How to Access Live Splunk Data in Visual Studio Code via Cline

Jerod Johnson
Senior Technology Evangelist

Run the CData MCP Server for Splunk on Windows Subsytem for Linux (WSL) and connect to live Splunk data from the Cline extension in Visual Studio Code.

Cline is an autonomous coding agent right in your IDE, capable of creating/editing files, running commands, using the browser, and more with your permission every step of the way. When paired with the CData MCP Server for Splunk, you get live access to CRM data within your IDE, enabling you to build, test, and validate data-driven features using real-time schema and records without ever leaving your development environment.

This article outlines how to run the CData MCP Server for Splunk on WSL (Windows Subsystem for Linux) and connect to it from the Cline extension in Visual Studio Code on Windows.

Background

CData MCP Servers are typically designed for clients like Claude Desktop. However, when attempting to use the server via the Cline extension in Windows VS Code, the following error occurred:

MCP error -32000: Connection closed

This issue is suspected to be caused by I/O handling problems in the stdio transport implementation on the Windows version of the Cline extension.

Related GitHub Issue: https://github.com/cline/cline/issues/3464
Additionally, environment variables such as PATH may not be inherited correctly when launching processes like Java or Node.

Prerequisites

Visual Studio Code installed on Windows
Cline extension installed and configured in VS Code
Windows Subsystem for Linux (WSL) installed with a working Linux distribution (e.g., Ubuntu)
Java 21+ JRE installed in WSL
CData MCP Server for Splunk installed on Windows

Step 1: Authenticate with Splunk (on Windows)

Before running the MCP Server in WSL, you must complete authentication flow in a Windows environment. This ensures all necessary credentials are generated and stored properly. Find and run the "CData MCP Server for Splunk" or execute the MCP Server JAR file to open the configuration wizard.

java -jar "C:\Program Files\CData\CData MCP Server for Splunk 2024\lib\cdata.mcp.splunk.jar"

Connecting to Splunk

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Configuring the CData MCP Server

Name your MCP Server (e.g. cdatasplunk), enter the required connection properties, and click "Connect."

The CData MCP Server configuration wizard (Google Sheets is shown).

Upon successful connection, the following directory and files will be created:

C:\Users\<username>\AppData\Roaming\CData\splunk Provider\
 |-- cdatasplunk.mcp
 |-- (other supporting config files)

Step 2: Copy the MCP Server Configuration into WSL

Next, copy the entire configuration folder from Windows into your WSL environment.

mkdir -p ~/.config/CData/
cp -r /mnt/c/Users/<username>/AppData/Roaming/CData/"splunk Provider" ~/.config/CData/

Ensure the destination path matches exactly: ~/.config/CData/splunk Provider/.

Step 3: Install the MCP Server on WSL

Install Java and place the MCP Server JAR in the desired location within WSL:

sudo apt update
sudo apt install openjdk-21-jre-headless
sudo mkdir -p /opt/cdata/mcp_splunk/lib
sudo cp /mnt/c/Program\ Files/CData/CData\ MCP\ Server\ for\ Splunk\ 2024/lib/cdata.mcp.splunk.jar /opt/cdata/mcp_splunk/lib/

Step 4: Configure Cline

Now, configure the Cline extension to launch the MCP Server inside WSL using the wsl command.

Create or update cline_mcp_settings.json with the following content:

{
  "mcpServers": {
    "cdatasplunk": {
      "autoApprove": ["*"],
      "disabled": false,
      "timeout": 60,
      "type": "stdio",
      "command": "wsl",
      "args": [
        "-d",
        "Ubuntu", // Replace with your installed WSL distro name
        "--",
        "/usr/bin/java",
        "-jar",
        "/opt/cdata/mcp_splunk/lib/cdata.mcp.splunk.jar",
        "cdatasplunk"
      ],
      "env": {
        "JAVA_TOOL_OPTIONS": "-Xmx2g"
      }
    }
  }
}

Note: Replace Ubuntu with your actual WSL distribution name (e.g., Ubuntu-22.04). Run wsl -l in PowerShell or CMD to confirm.

Step 5: Interact with Live Data in Cline

From within Visual Studio Code, you can now run MCP commands through the Cline extension.

cdatasplunk_get_tables
cdatasplunk_get_columns DataModels

If configured correctly, these commands will return a list of available Splunk objects and metadata, allowing you to interact with your CRM schema in real time.

Try natural language prompts like:

"Generate a React form to create a new Splunk Lead."
"Write a Python function to pull Opportunities closed this quarter."

Connect your AI to your data today!

CData MCP Servers make it easier than ever for LLMs to work with live enterprise data. To explore the technology hands-on, download a free, 30-day trial or visit the CData Community to share insights, ask questions, and help shape the future of enterprise-ready AI.

Ready to get started?

Download a free Splunk MCP Server to get started:

Download Now

Learn more:

Splunk MCP Server

The CData MCP Server for Splunk allows you to connect with live Splunk data, directly from LLMs that support MCP.