Alexa, Ask Splunk...

If you were at .conf2017 last week, hopefully you saw some of the Amazon Alexa Experience booths placed strategically around the convention center; perhaps you got a chance to ask Alexa about conference details through one of the Echo devices.

I had the privilege of working on the skill powering those questions and answers, along with Zack Shainsky and others. In this blog post, I’d like to share how we did it, and how you can have the power of Splunk from the convenience of your living room through Amazon Echo devices.

Our work was built on the Talk to Splunk with Amazon Alexa app created by Damien Dallimore (and described in more detail in his blog post "Talk to Splunk with Amazon Alexa"). This app runs a Java server on your Splunk server that listens for requests from the Amazon Alexa service and responds with information from Splunk searches. Those requests from the Alexa service are initiated when you invoke your own Alexa skill from your Echo device. The process is thoroughly documented here, but I want to take you through a few of highlights of our project.

First, Zack stood up a Splunk server with Java and the Talk to Splunk with Amazon Alexa app. If you do this in your house with your own Splunk server (as I have in the past), you’ll also need to make sure there’s some kind of route into your Splunk server on port 443 with a publically accessible hostname or IP address. In my house, I set this up using a free dynamic DNS service over my standard residential (i.e. dynamic IP) cable Internet service. You can also do this with an AWS EC2 Splunk server instance (as we did).

Next, Zack had to create an Amazon Developer Console account (per the docs). Within that account, he used the Alexa Skills Kit to create a “.conf2017” skill. The initial setup of that skill includes linking it back to our Splunk server and configuring the crypto. This is perhaps the trickiest part of the whole enterprise, but if you follow the documentation—including the troubleshooting section—you should be able to manage this.

The app comes with a few basic “intents” to get you started. You can confirm this works by using your skill’s configured wake word (e.g., “Alexa, ask Splunk…”) followed by one of the built-in “utterances” associated with the intent. Try asking, “Alexa, ask Splunk what is Splunk?” for an amusing example.

The real fun and utility of this app, however, will only be unlocked once you create your own intents, utterances, and associated searches.

First, a little laymen’s version of the terminology:

• Intent – This is a way to group a set of questions (utterances) along with variables that you can pass through these questions. Each intent is mapped to a Splunk query.
• Utterances – A set of questions you can ask to get a response from Splunk. These can have placeholders or variables that can be passed to your Splunk search.
• Slots – These are the placeholders or variables you put into your questions and pass to Splunk queries. As Alexa skills work today, the values of these variables must be pre-defined through a list you provide to the skill.
• Mappings – This is a special json file that lives in the app where you can map intents to Splunk queries. This lets you pass the variables (from slots) as tokens to your Splunk search, define time ranges for search, and determines how and which field(s) in the search results gets passed back as the response from your Echo device.

For the .conf2017 Alexa Experience we had the following data sets to work with:

• Session data, including speakers, topics, roles, tracks, times, locations, etc.
• Mobile app data, including registration info for various sessions
• Static conference data, including locations of items and events, overall daily agenda, etc.

It was easy enough to index all of this into Splunk. We then played around with the data available and came up with a number of ideas around things that might be fun or useful to ask the Echo device at .conf2017, including:

• What is the most popular session?
• What’s going on at dot conf today / tomorrow?
• Where is the <party/store/keynote/etc.>?
• Who is giving the most talks at dot conf this year?
• When is <any speaker> speaking next?
• What’s a good session for an <architect/adminstrator/etc.>?

If you’re doing this at home, think about what kind of data you can get into Splunk and what would be useful to know from whatever room(s) you keep your Echo(s).

For example, in my house I have data about my cable Internet status (including modem signal strength, speed test data, and ping script results); I can ask my Amazon Echo, “Alexa, ask Splunk how the Internet is doing,” and get information back from Splunk about reliability and performance.

For each set of related questions we had to tackle, we needed to do the following steps. You can follow this as a general outline for creating your own Splunk-fed Alexa skill.

Step 1: Edit the intent_schema.json file from the app to define the new intent and any associated slots, if any.

Step 2: If the intent uses custom slots (e.g. speaker names), create a list of possible values (e.g. every speaker name).

Step 3: Create a list of utterances to go along with the intent. This part will require you to think of every possible way someone might ask the same question and list it out. Be sure to include a placeholder for any custom slots in the utterances.

Step 4: Create a Splunk search that returns the correct response for the intent. You can pass slot values to the search and pass field values back through the search results. Once you’ve got this figured out and tested, you can either save the search and configure the app’s mapping.json file to use the saved search, or you can put the search itself into the mapping.json file.

Step 5: Lastly, you need to edit the Interaction Model of your Alexa skill on Amazon’s developer portal with the new intent schema, custom slots, and utterances. This is most easily accomplished through some cut and paste from the files in the app’s alexa_assets directory.

Test everything out from the developer portal test page, or run it through your actual Echo device. If it works as expected, you’re good to go; otherwise, check syntax and typos until you’ve got it figured it out.

For added fun, we also decided to search the _audit index in Splunk to see how people were actually using the Alexa devices at .conf2017.

There are so many great possibilities to consider when you combine the machine data magic of Splunk with the impressive voice recognition and response powers of Amazon Alexa. Please let me know what you are doing or plan to do with Splunk and Alexa in the comments.

----------------------------------------------------
Thanks!
Andrew Dauria