ChatGPT and Splunk

In those creative days where every conversation with great friends can turn into fun projects to solve, we had been discussing the advantages of AI and how it can enhance daily tasks. In the middle of that conversation, the topic of Splunk came up, among many other tools that have a lot of documented information for their use. It was at that moment that the idea of integrating ChatGPT with Splunk came to my mind to make a easier access to the documentation, and I found it funny to do.

I shared this idea with my friends, and after some laughter and discussions, the only option was to give it a try. I set up a linux VM, installed Splunk 8, and created an app called "ChatGPT for Splunk". Then, I went to PyCharm and remotely connected the recently created app in Splunk, and that's it, playtime!

With the help of OpenAI's documentation, I wrote a small Python script that establishes the communication and uses the "Davinci" algorithm from GPT-3, developed by OpenAI. This model is known for its great capacity to understand natural language. After make Python unit tests and understanding how the OpenAI API works, we moved on to Splunk.

In Splunk, I had to make sure to maintain the necessary packaging settings and formats to upload the application to SplunkBase, besides connecting the search bar with Python. For this, I used the Python library "splunk.Intersplunk", which is necessary to read parameters from the Splunk search bar and pass them to Python as execution arguments. Therefore, I process the query and return the result to Splunk as if it was an event.

The "ask" command was also created to execute our Python code and obtain a coherent response using Davinci.

That's it! Now it's time to package the app and install it in a testing environment, searching to replicate the user experience, downloading, installing, configuring, and using the app.

Finally, it's worth mentioning that once you obtain your OpenAI API key, you should register it in the "api_key.conf" configuration file located within the same app, in the "default" directory.

1 Comment

  1. After reading the article of JP Engineer about ChatGPT and Splunk I must say that I’m impressed about how productive a simple friend’s talk can turn out to be. I think that one of the benefits about this integration is the potential for this to improve the learning and use of Splunk.By using a chatbot powered by ChatGPT and Splunk, I think that users can quickly and easily access information about Splunk and its various features . This can help to streamline the learning process and reduce the time and effort required to become proficient in using Splunk. Additionally, the chatbot can provide users with real-time assistance and support, allowing them to troubleshoot issues and solve problems more efficiently.
    However, we must acknowledge that these tools are not almighty. We should always double check for ourselves the information provided by these tools.
    That being said, I’m really impressed about the creativity of JP Engineer and what he can create with it. Congratulations, Juan Alejandro. I’m hoping to be part of one of these talks and maybe, who knows what can come about that.

Leave a Comment