Posted on by John Capobianco

NetClaw Adds Splunk and Datadog: Enterprise Observability Through Natural Language

NetClaw Adds Splunk and Datadog: Enterprise Observability Through Natural Language

Your logs and metrics, accessible through conversation. NetClaw now integrates with both Splunk and Datadog, bringing enterprise-grade observability to network engineers through natural language. Query terabytes of logs, explore metrics, and investigate issues—all without writing SPL or navigating complex dashboards.

The Observability Gap

Network engineers live in a world of distributed systems. When something breaks, the evidence is scattered across:

  • Syslog servers
  • SNMP traps
  • Flow collectors
  • Application logs
  • Infrastructure metrics

Splunk and Datadog are where this data converges. Now NetClaw can query it directly.

Splunk Integration: 3 Skills, Full SPL Power

splunk-search

Run searches and analyze results through conversation:

Search Splunk for "connection refused" errors in the last hour

Find all syslog messages from 10.0.0.0/8 with severity error

Search for BGP state changes across all routers today

Run this SPL: index=network sourcetype=syslog | stats count by host

Capabilities:

  • Ad-hoc SPL queries
  • Time-bounded searches
  • Field extraction and filtering
  • Result summarization

splunk-indexes

Understand your data landscape:

List all Splunk indexes

Show details for the network-logs index

What's the data volume in the firewall index?

Which indexes contain Cisco syslog data?

splunk-saved

Leverage existing institutional knowledge:

List all saved searches related to network

Run the "Daily BGP Summary" saved search

Show the schedule for the "Firewall Denies Report"

What saved searches exist for security events?

Datadog Integration: Metrics, Monitors, and More

Datadog brings infrastructure metrics, APM traces, and intelligent alerting. NetClaw exposes this through intuitive queries:

Metrics and Dashboards

Show CPU metrics for all network devices

What's the interface utilization on core-rtr-01?

List dashboards tagged with "network"

Show the Network Health dashboard

Monitors and Alerts

List all critical monitors in alert state

Show monitors for the network team

What triggered the "High Latency" alert?

List monitors with "BGP" in the name

Infrastructure and Logs

Search Datadog logs for "authentication failed"

Show all hosts tagged environment:production

List infrastructure metrics for network devices

What events occurred in the last hour?

Quick Setup

Splunk Configuration

# Splunk Enterprise or Cloud
export SPLUNK_HOST="https://your-splunk-instance:8089"
export SPLUNK_TOKEN="your-api-token"

# For Splunk Cloud
export SPLUNK_CLOUD_HOST="your-instance.splunkcloud.com"

Datadog Configuration

export DD_API_KEY="your-api-key"
export DD_APP_KEY="your-app-key"
export DD_SITE="datadoghq.com"  # or datadoghq.eu, etc.

Real-World Investigation

Here’s how a network engineer might investigate an outage:

1. Initial Alert

netclaw: Show me all critical Datadog monitors in alert state

2. Gather Context

netclaw: Search Splunk for errors on core-rtr-01 in the last 30 minutes

3. Correlate Events

netclaw: What BGP state changes occurred in Splunk today?

4. Check Metrics

netclaw: Show interface utilization metrics for core-rtr-01 from Datadog

5. Historical Pattern

netclaw: Run the "Weekly Network Anomalies" saved search in Splunk

All without leaving the terminal. All in natural language.

Integration Architecture

Both integrations use the official MCP servers:

{
  "splunk-mcp": {
    "command": "uvx",
    "args": ["mcp-splunk"],
    "env": {
      "SPLUNK_HOST": "${SPLUNK_HOST}",
      "SPLUNK_TOKEN": "${SPLUNK_TOKEN}"
    }
  },
  "datadog-mcp": {
    "command": "npx",
    "args": ["-y", "@datadog/mcp-server"],
    "env": {
      "DD_API_KEY": "${DD_API_KEY}",
      "DD_APP_KEY": "${DD_APP_KEY}"
    }
  }
}

The Complete Observability Stack

With Splunk and Datadog joining Grafana and Prometheus, NetClaw now covers the major observability platforms:

Platform Strength NetClaw Skills
Grafana Visualization, dashboards 2 skills
Prometheus Metrics, alerting 2 skills
Datadog Full-stack observability 3 skills
Splunk Log analytics, SIEM 3 skills

Network engineers can now query across platforms:

netclaw: Check Prometheus for high CPU alerts, 
         then search Splunk for corresponding syslogs,
         and show me the Datadog dashboard for that device

What This Means

Observability tools are only as good as your ability to query them quickly. By bringing Splunk and Datadog into the NetClaw ecosystem, we’re eliminating the friction between "I need to know" and "I found the answer."

No more:

  • Learning SPL syntax for one-off queries
  • Navigating complex Datadog dashboards
  • Context-switching between tools
  • Losing investigation threads

Instead:

  • Ask questions in plain English
  • Get answers in seconds
  • Stay in your flow

NetClaw now supports 68 MCP servers with 124 skills. Your observability stack just became conversational.

Get started at github.com/automateyournetwork/netclaw

Tweet
Share
Share
Pin
0 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress