MCP server
Drive Tracemill from an AI agent over the Model Context Protocol.
Tracemill Cloud exposes a hosted MCP (Model Context Protocol) server, so an AI agent can drive the platform directly: bind a Splunk target, read its detection coverage, author validation content, run it, and enroll a detection into a suite.
There is nothing to install. The server is a URL and an API token.
https://api.tracemill.io/mcpAuthenticate with a workspace API token (tmk_…) as a bearer token. Target tokens
(tmv_…) and agent tokens are rejected — see Setup.
What it is for
The flow it was built for is enrolling a custom detection: taking one of your own Splunk saved searches and proving Tracemill can make it fire on demand. Doing that by hand means exporting events, hand-authoring a scenario that reproduces them, checking the reproduction is faithful, running it, and reading the result. The MCP server lets an agent do that with you.
The server ships a guided prompt, enroll-custom-detection, that walks the whole
flow. Most MCP clients surface prompts in a slash-command or template menu.
Tools
| Group | Tools |
|---|---|
| Targets | resolve_target, get_target_detections, request_inventory_refresh |
| Authoring | create_dataset_upload, extract_events, put_draft, get_draft, list_drafts, validate_content, render_and_check_fidelity, list_event_types |
| Content | upload_content, delete_content |
| Runs | start_validation_run, get_run |
| Suites | list_suites, enroll_detection |
Every tool is authorized with the same role permissions as the REST API, so a token whose role cannot write content cannot write content over MCP either. The guided prompt itself is readable by any role; the tools it describes still fail closed.
Working with Splunk
Tracemill's MCP server never connects to your Splunk. It keeps the same push-only relationship the rest of the platform has: events are delivered out, and the TA-Tracemill add-on reports observations back.
Reading from Splunk — listing saved searches, fetching a detection's SPL,
exporting events — is the agent's job, from your side. The official Splunk MCP
server covers this, and Tracemill duplicates none of it. If you cannot install
Splunkbase apps, the same reads work as curl calls against Splunk's REST API,
and your agent can make them directly.
Credentials for your Splunk stay on your side throughout.
The authoring workspace
To check that a generated event faithfully reproduces a real one, the fidelity oracle has to read the real one. So the events you export land in an authoring workspace: tenant-scoped, size-capped, and short-lived object storage.
(This is a different thing from the workspace that means your tenant. The authoring workspace is scratch space inside it.)
- Raw exported events are uploaded straight from your machine to a presigned URL. They never pass through the agent's context.
- Authoring sessions expire 7 days after their last write. The objects behind them are deleted within 14 days.
- Nothing there is a source of truth. Drafts can be re-written and datasets re-exported; if a session expires mid-flow, start a new one.
- Only the small artifacts travel through the agent: YAML drafts, the event summary, and one sample event per category.
If exporting raw events to Tracemill is not acceptable for your telemetry, use the open-source authoring flow with the CLI instead. It runs entirely on your machine and needs no account. See Scenarios and the CLI quickstart.
Availability
The MCP server is enabled per environment. If https://api.tracemill.io/mcp
returns 404 for your workspace, it is not switched on yet — contact us.
Tracemill does not currently gate features by plan; when plan-based entitlements arrive, MCP access will be one of them. See Billing.