Platform: Splunk Search & New SPL Innovations - 11/21/24

Community Office Hours
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Platform: Splunk Search & New SPL Innovations - 11/21/24

Platform: Splunk Search & New SPL Innovations - 11/21/24

1 Comment
Community Office Hour Cover Images copy 3.png
Published on ‎10-02-2024 01:06 PM by Splunk Employee | Updated on ‎01-15-2025 01:33 PM

Register here. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics.

 

In this special session on "Splunk Search & New SPL Innovations", Splunk experts kick us off with a round-robin to showcase the latest innovations in search, such as the Splunk AI Assistant for SPL app, Federated Search for Amazon S3, and SPL2.

 

What can I ask in this AMA?

  • How can I reduce my skipped searches?
  • How do I translate my question into SPL?
  • How can I optimize this search query so it runs faster?
  • How do I set up federated search for Splunk?
  • What are the advantages of using federated search for Amazon S3?
  • How do I convert my SPL into SPL2?
  • My search is not displaying properly, how do I fix it?
  • How do I create an alert/visualization/dashboard from my search?

 

Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here)

 

Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.

 

Look forward to connecting!


Labels (2)
0 Karma
adepp
Splunk Employee
Splunk Employee
‎12-16-2024 11:40 AM
‎12-16-2024 11:40 AM

Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel):

 

Q1: What are the advantages of SPL2 and how is it different from SPL?

  • SPL2 takes the best of SPL (while maintaining backwards compatibility)
  • Adds support for SQL-style syntax and developer concepts found in other languages like Java and Python. 
  • SPL2 supports streaming data and batch search in Splunk Enterprise / Cloud
  • SPL2 also introduces programming concepts for developers & admins
  • SPL2 Documentation

Q2: How does Splunk manage data privacy with the AI Assistant? What data is shared and how is it used?

  • The assistant cannot “see” the data you have indexed in your environment. This data is protected and secured by Splunk’s General Terms
  • Customers can “opt out” of sharing data with Splunk within the app used for R&D
  • The AI Assistant for SPL does not leverage or send your data to 3rd party services or APIs like OpenAI to complete inference
  • The AI Assistant fully honors your RBAC because it does not execute SPL on behalf of a user, it routes users to search & reporting where RBAC and workload management are fully honored
  • AI Assistant FAQ page

Q3: Is the AI Assistant for SPL conversational?

  • Conversationality involves users providing follow-up questions/prompts within a single chat thread.
  • Conversationality is not inherent to LLMs and must be coded into the Generative AI application.
  • The Write SPL feature is conversational today; however in upcoming release 1.0.5, the engineering team has made significant improvements to the assistants conversational capabilities.

 

Other Questions/Topics (check the #office-hours Slack channel for responses):

  • Favorite innovations in search
    • Splunk AI Assistant for SPL app
    • Federated Search for Amazon S3
    • Splunk Search Processing Language 2 (SPL2)
  • New SPL innovations are only for Cloud? What about on-prem?
  • How can I find the root cause for skipped searches, when the reason is: "The maximum number of concurrent running jobs for this historical scheduled search on this instance has been reached"
  • Is there a cost to use the AI assistant? And how does it impact my SVC utilization?
  • What’s the pricing on Federated Search for Amazon S3?
  • Create JIRA ATLASSIAN Dashboard using Splunk
0 Karma
Top