Get Operational Insights Quickly with Natural Language on the Splunk Platform

Here are a few top of mind questions from the live Tech Talk

Q. Is this only available for Splunk Cloud, or is it available for a Splunk Enterprise deployment, and if so, is there a minimum version level , for example: 9.4.x ?

A. As long as you are on a version in which you can install a Splunk base application, it will work.

Q. Is the AI assistant available for Splunk On Prem as well?

A. Yes, with the v1.3.0 release Splunk Enterprise customers can use AI Assistant.

Q. How to navigate to NLP section Splunk SaaS?

A. The question how to access the AI Assistant in Splunk Cloud, you can install the AI Assistant for SPL application on your deployment and access it through the application. At .conf the assistant will be available inside the Search & Reporting app for even easier access.

Q. A security concern would be that other's are know the naming convention of my environment and that information is protected because essentially that is enumeration. How is that protected and how is that specifically unavailable to others?

A. All the personalization metadata (including the naming convention of the environment) is only used for inferencing. In other words, the only place where this data is used to improve the response quality for users of your deployment. None of this data is fed back into the model in any way.

Q. These AI assistant capabilities be available through APIs?

A. Yes,  not only as APIs, but they will also be available in the MCP server, very shortly. So yeah, stay tuned for that update.

Q. Can MCP be used for the on Prem installation? 

A. It is available for Splunk Cloud customers today, support for Enterprise customers is coming very shortly.

Q. Are the user prompts available in the internal logs?

A. If you are talking about the chat history in the AI Assistant, they are currently not present in internal logs but I expect it to be there in the next release.

Q. What safeguards are in place to prevent exposing our proprietary data?

A. Splunk's AI Assistant for SPL employs several safeguards to protect proprietary data: it processes all inferences within Splunk Cloud services, meaning your actual data never leaves Splunk's "four walls" or goes to third-party AI providers. For personalization, it only collects metadata (like index names, field names, and search queries) about the shape of your data, not the sensitive content itself, and this metadata sharing is an opt-in feature with configurable controls. Additionally, the system honors existing Role-Based Access Control (RBAC) and includes guardrail checks to prevent prompt injection and ensure secure interactions.

Q. Here is a good lantern article for the use-cases for AI Assistant for SPL:

A. Implementing key use cases for the Splunk AI Assistant for SPL.

Q. Are there currently no plans to charge for MCP like SAIA?

A. No plans to charge at the moment or in the near future.

Q. Do the Splunk Admins, have the ability to add to the prompt engineering rules?

A. Not at the moment but there are a couple approaches to it, those examples are in the recording.

Q. Is it available for Splunk Cloud on GCP?

A. Not at the moment, it is coming to Azure regions around conf timeframe and GCP will be next.