Splunk AI Assistant for SPL is Splunk's first offering powered by generative AI. It is a generative AI-powered assistive app that accelerates end user’s day-to-day tasks by generating Splunk Search Processing Language (SPL) searches from a natural language prompt and increases the user's knowledge by explaining not only SPL but also product concepts and functionality of Splunk products. It is now GA and available to Splunk Cloud Platform customers globally.
This app offers an intuitive and easy-to-use chat experience to help users translate a natural language prompt into SPL search that they can execute or build on, all within a familiar Splunk interface. Splunk AI Assistant for SPL also explains what a given SPL search is doing in plain English with a summary as well as a detailed breakdown of the search. This is the crucial first step towards enabling more powerful and efficient data discovery and investigation via natural language.
Additionally, the app can answer users’ general questions about Splunk, its products and features. The app improves Splunk’s discoverability and users’ familiarity with Splunk as users do not need to search documentation. They get contextually summarized answers along with links to relevant documentation in the app itself.
Splunk AI Assistant for SPL supports four languages in this release — English, French, German and Japanese, with support for more languages coming in future releases.
SPL is an immensely powerful, domain specific language. Splunk is always looking for ways to innovate and improve our user experience. With generative AI, we can make the power of Splunk easy to use and accessible to more people in the organization. With better command of SPL, users can more quickly find and remediate security threats or IT operations issues. With the Splunk AI Assistant for SPL, novice and experienced users alike can easily discover or recall helpful commands, searches, and syntax by expressing their searches in plain English instead of SPL.
Novice and advanced SPL users will find this app useful. Novice users include users who are new to Splunk and SPL but also users who do not have to write SPL searches everyday, such as managers or business analysts. All users can leverage the app to help them write a SPL search. They can then build upon or modify this search based on their own expertise. Additionally, the app can also explain complex SPL searches that users may have inherited in a dashboard or from their colleagues. It provides a concise summary of what the search is doing along with a detailed breakdown of the search.
The app has a new feature in this GA release which helps users find contextually relevant information from Splunk documentation without searching through Splunk docs. All they have to do is ask a question in the Assistant app. Splunk AI Assistant for SPL searches Splunk documentation, finds relevant pages and the right information the user is looking for and contextually summarizes it to create a meaningful response for the user.
Under the hood, the Splunk AI Assistant for SPL uses open source transformer based large language models (LLMs) that have been trained and are hosted by Splunk. The models were fine-tuned using a combination of manually created and synthetically-generated data gathered from Splunk documents, forums, training materials, and a wealth of other Splunk resources. To further calibrate the model, Splunk employees interacted with the Splunk AI Assistant for SPL and provided feedback on the responses which was then incorporated into the model.
Splunk AI Assistant for SPL is a major step forward in Splunk’s journey in providing generative AI powered capabilities. It is Splunk’s first offering running on a multi-tenant, cloud service hosted in Splunk Cloud Platform that enables AI workloads to run on GPUs. What this means for customers is that AI workloads are offloaded to a GPU powered compute infrastructure in Splunk Cloud Platform. Your search head is free from the compute intensive LLM inference.
Under the Splunk General Terms, between Splunk and the customer, inputs and outputs (except for any pre-existing Splunk property in those outputs) are owned by the customer. Furthermore, the Splunk AI Assistant for SPL models are hosted by Splunk which means your data is not being sent to a third-party LLM service.
This Assistant is the first step in using generative AI to make Splunk users’ everyday workflows simpler and more efficient. We plan to keep adding features to make your Splunk experience easier and to enable you to detect, investigate and respond faster.
One really exciting feature under development is personalization. The personalization feature will be designed to leverage certain information from a user’s environment, i.e. index names, sourcetypes, etc. to generate SPL searches personalized to a user’s Splunk environment. This simplifies the user experience and increases the executability of the SPL search generated by the Assistant.
The Splunk AI Assistant for SPL is available today as a GA capability on Splunkbase for use with the Splunk Cloud Platform. For more information on how to use this app, refer to the documentation. To get started with this app today, visit this link.
Follow all the conversations coming out of #splunkconf24!
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.