New GenAI Search Revamps Customer Experience

Splunk has launched a GenAI summary feature in splunk.com and docs.splunk.com search platforms designed to give users a quick and accurate glance of the most pertinent information they are looking for. This GenAI feature serves up a contextual high-level summary pulled from various relevant search results on topics ranging from Splunk product and feature usage to general Splunk terminology. Additionally, each of the search results will have descriptions created by GenAI that provide a comprehensive overview of the linked source. With the help of this revamped search experience, Splunk users can now get the information they need faster than ever before.

Why

As Splunk has grown, so has our digital footprint. We have roughly 260,000 members on Community making over 147,000 posts — and that’s just one data source that users can tap into. Add in product docs, Knowledgebase articles, Splunk Blogs and our developer portal into the mix just to name a few, and knowing where to search suddenly becomes very convoluted.

This revamped experience is designed to save users both time and energy by providing a one-stop shop to not only search Splunk-related terminology across data sources, but also get high-level and document-level content summaries. The GenAI feature enables us to tap into our domain expertise by training our LLM on the gold mine of Splunk documentation, something that other solutions in the market do not have full access to.

Data Sources

Our LLM is trained on Splunk public documentation. By training it on Splunk-specific resources, this helps to filter out the noise of the greater world wide web. Documents used in our LLM are updated daily so you can rest assured that you are leveraging the most up-to-date information.

Data sources for the first release will include:

• Blogs: Articles (such as this one!) written on a range of topics from new product releases to our approach on building a more resilient digital future.
• Community: This site consists of a collection of programs and resources to help any Splunk user ask questions, get answers, share ideas, connect with like-minded enthusiasts, and be the catalyst for success their organizations need.
• .conf: Tap into the various artifacts that are created at each year’s Splunk conference.
• Developer portal: A comprehensive resource of officially-supported information to help you discover, manage, use, and deploy Splunk software.
• Product documentation: Every product in our portfolio has associated documentation that covers installation, usage tips, release notes and much more. Whether you are an administrator, analyst, end-user, or developer, Splunk documentation provides officially-supported information to help you learn, do, and solve the problems you need to solve.
• Lantern: Easy-to-follow Getting Started Guides and expert tips get you Splunking like a pro. Access a library of search and procedural step-by-step articles to investigate, troubleshoot, monitor, and solve even your trickiest data challenges. Find untapped value in additional use cases for the data you already have in Splunk, and when you're ready to go deeper, use the curated best practices to meet your top business objectives.
• Splunk.com: General Splunk overview of our products, solutions, resources and company details.
• Knowledgebase articles: A just-in-time collection of knowledge articles to solve problems for your specific environment or exception. Quickly find what you are looking for without having to contact Splunk. Benefit from the collective experience of Splunk support and other customers who may have encountered similar issues to find relevant solutions and get back to productivity.

We are continuing to expand the data sources supported.

Features

• High-Level Summary: The high-level summary compiles the most important information from each relevant document, offering users a quick overview without the need to click through the document links. It also provides linked data sources that went into a response so you can dive deeper.

• Document-Level Summary: The document-level summaries will help users get a more accurate understanding of the contents of each search result and spend less time reading through documents that don’t have the information they need.

Type in your keywords to search granularly by product, feature, or even be as broad as asking how to get started using Splunk as a whole. In the screenshot below, the customer is searching by product to learn more about the AI Assistant for SPL app.

Solution Overview

LLM and Splunk AI Platform

We leverage an open-source large language model (LLM) model as foundation for this service. The LLM is hosted on the Splunk AI Platform to generate summaries from user searches, the same platform that supports some of Splunk’s most powerful AI Assistants like the AI Assistant for SPL. 

We continue to remain agile with marketplace solutions and have designed our infrastructure so that we are in a better position to swap out the models when a better solution for our needs surfaces. As is common among GenAI solutions, sometimes our LLM is subject to hallucinations and users are recommended to fact check their results with the data sources that went into the summary.

Retrieval Augmented Generation (RAG)

The LLM leverages a RAG-based approach to improve model performance. We have indexed a diverse set of data in a vector database. Every time a user executes a query, our system identifies the intent of the query, searches for relevant documents, and ranks the retrieved documents to determine which subset to show the Large Language Model (LLM). 

Safety Guardrails and Limitations

We implement a series of guardrails designed to enhance  the safety of the responses from our services. These guardrails include prompt injection detection, profanity detection, gibberish detection and PII detection. 

Despite these measures, it's important to acknowledge the inherent limitations of Large Language Models (LLMs). LLMs can sometimes produce hallucinations, generating information that may appear plausible but is not based on real data. Additionally, while our guardrails enhance safety, they are not foolproof and may not catch every inappropriate or incorrect response. Continuous monitoring and improvement are essential to mitigate these limitations and enhance the reliability of our services.

Conclusion

With Splunk’s revamped search experience that leverages GenAI technology at scale, customers can now have a more seamless Splunk end user experience by having the domain-specific information they need at their fingertips. Try out the feature today in splunk.com and docs.splunk.com.