The only use case I can think of to justify the vast additional complexity of MLS is when you need to confine access to resources based on a very specific organisational information flow policy. The MLS policy isn't necessarily more 'secure' than MCS, it's just enforces a different information flow policy (domain separation rather than Bell-LaPadula).
If you'd like to harden the machine and restrict access to splunk resources, I would:
Hypothetically, you could run multiple instances of splunk in different categories on the same machine for each index if required.