Activate Splunk AI Assistant for SPL through cloud connected

Splunk AI Assistant for SPL version 1.3.0 and higher offers Splunk Enterprise on-premises customers the option to use the app through a new, cloud connected solution.

The cloud connected solution leverages Splunk-managed AI services in the cloud, with on-premises environments connecting to it. This solution offers a secure connection between your environment and Splunk managed cloud, with no GPU requirements.

For installation instructions for Splunk Cloud Platform users, see Install or upgrade Splunk AI Assistant for SPL (Cloud Version).

Version compatibility

See the following table for the compatible combinations of Splunk AI Assistant for SPL through cloud connected and Splunk Enterprise:

Splunk AI Assistant for SPL version Splunk Enterprise version
1.4.0 9.2.x, 9.3.x, 9.4.x, or 10.x, 10.1.x.
1.3.29.2.x, 9.3.x, 9.4.x, or 10.x, 10.1.x.
1.3.19.2.x, 9.3.x, 9.4.x, or 10.x.
1.3.0 9.2.x, 9.3.x, 9.4.x, or 10.x.

How is the connection made?

The cloud connection is established over HTTPS port 443 to ensure secure communication between your environment and Splunk Cloud Platform.

If your Splunk Enterprise deployment is behind a firewall, you must allow outbound access to the following domain:

Host name Instances requiring access Port
*.scs.splunk.com Search head or search head cluster with Splunk AI Assistant for SPL 443
The following domains need to be allow listed for communication to the Splunk Cloud Platform Splunk AI Assistant for SPL service:
Tenant IDDomain
scs_tenanthttps://<scs_tenant>.api.scs.splunk.com/<scs_tenant>/saia-api/v1alpha1/api/search
scs_tenanthttps://<scs_tenant>.api.scs.splunk.com/<scs_tenant>/saia-api/v1alpha1/api/metadata
scs_tenanthttps://<scs_tenant>.api.scs.splunk.com/<scs_tenant>/saia-api/v1alpha1/data/upload
scs_tenanthttps://<scs_tenant>.api.scs.splunk.com/<scs_tenant>/saia-api/v1alpha1/data/status

Installation process

Complete the following to access, install, and activate Splunk AI Assistant for SPL cloud connected solution:

Prerequisites

Before you can begin using Splunk AI Assistant for SPL you must review and sign the legal terms for the app. This specialized End-User License Agreement (EULA) covers data usage and is only accessible if you have a Splunk.com account. To review and sign these legal terms, see Splunk AI Assistant for SPL Registration.

The signed EULA is then reviewed by team members at Splunk. This review can take up to 72 hours.

Following review and approval, you will receive an email notification that Splunk AI Assistant for SPL is available for download and installation. Find the app on Splunkbase or through the in-product app browser. When using the in-product app browser search by "AI Assistant" to find the app listing .

Note: The app download is only available for the account associated with the signed EULA.

Activation steps

Launch the app and complete the in-app onboarding process. This process includes the steps of Getting started, Create tenant code, Email tenant code, and Connect to cloud:

  1. On the Getting started page, select Begin setup. This image shows the Getting started page of the cloud connected solution activation steps.
  2. On the Create tenant code page, add your deployment information. This image shows the Create tenant code steps of the cloud connected solution activation steps.
    1. Add the company name, select a Splunk Cloud region, and provide your work email address.
    2. Select Next when ready.
  3. The system generates a unique tenant code in-app. Follow the guidelines on the

    Submit tenant code page to share this code with your onboarding specialist. You will need to copy-paste the tenant code from the app and go to the following URL to submit the tenant code: www.splunk.com/en_us/form/tenantcodesubmit.html

    1. The tenant code you submit is reviewed and an activation code is then provisioned and sent to the email address you provided.

      Note: Provisioning typically takes 2 business days
  4. On the Connect to cloud page, enter the activation token you received by email. Select Connect to cloud when ready. This image shows the Connect to cloud page of the cloud connected solution activation steps..
    Note: If you haven't received your activation token after 2 business days, contact splunkai@splunk.com for assistance.
  5. (Optional) If your environment uses a proxy, you can configure a proxy server. This allows for the routing of traffic through your proxy and ensure a successful connection.
    Note: You can also configure this later through the Settings page of the app.

After set-up is complete, you can use the assistant to create SPL searches, better understand SPL searches, and learn SPL. See Use Splunk AI Assistant for SPL.

Install or upgrade on the search head cluster

Splunk AI Assistant for SPL version 1.4.0 and higher supports installation of cloud connected on the search head cluster (SHC). Complete installation of the app on the Deployer and push to search head members. No per-member cloud registration is required.

If you have several search heads and search head clusters in your environment, follow these guidelines:

  • For each search head that does not belong to a search head cluster setup, you must request and Activation token for each of those search heads.

  • For search head cluster setups that include several search head nodes, you must request only 1 Activation token per search head cluster setup.

SHC installation steps

Complete the following steps:
Note: If replication issues occur, perform an uninstall followed by a fresh install using these step

  1. Confirm you are using Splunk AI Assistant for SPL version 1.4.0 or higher.

  2. On the Deployer, copy the Splunk_AI_Assistant_Cloud app from etc/apps to etc/shcluster/apps.

  3. Push the SHC bundle from the Deployer to the Search Head members, replacing placeholders

  4. On any search head member, open the Splunk AI Assistant for SPL app page, submit the Tenant Code Activation form, and then submit the Activation Token received from Splunk.

Upgrade to version 1.4.0 on the SHC

Complete the following steps:
Note: Only use these steps after onboarding (Activation Token submission) is complete. If onboarding is not complete, update the app on the Deployer and push as in the install section.

  1. Update the Splunk AI Assistant for SPL app on the Deployer to the latest version. Version 1.4.0 or higher.

  2. Copy the updated app from etc/apps to etc/shcluster/apps.

  3. Push the bundle from the Deployer to the SHC member captain.

Uninstall the app on the SHC

Complete the following steps:

  1. On the Deployer, remove the app from the SHC bundle directory.

  2. Push the updated bundle, without the app, to search head (SH) members.

  3. Verify removal on each SH member.

  4. Remove the app from the Deployer apps folder.

  5. Restart Splunk on the Deployer.

Add a new search head member to an existing SHC

Complete the following steps:

  1. Ensure the conf files under etc/apps/Splunk_AI_Assistant_Cloud/local replicate to the new member.

  2. If replication did not occur, copy the files manually from an existing search head member to the same path on the new member.

  3. Restart Splunk on the new member. The Splunk AI Assistant for SPL app inference search should function properly.

What data leaves your environment

Splunk AI Assistant for SPL through cloud connected solution sends data from the customer managed platform environment to Splunk Cloud Platform. The type of data shared depends on your configuration choices.

You can choose from the following options:

Data sharing option Description
Basic app setup with minimal data transfer At a minimum, when you do not opt-in to share AI service data or personalization data, the app sends only what is required to power core functionality.
Data sharing for research and development You can opt in or out of sharing anonymized usage data to help improve the product. Data sharing for research and development is required to provide feedback on individual interactions. To learn more, see What data is collected - share data.
Personalization data Personalization lets the assistant tailor responses to your data, which can improve the quality of app responses. You can opt in or out of this feature. To learn more, see What data is collected - personalization data.

Configurations can be changed by an administrator at any time on the Settings page. See Configure Splunk AI Assistant for SPL.

Splunk AI Assistant for SPL uses the Splunk platform proprietary model. The assistant uses an open source LLM and performs inference in Splunk Cloud services. It does not leverage or send your data to third party services or APIs. Data remains within the Splunk platform cloud environment.

Splunk does not share customer data between customers. Customer metadata is not mixed or used for model training.

The assistant fully honors Splunk platform role-based access controls (RBAC). It does not execute SPL on behalf of a user, but routes users to search and reporting where RBAC and workload management are fully honored.