Splunk® App for Data Science and Deep Learning

Use the Splunk App for Data Science and Deep Learning

Use Standalone VectorDB

Use Standalone VectorDB to run a vector search through a set of dashboards. The following processes are covered:

All the dashboards are powered by the fit command. The dashboards showcase Standalone VectorDB functionalities. You are not limited to the options provided on the dashboards. You can tune the parameters on each dashboard, or embed a scheduled search that runs automatically.

Configure embedding models

Complete the following steps:

  1. Make sure that you have configured the embedding service on the Setup LLM-RAG (optional) page prior to spinning up the container. If you haven't, finish the configuration and restart the container.
  2. When configuring the embedding service, specify the output dimensionality of the model in the Output Dimensions field.

    If you have downloaded local Huggingface embedding models, add the prefix /srv/app/model/ to the Embedding Model Name of your choice.

    This image shows an example Embedding Model panel.

  3. To download a Huggingface embedding model prior to the configuration, navigate to Assistants, then LLM-RAG, then Querying LLM, and then select Local LLM and Embedding Management.
  4. On the page, select PULL from the Task drop-down menu and Huggingface from Service Type and input the model name.
  5. Select Submit to download the embedding model locally. This image shows an example of configuring embedding models with Huggingface.

Encode data into a VectorDB

Complete the following steps to encode Splunk platform data into a VectorDB:

  1. In DSDL, navigate to Assistants, then LLM-RAG, then Encoding data to Vector Database, and then select Encode data from Splunk.
  2. On the search bar of the dashboard, search for the data that you want to encode. You have 2 options:
    • You can search for data stored in Splunk platform indexes and create a table.
    • You can use the inputlookup command to load a lookup table.
  3. In Target Field Name enter the field name that contains data you wish to encode. For example, enter _raw for raw log events.

    The other fields in the search result are automatically added to the collection as metadata fields stored in plain text.

  4. Create a unique name for a new Collection Name. If you want to add data to an existing collection, use the existing name.
  5. For Vector Service and Embedding Service, choose the services you have enabled in the Setup LLM-RAG (optional) page.
  6. Select Encode to start encoding. A list of messages is shown in the associated panel after the encoding finishes. This image shows an example of the Encode Data from Splunk page.
  7. Select Return to Menu and then select Manage and Explore your Vector Database. You see the collection listed on the main panel.

    It might take a few minutes for the complete number of rows to display.

    On this page you can also delete any collection.

    This image shows an example of a Vector Database Collection Management page. From this page you can manage your stored vector databases and delete any collection as needed.

Conduct vector search

Complete the following steps:

  1. In DSDL, navigate to Assistants, then LLM-RAG, then Encoding data to Vector Database, and then select Conduct Vector Search on Splunk data.
  2. In Collection Name, select an existing collection on which you want to search. Select the same vector service and embedding service that you used for encoding.
  3. Select a number for the Number of Results to control the top N results.
  4. Select Submit to proceed.
  5. On the search bar, search for data to conduct vector search on. The result should be a table containing only the field you want to search on.
  6. Select any data to conduct vector search against it. The top N results from the collection are listed in the panel, along with the metadata saved in the collection, as shown in the following image: This image shows an example of a Vector search on Splunk data.
Last modified on 26 July, 2025
Use Standalone LLM   Use Document-based LLM-RAG

This documentation applies to the following versions of Splunk® App for Data Science and Deep Learning: 5.2.1

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters