Use Standalone VectorDB

Use Standalone VectorDB to run a vector search through a set of dashboards. The following processes are covered:

• Download embedder models
• Encode Splunk data into VectorDB
• Conduct Vector search

All the dashboards are powered by the fit command. The dashboards showcase Standalone VectorDB functionalities. You are not limited to the options provided on the dashboards. You can tune the parameters on each dashboard, or embed a scheduled search that runs automatically.

Download embedder models

Complete the following steps:

1. n the Splunk App for Data Science and Deep Learning (DSDL), navigate to Assistants, then LLM-RAG, then Querying LLM with Vector Data, and then select Manage your LLMs.
2. On the settings panel, select PULL from the Task drop-down menu and Embedder from Model Type.
3. In the Model Name field, enter the namespace of the Huggingface embedder you want to use:
   • For English, enter all-MiniLM-L6-v2
   • For Japanese, enter intfloat/multilingual-e5-large
   
4. Select Submit to start the download. You see an on-screen confirmation after the download is complete.
5. Confirm the downloads by going to JupyterLab:
   1. Select the JupyterLab link listed on the container management page.
   2. Navigate to app, then model, and then data.
   3. Make sure that a folder with the embedder namespace is created and contains all the model files as shown in the following image:
      

Encode Splunk data into VectorDB

Complete the following steps:

1. In DSDL, navigate to Assistants, then LLM-RAG, then Encoding data to Vector Database, and then select Encode data from Splunk.
2. On the search bar of the dashboard, search for the data that you want to encode. You have 2 options:
   • You can search for data stored in Splunk platform indexes and create a table.
   • You can use the inputlookup command to load a lookup table.
3. In Target Field Name enter the field name that contains data you wish to encode. For example, enter _raw for raw log events.

   The other fields in the search result are automatically added to the collection as metadata fields stored in plain text.

4. Create a unique name for a new Collection Name. If you want to add data to an existing collection, use the existing name.
5. For Embedder Name, choose Multi-lingual for non-English data. If you downloaded the embedder models, select Yes to use local embedders.
6. Select Encode to start encoding. A list of messages is shown in the associated panel after the encoding finishes.
7. Select Return to Menu and then select Manage and Explore your Vector Database. You see the collection listed on the main panel.

   It might take a few minutes for the complete number of rows to display.

   On this page you can also delete any collection.

   

Conduct vector search

Complete the following steps:

1. In DSDL, navigate to Assistants, then LLM-RAG, then Encoding data to Vector Database, and then select Conduct Vector Search on Splunk data.
2. In Collection Name, select an existing collection on which you want to search. Select the same embedder model that you used for encoding.
3. Select a number for the Number of Results to control the top N results.
4. Select Submit to proceed.
5. On the search bar, search for data to conduct vector search on. The result should be a table containing only the field you want to search on.
6. Select any data to conduct vector search against it. The top N results from the collection are listed in the panel, along with the metadata saved in the collection, as shown in the following image: