Adjutant AI (AI Workbench) app icon

Adjutant AI (AI Workbench)

A workbench for Splunk, not just a chatbot. Analyse, correlate and build across SPL, dashboards, alerts, AI Toolkit / MLTK, ES, ITSI and TrackMe through tools that understand each one — plus any MCP server you add. Pick your LLM: Anthropic, OpenAI, Azure, Groq, Gemini, Bedrock, Ollama, OpenRouter. Multi-tenant, multi-tier (Free, Pro, Enterprise, MSP).

splunk product badge
screenshot
screenshot
screenshot

Default Version 1.8.4
July 9, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.4, 9.3
Rating

0

(0)

Log in to rate this app
Support
Adjutant AI (AI Workbench) support icon
Developer Supported app
Ranking

#36

in Artificial Intelligence
Adjutant AI (formerly AI Workbench) is a generative workspace for Splunk — not a chatbot bolted onto search, but a real workbench where you investigate, analyse and build with tools that understand Splunk. It is a host shell: it has no use-cases of its own, deriving everything from the Splunk app a user opens it from and their roles. Install once on the Search Head, then embed it in the apps your users already live in — Search, ITSI, Enterprise Security, your SOC and MSP customer apps. The same engine renders a different experience per app and writes outputs into that app's namespace. Users never leave the app they came from. Ask in plain English. Get back validated SPL searches, Simple XML and Dashboard Studio dashboards, alerts, lookups, reports and Splunk AI Toolkit (MLTK) machine-learning pipelines — grounded in your running Splunk (your knowledge objects, live command syntax, CIM models), run for real before they are saved, as normal Splunk knowledge objects owned by the calling user. The depth is the difference. Where a generic MCP-only assistant talks to Splunk through one broad door, Adjutant AI ships fine-grained, Splunk-aware tools across Core, Enterprise Security, ITSI, TrackMe, ServiceNow and the AI Toolkit, each scoped to one job and run under your existing Splunk ACLs. Extend it with HTTP tools or any MCP server. New in 1.8.0 — your SOC can watch the agent. Adjutant AI emits its own activity — LLM calls, tool/MCP/ServiceNow calls, config changes, unattended run verdicts and policy refusals (the proof the controls fire) — as open-standard OCSF events to a Splunk index Enterprise Security already watches, mapped to CIM via the OCSF-CIM Add-On. On-prem, no cloud egress, off by default, resolved per Org/BU, with a shipped Behaviour dashboard. Control is the product; now it is observable. Also included: a first-class ServiceNow integration (read incidents, changes, problems and the CMDB/CSDM; turn a Splunk alert, ITSI episode or ES notable into a rich ServiceNow or SIR security incident with the number written back), governed unattended playbooks, and a Data Foundation add-on package builder. Bring your own LLM: Anthropic, OpenAI, Azure OpenAI, Groq, Google Gemini, AWS Bedrock, Ollama (local, fully offline) or OpenRouter — server-side so API keys never leave the search head. Connecting Azure OpenAI with an API key works on every tier (Free is single-user); keyless Microsoft Entra ID / managed-identity auth for Azure OpenAI — no static secret, governed by your Entra tenant — is an Enterprise capability (new in 1.8.2). Multi-tenant by design: Organisations and Business Units resolve automatically from the calling app and roles. Free, Professional, Enterprise and MSP tiers, self-serve and air-gap-friendly.

Categories

Artificial Intelligence, DevOps

Created By

Eduard Lekanne

Type

app

Downloads

92

Resources

Log in to report this app listing