Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

API call to Splunk AI Assistant

pruthviraj_k_m
Explorer
yesterday

Hi all, 

We want to build a playbook with the help of HTTP request which basically tries to prompt the Spunk AI Assistant through API call. Do we have scope for that making use of Splunk AI Assistant API endpoint? I am not sure about the API endpoint that we need to refer for calling it with our own custom code with prompt as payload.

Thank You!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
yesterday

@pruthviraj_k_m I am sure that once the events ends up in Mission Control then you can use the AI assistant to summarise. If you need this done before that, or during execution then you will likely need to develop something to communicate with an external AI API. 

Splunk docs do point to more agentic AI in the future but until then I think this is the only way. 

----- If this helped please add Karma. If it resolved the issue please mark as a solution for others. Happy SOARing!! -----

View solution in original post

Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
yesterday

@pruthviraj_k_m I am sure that once the events ends up in Mission Control then you can use the AI assistant to summarise. If you need this done before that, or during execution then you will likely need to develop something to communicate with an external AI API. 

Splunk docs do point to more agentic AI in the future but until then I think this is the only way. 

----- If this helped please add Karma. If it resolved the issue please mark as a solution for others. Happy SOARing!! -----

Reply
Solved! Jump to solution

pruthviraj_k_m
Explorer
yesterday

Thanks @phanTom .

I will try sending HTTP request with the help of HTTP app that we have in splunk SOAR and call the external AI.

0 Karma
Reply
Solved! Jump to solution

phanTom
SplunkTrust
SplunkTrust
yesterday

@pruthviraj_k_m I don't think there is an API that you can use for the Splunk AI Assistant, at least from what I can see online. 

Usually AI is interacted with via an MCP Server, which there is a Splunk app for. 

The other option is to wait for an app to be developed as I highly suspect one will, but as for timelines I have no idea. 

What would you be interacting with AI for in a playbook? Triage/Decisions/Summarisation/Other?

Reply
Solved! Jump to solution

pruthviraj_k_m
Explorer
yesterday

Hey, thanks @phanTom .

Yes, we are actually trying to summarize the findings and use that as a description while creating the tickets or may be summarize the resolution notes or closure notes added by the analyst and update the same in other tools like Defender, Ticketing tools if we have corresponding alerts or tickets created for the splunk notables.

If splunk develops a separate connector (app) for Splunk AI assistant to use in SOAR playbooks that would be definitely helpful.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...