AI integration with Splunk- How can I encapsulate ...

Marino25 · ‎05-16-2023

Hello,

I am working on a project to integrate Splunk with a LLM model. I have created an app that search vulnerabilities within source code and report back findings as well as the modified source code with the corrected findings.

Now, here's my issue, it works for JavaScript, Java, PHP, and many others, but at the moment I upload Python or Simple XML, the system cannot process it as it is thinking is part of the actual dashboard code.

My question is, how can I encapsulate the token value example: '$SourceCode_Tok$' for the system to interpret it correctly as external code to be analyzed.

Thank you all!

syaganti · ‎07-30-2024

I'm hoping you've found a solution. I'm working on a similar project where I created an app in splunk/etc/apps/my-app with a .py file in the bin folder and a .conf file in the default folder. Initially, when I ran the command <| mycommand "hello"> in Splunk, it outputted a response that I had hardcoded in my .py file. However, after updating the script to generate responses via a large language model, I started encountering the following error.

Error in 'mycommand' command: External search command exited unexpectedly with non-zero error code 1.

The search job has failed due to an error. You may be able view the job in the Job Inspector.

Please help me with this.
Thanks in advance

#splunk #LLM's

AI integration with Splunk- How can I encapsulate the token value example: '$SourceCode_Tok$' ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation