false

Splunk AI Assistant for SPL FAQ

Get answers to your most pressing product questions.

Overview, Availability, and Onboarding

Splunk AI Assistants are designed to help customers get more out of Splunk. Splunk AI Assistant for SPL (SAIA) is our new generative AI-powered chat experience that is designed to help new users learn SPL quickly. SAIA is powered by GPU-based cloud AI service and it uses natural language to write and explain SPL, in addition to answering product questions.

SAIA is available for Splunk Cloud Platform customers on AWS commercial stack in all regions. Details on latest stack availability are available in documentation.


The Splunk AI Assistant will work in compliance environments. However, it can not be used on FedRamp stacks or Splunk Free Trial stacks.

Customers need to complete a multi-step process to install and use the app. Here is the documentation to install the application


  1. Review & Sign EULA - Customers will need to sign legal terms covering the app and its use. The link for the EULA is https://www.splunk.com/en_us/download/ai-assistant.html. Once signed, the splunkbase application will be unlocked by Splunk on Splunkbase.com and the customer will be sent an email to confirm. This process may take 72 hours to complete.

  2. Install SAIA - Customer will then install the Splunk AI Assistant for SPL application from Splunkbase or in product.

At this time, the SAIA application is only available to Splunk Cloud Platform customers. We are evaluating approaches that will enable us to bring SAIA to Splunk Enterprise customers in the future and will provide updates as soon as we have solidified plans.

The assistant supports English, Spanish, French, and Japanese.

Data collection and data privacy

SAIA collects different data depending on whether or not the customer has opted into data sharing when the app is installed. When data is shared with Splunk, the AI Assistant for SPL is able to provide better results.


Customers can find details on how to share information and what is collected in Share data in Splunk AI Assistant for SPL

No. SAIA architecture is fully managed within Splunk’s infrastructure. We do not leverage external third party LLM services.

Based on Splunk Specific Terms, there are safeguards in place to protect customer data including administrative, physical and technical measures. For more details, you can refer to Splunk Specific Terms.

Beyond the information stated above, SAIA does NOT collect any data ingested into the customer’s Splunk instance. Ingested customer data continues to be treated in accordance with SGT.


Q: Can the assistant see my ingested data? 
A: No, it can not see a customer’s ingested data.


Q: Can the assistant see any of my logs?
A: The application does not view any event information. It does not see logs.

Customers can help improve the quality of responses generated by SAIA by sharing certain data, as noted, with us. They can also provide feedback in the form of thumbs-up/thumbs-down along with additional feedback on assistant responses.


Customers can’t provide feedback unless they opt into sharing data.

Q: If the customer has previously opted out of data sharing and wants to opt in, what should they do? 
A: You can enable data collection in the Settings tab. Data collection starts once the option is selected.



Q: If the customer has previously opted into data sharing and wants to opt out, what should they do? 
A: The option to share data is on by default. Once a customer opts out, data collection stops, but the previously collected data remains.

There are no mechanisms to review data provided by customers.

SAIA produces SPL queries which users may choose to execute, however SAIA does not ever execute these SPL queries on behalf of the user. Users execute SAIA generated queries via the search page which fully honors the users RBAC and workload management setting. There is no risk of users having unauthorized access to data when using SAIA.

SAIA Product Architecture

SAIA for SPL is using open source pretrained LLMs that are further augmented with RAG. We use multiple models, choosing the best ones to deliver the best outcomes for the specific 3 tasks.

Open source large language models (LLMs) are trained on a large corpus of publicly available data, carefully selected for its relevance to the intended use of the LLM. Additionally, to enhance accuracy and relevance, Splunk has curated tens of thousands of SPL queries and natural language descriptions, drawing from our extensive expertise in SPL, which is used to improve the LLMs accuracy through retrieval augmented generation (RAG).

SAIA Pricing

SAIA is currently free for a limited time. Customers will be notified of pricing structure at least 30 days before pricing will go into effect.

Customers on workload pricing will see little to no impact on SVC consumption while using the assistant. User prompts and generative AI results run within services hosted on Splunk Cloud Platform (SCP), not within the customers Cloud stack. However, a primary use of the Assistant is to generate SPL which can then be executed as a search. For the 1.0 release and higher, SPL generated by the Assistant will require a separate step to “open in search”. Searches executed in the Search app will work like any other Splunk search, and will consume SVC resources accordingly.

SAIA Product Development and Roadmap

saia-provide-feedback

When a customer enters a prompt into the assistant and a response is generated, the application also provides the customer an opportunity to provide feedback. This is only available to customers who have opted into data sharing.

If the customer selects the “thumb down” they will further be given a chance to provide more details. This data will be sent and stored by Splunk only if the customer has opted into data collection.

Enhancements and feature request for the Splunk AI Assistant for SPL should be added to ideas.splunk.com

Please reach out to your account manager for this discussion.

Chat Service Alternatives

SAIA is a secure option for customers looking for SPL assistance without sharing private company data with third party LLM services. Instead, their data is kept within their secure Splunk environment. See how we use your data above and explore Splunk Protects for full details on data privacy in Splunk.

Get started

Try Splunk AI Assistant for SPL for free for a limited time in Splunk Cloud.