When you interact with the Splunk Assistant, Splunk may use your chat history (including inputs and outputs), context data collected from your environment as noted in this section and updated from time to time, and in-product feedback you give to develop and improve the assistant, including for Splunk research and development which may include training our models.
If you do not want to share data to be used for these purposes, you may toggle this collection off in Settings tab of the app.
How to opt in or out of sharing data for research and development
Data sharing is turned on by default. You can turn data sharing off from within Splunk AI Assistant for SPL on the Settings tab of the app. Deselect the box next to "Share my data with Splunk" as shown in the following image:
What data is collected
Splunk AI Assistant for SPL collects different context data depending on if you opt-in to share data and opt-in to participate in the personalization feature preview available with version 1.0.5 of the assistant.
In addition to your chat history, including inputs and outputs, and in-product feedback, Splunk AI Assistant for SPL collects the following context data:
| Component | Description | Example |
|---|---|---|
app.Splunk_AI_Assistant
|
Information including type, tenant, query, enabled_features, and request_id. | {
'type': 'inference_spl_generation',
'tenant': 'saia-stg-custom',
'query': ' SAIA has expert knowledge of the Splunk platform and Splunk...',
'enabled_features': "['customization']",
'request_id' : c88bbad8-92ab-4851-ac5f-b417b984f53c
}
|
app.Splunk_AI_Assistant
|
Information including tenant, and type. | {
'type': 'customization_opt_in',
'tenant': 'saia-stg-custom'
}
|
app.Splunk_AI_Assistant.splgen
|
Collects the chat_id. | {
....
'chat_id': 4
}
|
app.Splunk_AI_Assistant.splgen.feedback
|
Information including enabled_features, feedback_id, and query. | {
enabled_features : ['customization']
feedback_id : '4e618319-2276-4ae7-9436-ab2713735629'
query : 'List available indices'
}
|
app.Splunk_AI_Assistant_Cloud.splgen
|
Logging from Splunk AI Assistant for SPL Splunk app REST handlers. | 2024-05-27 16:26:25 UTC, Level=INFO, Pid=1063271, Logger=ChatHistoryHandler, File=chat_history_handler.py, Line=43, UUID="34547aed-648c-4d3f-b2ce-f1ce066a57ad", message="Handling chat history request" |
app.Splunk_AI_Assistant_Cloud.splgen
|
Generation time (e2e time from request start to end). | 2024-05-24 18:05:50 UTC, Level=INFO, Pid=2248783, Logger=AsyncHttpJobs, File=jobs.py, Line=87, UUID="4475f233-2559-42ee-b7ff-c2891ae0d549", apply_time="2.16974", user="haydn" |
app.Splunk_AI_Assistant_Cloud.splgen.openinsearch
|
When the user clicks on the "Open in Search" button for some generated SPL. | {
"data": {
"_time": 1688763330,
"_sourcetype": "splgen_feedback",
"session_id": "1dd4af3e-a567-4d68-a491-75964913d868",
"spl": "'| rest splunk_server=local /services/cluster/master/peers | stats sum(bucket_count) by label | rename label as peer'",
"user": "<hashed username>",
"_kv": 1,
"_serial": 0 }
}
|
app.Splunk_AI_Assistant_Cloud.splgen.usage
|
Feedback submitted by users with thumbs up/thumbs down/additional details UI in app. | {
"data": {
"_time": 1688763330,
"response": "'Concise Summary:\nThe query retrieves the total number of buckets per peer in a Splunk cluster.\nDetailed Explanation:\n- `| rest splunk_server=local /services/cluster/master/peers`: This part of the query uses the REST command to access the local Splunk cluster master'",
"_sourcetype": "splgen_feedback",
"session_id": "1dd4af3e-a567-4d68-a491-75964913d868",
"query": "'| rest splunk_server=local /services/cluster/master/peers | stats sum(bucket_count) by label | rename label as peer'",
"correct": "true",
"_kv": 1,
"_serial": 0 }
}
|
Personalization preview
The following context data is collected if you opt-in to participate in the personalization feature preview.
This data is collected using 2 saved searches bundled with the assistant. These searches are only enabled if you opt-in to the personalization preview:
- Splunk AI Assistant for SPL - Field Summary
- Splunk AI Assistant for SPL - Search Logs
Collected data is stored in the vector DB, and a cleanup job runs weekly to delete this information if you decide to opt-out of this personalization preview at a later date.
| Component | Description | Example |
|---|---|---|
app.Splunk_AI_Assistant.index_metadata
|
Sourcetype metadata. | {
"tenant": "caeinternal1",
"index_metadata": "[{ 'max': '2846', 'min': '0', 'mean': '2.054869684499314', 'count': '3645', 'field': 'duration_command_search_rawdata', 'index': 'main', 'sourcetype':'audittrail', 'stdev': '51.19505709576045', 'is_exact': '1', 'distinct_count': '33', 'numeric_count': '3645', 'is_numeric': True}]"
}
|
app.Splunk_AI_Assistant.previous_searches
|
Previous searches. | {
"tenant": "saia-play-custom",
"searches": [
{
"user": "admin",
"spl": "| search index=\"_internal\" sourcetype=\"splunk_ai_assistant-3\" | fieldsummary | eval index=\"_internal\", sourcetype=\"splunk_ai_assistant-3",
"count": 1,
"roles": ["admin" , "mltk_model_admin"]
},
{
"user": "admin",
"spl": "| search index=\"_introspection\" sourcetype=\"splunk_telemetry\" | fieldsummary | eval index=\"_introspection\", sourcetype=\"splunk_telemetry\"",
"count": 1,
"roles": ["admin" , "power_user", "mltk_model_admin"]
}
]
}
|
Data retention
Data shared as outlined in this section is retained as set forth in the Splunk Data Retention Policy.
If you opt-in for the personalization feature preview available with version 1.0.5, that collected data is stored in the vector database. If you opt-out of this personalization preview at a later date, a cleanup job runs weekly to delete any collected data.
| Using Splunk AI Assistant for SPL | Share data in Splunk AI Assistant for SPL examples |
This documentation applies to the following versions of Splunk® AI Assistant for SPL: 1.0.5
Download manual
Feedback submitted, thanks!