Getting personalized AI output with AWS Knowledge Base RAG

AWS Bedrock LLM users can enhance the ai command with AWS Knowledge Base (KB) Retrieval-Augmented Generation (RAG). This feature transforms generic ai command responses into specific, actionable instructions, based on your environment, procedures, and runbooks.

The AWS-RAG feature offers the following benefits:

  • Direct integration: Connects AWS Bedrock LLMs directly to your knowledge bases without additional infrastructure setup.

  • RAG-powered intelligence: Transforms generic AI responses into precise, context-aware insights by retrieving relevant documents from organizational knowledge before generating responses.

  • Contextually relevant output: Uses your documentation, runbooks, incident histories, and internal procedures to provide tailored, actionable guidance instead of generic suggestions.

Use AWS KB RAG with your existing AWS Bedrock LLMs and as part of your ai command in your Search Processing Language (SPL) searches by adding the kb_id command.

Prerequisites

Meet the following requirements to use the ai command with AWS Bedrock LLMs:
Note: You must use both AWS Bedrock LLMs and AWS Knowledge Bases (KB) and know that you are responsible for ingesting your own data into an AWS KB and correctly configuring AWS IAM roles

  • You must use version 4.2.4 of the Python for Scientific computing (PSC) add-on to use the AWS KB RAG feature.

  • You must have the apply_ai_commander capability to use kb_id parameter with the ai command.

  • The AWS credentials you use to configure AWS Bedrock LLM must have access to the AWS Knowledge Base (KB).

AWS user access

You can either create a new IAM role or use an existing one. The IAM role must have access to AWS Bedrock models.

Use the Amazon Bedrock Limited Access policy provided by AWS and attach it to the IAM role. Once the role is set up, copy its ARN for use on the AI Toolkit Connection Management tab to set up or update settings for Bedrock models.

The following is an example ARN: arn:aws:iam::123456789012:role/role_name

For more information see the AWS managed policies documentation: https://docs.aws.amazon.com/bedrock/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonBedrockLimitedAccess

Steps

Complete the following steps in your AWS account:

  1. Navigate to AWS Console IAM Users.

  2. Select Add users.

  3. Enter a username.

  4. Under Access type, check Programmatic access. This level of access gives you an access key ID and secret access key.

  5. Create a new IAM role or use an existing one. The IAM role must have access to AWS Bedrock LLMs.

  6. Use the Amazon Bedrock Limited Access policy provided by AWS and attach it to the IAM role.

  7. After you set up the role, copy the ARN. The following is an example ARN: arn:aws:iam::123456789012:role/role_name

  8. Go to the AI Toolkit Connection Management tab and set up or update settings for the AWS Bedrock LLMs.

For information on access key IDs for AWS Bedrock, search for "AWS managed policy: AmazonBedrockLimitedAccess" in the AWS documentation.

Retrieving custom insights using the kb_id command

When you exclude the kb_id command in your SPL searches, the AI Toolkit can return only generic responses that are not tied to your environment.

The following is an example search without the kb_id command:
| inputlookup alert_entries.csv |table timestamp source message| ai prompt="find and summarize resolution specific to the Alert : {message}
The search search generates the following general response:This image shows an example Splunk SPL search window. The kb_id command is not part of the search.

If the SPL search detected unhealthy replicator pods, the app results might return Check the pods and restart if needed, but provide no mention of bastion login, repo links, a Slack channel, or Jira tickets.

If the search detected an Analytics-TSDB schema mismatch, the app results might return Cassandra nodes may disagree on schema, try a restart, but not provide Instaclustr login steps, a Jenkins link, or configuration commands.

When you include the kb_id command in your search, the AI Toolkit can return clear, step-by-step instructions with processes pulled from your company's runbooks.

The following is an example search with the kb_id command:
| inputlookup alert_entries.csv | table timestamp source message| ai prompt="find and summarize resolution specific to the Alert : {message}" kb_id=FZITBEFHT
The search generates the following customized response based on your environment:This image shows an example Splunk SPL search window. The kb_id command is part of the search.

If the SPL search detected unhealthy replicator pods and the kb_id command is used, app results might say Log into the bastion host, check pod health, roll the deployment using this link, and if still failing, escalate to the Replicator team on Slack and open a Jira ticket.