Generate SPL with the AI Assistant

Note: AI features for Splunk Enterprise Security must be turned on by an administrator on the Security AI Assistant settings page. The AI features in Splunk Enterprise Security are subject to Microsoft's Azure OpenAI

Acceptable Use Policy

and Code of Conduct Content requirements.
Generate SPL with the AI Assistant to quickly learn more about a finding or investigation.
  1. Select a finding or investigation from the analyst queue.
  2. For investigations, select View details to open the investigation Overview page.
  3. Select the AI Assistant icon () to open the chat box and get started.
  4. As you chat with the AI Assistant, select the Suggest SPL recommendation button.
    Note: If the AI Assistant is generating too long of a response, you can select the stop icon () to stop the AI Assistant.
  5. Select recommendation buttons as you chat to refine the SPL search. For example, the AI Assistant might ask you to specify the search index.
  6. Select Open in search to paste the SPL in the Search tab. You can edit the SPL there before running the search.
The AI Assistant generates a report summary and adds it to the investigation. To see an example scenario using the AI Assistant, see Scenario: Jordan uses the AI Assistant to summarize an investigation and generate SPL.