Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk AI Assistant is only supported on Splunk Cloud

Alkern
Engager
Wednesday

Guys need help,

We have successfully installed the Splunk AI Assistant application on our Search Head. However, we are still encountering the following alerts during initialization:

  • “Failed during initial setup. Please contact Splunk Support.”
  • “Splunk AI Assistant is only supported on Splunk Cloud.”

What is confusing is that the application appears to work normally when installed on the Heavy Forwarder environment, while the same setup on the Search Head continues to show these messages.

Could you please help clarify:

  • Whether Splunk Cloud licensing/subscription is actually required for AI Assistant functionality
  • If there are known limitations for on-prem Splunk Enterprise Search Heads
  • Why the application would function on the Heavy Forwarder but trigger the Cloud-only warning on the Search Head
  • Whether there are additional configurations or dependencies required on the Search Head side

For reference, we have attached a screenshot of the issue observed on the Search Head & Heavy Forwarder.

Search Head :

Alkern_0-1779330187957.png

Heavy Forwarder :

Alkern_1-1779330225718.png

 

 

Labels (1)
Labels
0 Karma
Reply

edoardo_vicendo
Builder
Thursday

Hello,

It seems it requires a connection to Splunk Cloud:

https://help.splunk.com/en/splunk-cloud-platform/search/splunk-ai-assistant/2.0.0/install-and-config...

You do not need to be a Splunk Cloud customer in the sense of hosting your Splunk environment in Splunk Cloud, but you do need Splunk’s cloud-connected AI service and activation.

You should check this with your Splunk Account Sales/Engineer.

Best Regards,
Edoardo

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
Thursday

Hi @Alkern  Could you pls suggest your 

1) Splunk on-prim search head version

2) Splunk AI Assistant version

3) Are you using Splunk Trial license?

0 Karma
Reply

Alkern
Engager
Thursday

@inventsekar

Thank you for your assistance on the previous post.

Our current environment details are as follows:

- Splunk Enterprise Version: 10.0.2
- Splunk AI Assistant (SAIA) Version: 2.0.0
- Deployment Type: Splunk Enterprise Security On-Prem

We are not using a Splunk trial license.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
Thursday

Hi @Alkern 

As per the documentation, Splunk AI assistant is supported on Splunk Enterprise Security(OnPrim). 

Maybe pls check the audit logs:

index=_audit sourcetype=splunk_ai_assistant_chat_log
OR
index=_audit sourcetype=splunk_ai*

 As it says "Failed during initial setup. Please contact Splunk Support", I think it is better to contact the Splunk Support. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...