AI service data in Splunk AI Assistant examples
Prompt provided by the customer and the response given by the assistant example
The following is an example of how a prompt entered into the assistant by a customer gets collected:
PYTHON
### User Request
index="*_cisco_firewall" "Session Type:*"
| stats count (eval(Authentication="rejected")) as fail count(eval(Authentication="successful")) as success by IP
| where fail > 5 AND success > 0
### Assistant's Response
Based on the user request, the SPL query should analyze the Cisco firewall logs from all indexes with names ending in "_cisco_firewall".
The query should filter the logs based on the presence of "Session Type:" and count the rejected and successful authentication attempts by IP address. The output should only include IP addresses with more than 5 failed attempts and at least 1 successful attempt.
Here is the SPL query:
...
index="*_cisco_firewall" "Session Type:*"
| stats count(eval(Authentication="rejected")) as fail count(eval(Authentication="successful")) as success by IP
| where fail > 5 AND success > 0
...
This query follows the SPL guidance provided in the instructions. It starts by selecting the appropriate data source using the`index`command. The`search`command is used to filter the logs based on the presence of "Session Type:". The`stats`command is used to count the rejected and successful authentication.SPL generated by the assistant is run in search example
The following is an example of if the generated SPL is run in search:
Assistant fails to provide results example
The following is an example of if the assistant is unable to provide results from the user prompt:
JSON
{ [-]
query: Tell me about the following SPL, whether it is valid in every way, and how it can be improved
response: Sorry, can you try rephrasing? Changing a word or two can generate a better result.
trace: { [-]
kinesis: { [-]
approximateArrivalTimestamp: 1727975013646
deliveryStreamArn: arn:aws:firehose:us-east-1:671568874969:deliverystream/dataeng-data-sc-splunk
sequenceNumber: 49655134549526570122125560322351985856941311528865366066
shardId: shardId-000000000003
sourceKinesisStreamArn: arn:aws:kinesis:us-east-1:671568874969:stream/dataeng-data-sc
}
lambda: { [-]
invokedFunctionArn: arn:aws:lambda:us-east-1:671568874969:function:dataeng-splunk-firehose-transform-sc:$LATEST
logStreamName: 2024/10/03/[$LATEST]ff089c4f182f4aa69de2b30dc9127cd0
timestamp: 1727975074574
}
ngx: { [-]
event_time: 1727975013
host: telemetry-splkmobile.dataeng.splunk.com
http_x_forwarded_for: 100.29.68.135,100.67.61.130
http_x_request_id: 0793723e-1d66-9a6a-972c-095bf9f01649
proxy_add_x_forwarded_for: 100.29.68.135,100.67.61.130, 127.0.0.6
request_id: a5868b1596b8039f4152874c7565d815
timestamp: 1727975013
version: 0.0.96
}
scs: { [-]
environment: prod
region: region-iad10
tenant: 46128259c744b8e01fd735a62500146cdda1d8a7b838a5054fa4f9e7fc3f2ce2
}
}
type: empty_retrieval_QA_LLAMA_INDEX
}Feedback submitted by user example
The following is an example of feedback submitted by a user:
Elapsed time to complete a request example
The following is an example of the elapsed time to complete a request in the assistant:
CODE
2024-10-08 16:03:34 UTC, Level=INFO, Pid=3351026, Logger=AsyncHttpJobs, File=jobs.py, Line=147, UUID="3319264e-73ae-40fd-a772-3c5ef8e6b109", message="Generation complete.", user="1803185961117335798"
2024-10-08 16:03:34 UTC, Level=INFO, Pid=3351026, Logger=AsyncHttpJobs, File=jobs.py, Line=140, UUID="3319264e-73ae-40fd-a772-3c5ef8e6b109", apply_time="7.87583", user="1803185961117335798"