icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading OpenIntelligence Natural Language Interface App
SHA256 checksum (openintelligence-natural-language-interface-app_102.tgz) 3dd661028c20a1bbb53c7a32a0ab806e0caa9624858e6228feb2ff47c43f0aca SHA256 checksum (openintelligence-natural-language-interface-app_101.tgz) 2c13763a798022c6094b1517327b1e501c4a4bfbb58d6c636fd8834c1a090d60
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

OpenIntelligence Natural Language Interface App

Overview
Details
The OpenIntelligence Natural Language Interface Splunk App (openintelligence-nli-app) allows both novices and experience Splunk users to search for information or define complex correlation rules using natural language statements.
The interface uses an entity driven approach (e.g. devices or accounts) to incrementally build complex natural language queries (a subset with a very precise and unambiguous semantic) and translate them to the Splunk SPL query language.
These entities also help to identify suitable queries and automatically generate joining attributes between different event types.
This initial version of the App offers two different natural language wizards. Later version will complement these wizards with a natural language search bar.
For additional documentation or access to the latest version of this app, please visit https://openintelligence.com.au/openintelligence-nli-app. You could get information about the licenses to the associated Natural Language Rules Engine (including our trial license) at https://openintelligence.com.au/licenses

Introduction

Welcome to the OpenIntelligence Natural Language Interface for Splunk.
Our natural language interface allows both novices and experienced Splunk users to search for information or define complex correlation rules in their own language.
The interface uses an entity driven approach (e.g. devices or accounts) to incrementally build complex natural language queries (a subset with a very precise and unambiguous semantic) and translate them to the Splunk SPL query language. These entities also help to identify suitable queries and automatically generate joining attributes between different event types.
This initial version of the App offers two different natural language wizards. Later version will complement these wizards with a natural language search bar.
For additional documentation or access to the latest version of this app, please visit openintelligence-nli-app or visit the public github project openintelligence_nli_app.

Technology

The OpenIntelligence Natural Language Interface for Splunk enables any end user to create plain English queries, avoiding the need to learn the Splunk Processing Language (SPL). The patented (pending) OpenIntelligence Natural Language technology parses these English queries to logical expressions specifying their full semantic (i.e. meaning including intent and context) on the fly and then translate these logical statements to optimized SPL queries. This approach enables the user to select/confirm a very precise meaning for each query and generates highly efficient queries, accurate results, and powerful visualizations.

Dependencies

This app has the following dependencies:
- Licensed access to the Rest API of an OpenIntelligence Natural Language Rules Engine instance. This REST API provides access to our sophisticated Rules Engine and its capability to translate natural language statements to Splunk queries.
- The Webtools Add-on. This Add-on includes a curl command and is used to access the Rest API above. This Add-on may be downloaded at Webtools Add-on.

Our App works best when the Splunk Common Information Model App (Splunk_SA_CIM) is installed. This App is available at Splunk_SA_CIM.

Rest API Licenses

OpenIntelligence offers three different Rest API/SW licenses:
- A Trial Licence provides temporary access to the Rest API of our Rules Engine development instance. The trial license is for evaluation purposes only and provides limited functionality.
- A Shared Production License provides access to the Rest API of our shared Rules Engine Production instance and includes OpenIntelligence standard support.
- A Custom Production Licence provides access to a dedicated and customized Rules Engine Production instance with several hosting and support options.
Please visit licenses for more details and how to request any of these licences.

Install Instructions

This App depends on a valid Rest API license that will provide you with the Rules Engine URL (host/port) and initial user credentials (user/password).
Please Install the App and above dependencies and then configure the apps macros oi_host, oi_port and oi_user with the values provided by your license (remember to insert all values between double-quotes).
You will also need to setup a user and password in passwords.conf (please follow the template provided in the default folder) and reload the settings (e.g. restart the server).
The password may be entered in plain test or encoded ("encrypted") using Splunk standard encoding of credentials.
To obtain an encoded version of your password, please run the following command in your Splunk instance:
For NIX instances:
/opt/splunk/bin/splunk show-encrypted --value YOUR_PLAIN_TEXT_LICENSE_PASSWORD
For Window instances:
C:\Program Files\Splunk\bin> .\splunk.exe show-encrypted YOUR_PLAIN_TEXT_LICENSE_PASSWORD

This App includes two saved searches: CacheEntities and CacheEvents that synchronize cached entities and events with their latest definition in the Rest API server.
If you have installed the latest version of the Splunk App you will only need to run theses searches each time a new version of the Rest API has been released (we will notify you of any release date in advance). Alternatively, you could download the latest version of this App that will include updated versions of cached entities and events.
For Customized Production instances is recommended to schedule both searches to run daily or maybe more often depending on the frequency of your changes to the entities, data-models and events tables.

Available Versions

The trial and shared versions of the rule engine generate both simple and complex correlation and statistical queries that could be run in any platform where the CIM Model App is available. They also generate queries using some common events like Windows events (you will not need the CIM Model App in this case).
Custom versions extend these capabilities with optimized queries using organisation specific data-models, events, and lookups. It also enables the organizations to extend the product natural language capabilities by defining new entities, adjectives, verbs, and adverbs.

Main Menu

  • The Event Wizard enable building simple and complex correlations and statistical operations over CIM data-models/common events.
  • The Entity Wizard extends the Event Wizard with entities (e.g. device, account) driving the generation of the natural language statements.
  • The search option give you access to Splunk standard search bar (to be replaced by a natural language search bar in the next version of this tool).
  • The Entities Mapping displays list of identified entities and their mapping to local lookups/queries (to update available entities and associated mappings you will need a valid Custom licence).

Troubleshooting

If the Webtools Add-on is not installed or the App is unable to connect to a licensed OI-Rest API, the App will return an error message.
If the Splunk_SA_CIM App is not installed, many of the generated queries will not be able to be executed in this Splunk environment (but they could be copied to run in other environments where this App is available).

Feedback/Support

This is an open source App, no official support is provided but please feel free to drop us an email to info@openintelligence.com.au or visit our contact-us page if you have any problem, question or suggestion.
Shared and Custom Rest API licenses include standard support for this App.

Disclaimer

This App is released under the GNU GENERAL PUBLIC LICENSE and is provided on an “as is” and “as available” basis.
Open Intelligence does not give any warranties, whether express or implied, as to the suitability or usability of the App beyond the ones included in any valid Rest API Licenses assigned to you.

Release Notes

Version 1.0.2
Aug. 28, 2021

Version 1.0.2

This is the second update for the OpenIntelligence Natural Language Interface for Splunk (openintelligence_nli_app).
Changes include:
* Fixing images sizes, app.manifest and other changes required by AppInspect.

Version 1.0.1

This is the first update for the OpenIntelligence Natural Language Interface for Splunk (openintelligence_nli_app).
Changes include:
Display of Rest API version in both wizards.
Updates to CacheEntities and CacheEvents saved searches.
Fixing files permissions and other changes required by AppInspect.
Release of associated public github project openintelligence_nli_app.

Version 1.0.0

This is the first production release of the OpenIntelligence Natural Language Interface for Splunk (openintelligence_nli_app).

Version 1.0.1
Aug. 28, 2021

Version 1.0.1

This is the first update for the OpenIntelligence Natural Language Interface for Splunk (openintelligence_nli_app).
Changes include:
Display of Rest API version in both wizards.
Updates to CacheEntities and CacheEvents saved searches.
Fixing files permissions and other changes required by AppInspect.
Release of associated public github project openintelligence_nli_app.

Version 1.0.0

This is the first production release of the OpenIntelligence Natural Language Interface for Splunk (openintelligence_nli_app).

0
Installs
13
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.