Overview, Availability, and Onboarding
Splunk AI Assistants are designed to help customers get more out of Splunk. Splunk AI Assistant for SPL (SAIA) is our new generative AI-powered chat experience that is designed to help new users learn and use SPL quickly. SAIA is powered by GPU-based cloud AI service and it uses natural language to write and explain SPL, in addition to answering product questions.
SAIA is available for Splunk Cloud Platform customers on AWS commercial stack in all regions. Details on latest stack availability are available in documentation.
The Splunk AI Assistant will work in compliance environments. However, it can not be used on FedRamp stacks or Splunk Free Trial stacks.
Customers need to follow the following steps to install and use the app. Here is the documentation to install the application.
- Review & Sign EULA - Customers will need to sign legal terms covering the app and its use. The link for the EULA is https://www.splunk.com/en_us/download/ai-assistant.html. Once signed, the splunkbase application will be unlocked by Splunk on Splunkbase.com and the customer will be sent an email to confirm. This process may take 72 hours to complete.
- Install SAIA - Customer will then install the Splunk AI Assistant for SPL application from Splunkbase or in product.
At this time, the SAIA application is only available to Splunk Cloud Platform customers. We are evaluating approaches that will enable us to bring SAIA to Splunk Enterprise customers in the future and will provide updates as soon as we have solidified plans.
The assistant supports English, Spanish, French, and Japanese.
Data collection and data privacy
SAIA collects different data depending on whether or not the customer has opted into usage data sharing and the personalization feature in the app settings . The usage data allows Splunk to improve the AI Assistant for SPL to provide better results in the future.
Opting in to the personalization feature allows SAIA to generate responses that are specific to the customer’s environment.
Customers can find details on how to share information and what is collected in Share data in Splunk AI Assistant for SPL
No. SAIA architecture is fully managed within Splunk’s infrastructure. We do not leverage external third party LLM services.
There are safeguards in place to protect customer data including administrative, physical and technical measures.
Beyond the information stated above, SAIA does NOT collect any data ingested into the customer’s Splunk instance. Ingested customer data continues to be treated in accordance with the Splunk General Terms.
Q: Can the assistant see my ingested data?
A: No, it can not see a customer’s ingested data.
Q: Can the assistant see any of my logs?
A: The application does not view any event information. It does not see logs.
Customers can help improve the quality of responses generated by SAIA by sharing certain data, as noted, with us. They can also provide feedback in the form of thumbs-up/thumbs-down along with additional feedback on assistant responses.
Customers can’t provide feedback unless they opt into sharing data.
Opting-in to the personalization feature allows SAIA to fetch additional metadata to understand the customer environment, and instead of generating generic SPL queries, generate queries in the unique context of their metadata, such as index, sourcetypes and field names. This improves the quality of the responses leading to improved productivity.
Q: If the customer has previously opted out of data sharing and wants to opt in, what should they do?
A: The option to share usage data is in the Settings tab. Data collection starts once the option is selected.
Q: If the customer has previously opted-in to data sharing and wants to opt out, what should they do?
A: The option to share usage data can be turned off in the app settings. Once a customer opts out, data collection stops, but the previously collected data remains.
Q: If the customer has previously opted out of personalization and wants to opt in, what should they do?
A: The option to opt-in to personalization is in the Settings tab. Data collection starts when the option is selected.
Q: If the customer has previously opted-in to personalization and wants to opt out, what should they do?
A: The option to opt-in to personalization can be turned off in the app settings. Any metadata collected to personalize will be deleted within one week.
Data is stored in accordance with the Responsible AI for SAIA guidelines.
There are no mechanisms to review data provided by customers.
SAIA Product Architecture
SAIA for SPL is using open source pretrained LLMs that are fine tuned with our own domain specific data and further augmented with RAG. The models are ours and not from a third party. We use multiple models, choosing the best ones to deliver the best outcomes for the specific tasks.
The model is trained on open source and hand crafted data.
The model goes through rigorous internal evaluation for quality and is constantly being improved based on feedback. See more details on guardrails in the product docs here.
SAIA Pricing
SAIA is currently free for a limited time. Customers will be notified of pricing structure at least 30 days before pricing will go into effect.
Customers on workload pricing will see little to no impact on SVC consumption while using the assistant. User prompts and generative AI results run within services hosted on Splunk Cloud Platform (SCP), not within the customers Cloud stack. However, a primary use of the Assistant is to generate SPL which can then be executed as a search. For the 1.0 release and higher, SPL generated by the Assistant will require a separate step to “open in search”. Searches executed in the Search app will work like any other Splunk search, and will consume SVC resources accordingly.
For the 1.1 release and higher, if the customer opts-in to the personalization feature, some scheduled searches will be executed on the customer’s stack to collect the metadata needed to personalize the results. These will consume SVC like any other scheduled searches.
SAIA Product Development and Roadmap
When a customer enters a prompt into the assistant and a response is generated, the application also provides the customer an opportunity to provide feedback. This is only available to customers who have opted into data sharing.
If the customer selects the “thumb down” they will further be given a chance to provide more details. This data will be sent and stored by Splunk only if the customer has opted into data collection.
Enhancements and feature request for the Splunk AI Assistant for SPL should be added to ideas.splunk.com
Please reach out to your account manager for this discussion.
Chat Service Alternatives
SAIA is a secure option for customers looking for SPL assistance without sharing private company data with third party LLM services. Instead, their data is kept within their secure Splunk environment. Additionally, if the customer opts in to the personalization feature, SAIA can generate responses that are unique to the customer environment that can be more accurate than generic responses from third party LLM services.
See how we use your data above and explore Splunk Protects for full details on data privacy in Splunk.
