK_CLIENT_SECRET |
✅ (OAuth) | OAuth 2 client secret |
SPLUNK_TOKEN |
✅ (token) | Static bearer token |
Requirements
- Node.js ≥ 18 (for native
fetch) - pi coding agent installed globally
- Splunk Cloud Platform instance with REST API access on port 8089
Security notes
- Credentials entered via
/splunk-configare in-memory only. - OAuth tokens are cached in-process and refreshed automatically before expiry.
- TLS is always used (Splunk Cloud enforces it).
- Store long-lived secrets in environment variables, not in code or config files.
Contributing
Issues and PRs welcome at github.com/dxvapor/pi-splunk-cloud-logs.
License
MIT — see LICENSE.