Generate SPL with the AI Assistant

Note: The AI Assistant for Splunk Enterprise Security is not automatically available by default. An administrator must reach out to their account team to get started.
Generate SPL with the AI Assistant to quickly learn more about a finding or investigation.
  1. Select a finding or investigation from the analyst queue.
  2. For investigations, select View details to open the investigation Overview page.
  3. Select the AI Assistant icon () to open the chat box and get started.
  4. As you chat with the AI Assistant, select the Suggest SPL recommendation button.
    Note: If the AI Assistant is generating too long of a response, you can select the stop icon () to stop the AI Assistant.
  5. Select recommendation buttons as you chat to refine the SPL search. For example, the AI Assistant might ask you to specify the search index.
  6. Select Open in search to paste the SPL in the Search tab. You can edit the SPL there before running the search.
The AI Assistant generates a report summary and adds it to the investigation. To see an example scenario using the AI Assistant, see Scenario: Jordan uses the AI Assistant to summarize an investigation and generate SPL.