Use Splunk AI Assistant for SPL in the Search app

Splunk AI Assistant for SPL is an optional generative AI feature in Splunk Web that helps users write and interpret SPL searches. If available, the assistant is displayed on the right side of the search bar.

Splunk AI Assistant for SPL is an optional generative AI-powered assistance that provides bi-directional translation between natural language (NL) and Splunk Search Processing Language (SPL) to help users learn how to write, understand, and interpret SPL searches. More advanced users can use Splunk AI Assistant for SPL to make their searches more efficient and get detailed explanations of what their SPL searches are doing. To learn more about Splunk AI Assistant for SPL, see About Splunk AI Assistant for SPL.

Note: Splunk AI Assistant for SPL gives users SPL assistance without compromising customer confidentiality and security. If you choose a third-party hosted LLM (such as Microsoft Azure OpenAI) to power the AI Assistant, your selected third party will process some of the data to provide the services, but your data will not be used to train, fine tune, or improve the third-party model. Third-party models will only be used if your administrator chooses such a model, as discussed in Feature preview: Third-party LLM Usage. Users can opt out of having their data used by Splunk for research and development by configuring the assistant's user settings at any time. See Splunk Protects for full details on data privacy at Splunk.

Before you can use Splunk AI Assistant for SPL in your searches in Splunk Web, ask your Splunk administrator to activate the application by following these steps.

  1. Review and sign the End-User License Agreement (EULA) for Splunk AI Assistant for SPL. See Install or upgrade Splunk AI Assistant for SPL.
  2. Install the latest version of the Splunk AI Assistant for SPL app. The Splunk AI Assistant for SPL app version 1.3.2 or higher must be installed before you can use the AI Assistant in searches in Splunk Web. See Install or upgrade Splunk AI Assistant for SPL.
  3. Set data sharing preferences for users in the Splunk AI Assistant for SPL app. See Configure Splunk AI Assistant for SPL.
  4. Ensure that all users who need access to Splunk AI Assistant for SPL on the search page are granted at least read permission for the Splunk AI Assistant for SPL app. See Manage knowledge object permissions.
    Note: If AI assistant skills are not visible on the search page after the Splunk AI Assistant for SPL app has been activated, contact your administrator to confirm you have the necessary permissions to use the app.
Now that Splunk AI Assistant for SPL has been activated, you can start using it to help you run your searches. To open Splunk AI Assistant for SPL, click on the icon for the assistant that is located to the right of the search bar. Screenshot of the search page with the Splunk AI Assistant for SPL icon. A window is displayed next to the icon that indicates that the app is now active and can be used to write or explain SPL, or answer questions about Splunk Platform documentation.