Splunk AI Assistant for SPL has revolutionized how users interact with Splunk's powerful Search Processing Language (SPL), making data analysis more accessible and efficient. As a GenAI-powered assistive app, it translates between natural language and SPL, helping users of all experience levels create and understand complex queries. Today, we're excited to highlight three significant improvements that take the assistant to the next level in our newest release 1.1.0.
Splunk AI Assistant now offers the general availability of a new personalization feature that dramatically improves the relevance and effectiveness of your SPL queries. This game-changing capability allows the assistant to apply the knowledge about your specific environment through metadata, such as index names, source types, field names, and past searches, to generate personalized SPL.
Rather than generating generic SPL, the personalization feature creates searches specifically tailored to your environment. When your Splunk Administrator opts into this feature, the assistant begins to understand the nuances of your data landscape. For example, when asking about specific hosts or services, the assistant can now reference your actual index names and field structures, eliminating the need for manual adjustments to generated queries.
This contextual awareness means that when you ask a question like "What data is being collected for host X?" or "Show me error rates for our payment service," the assistant doesn't just provide theoretical SPL - it crafts searches that align perfectly with your actual data architecture. This transformation from generic to environment-specific assistance significantly improves the accuracy of the SPL generated and reduces the time between question and actionable insight. The best part? The personalization feature respects privacy concerns, your data is only used to improve the results for your prompts, and no one else’s. It also honors RBAC differences between your users, so personalized responses will only consider indexes that the user has access to.
Since the first generally available version in June 2024 (v1.0.0), we have made substantial enhancements to the assistant’s AI capabilities, including an improved and more capable large language model (LLM) that is the foundation of the assistant. Building upon that, the assistant leverages a Retrieval-Augmented Generation (RAG) based approach that classifies your intent, searches for similar previous requests, and ranks the retrieved examples to determine which subset to present to the LLM. By indexing a much bigger and more diverse set of SPL syntax in our vector database, the assistant can quickly reference multiple scenarios across IT, observability, and security domains.
Our evaluation shows that this approach substantially improves SPL command syntax accuracy, leading to better parsability and a higher rate of immediately executable searches. Not only that, these optimizations have also improved the response generation times by up to 30% - so you spend less time waiting and more time getting your work completed.
Finding the right starting point is often half the battle when working with data. The latest version of Splunk AI Assistant addresses this challenge with new suggested prompts thoughtfully grouped by categories such as data discovery, administration, and security.
More suggested prompts including categories like Data Discovery
When you're first exploring your Splunk environment, the data discovery category offers prompts like "What data is being collected in the environment?" or "What metrics are being collected in the environment?". These structured entry points help you understand the landscape of your data before diving into specific analyses. For administrative tasks, suggested prompts help you manage your Splunk deployment more effectively. Security-focused suggestions guide you through threat detection and investigation workflows, helping security teams respond to incidents more efficiently.
This approach significantly reduces the learning curve for new users while providing experienced Splunk practitioners with efficient shortcuts to common tasks. Read more about these use cases and more in the newly released lantern article “Implementing key use cases for the Splunk AI Assistant for SPL”.
To take advantage of these enhancements, ensure that you're running Splunk AI Assistant for SPL version 1.1.0 or later. Administrators can turn on personalization in the Settings tab by opting into the feature.
And if this is your first time trying Splunk AI Assistant for SPL, simply complete the user agreement here to get provisioned for the app, then head to Splunkbase to download the app and install it on your activated stack.
The latest improvements to Splunk AI Assistant for SPL represent a significant leap forward in making the power of Splunk accessible to users of all skill levels. Through personalization, underlying model enhancements, and categorized suggestions, we hope that the assistant becomes your indispensable companion for data analysis, troubleshooting, and learning.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.
Get the latest articles from Splunk straight to your inbox.
© 2005 - 2025 Splunk LLC All rights reserved.
