ChatGPT and SPL: A Dynamic Duo for Learning Splunk’s Query Language

/in , /by

If you haven’t heard of ChatGPT yet, you likely have blocked notifications on social networks like Linkedin, Twitter or Reddit, as everyone is talking about the benefits (and concerns) of artificial intelligence. However, it’s ChatGPT who gets the lion’s share of the limelight in this story.

If we look at the search trends provided by Google, ChatGPT reached its peak in searches between February and April 2023, surpassing general AI (artificial intelligence) searches.

ChatGPT and SPL
Source: Google Trends

Many articles are from newspapers and institutions that join the disclosure of the importance of tools like ChatGPT in our day-to-day. For example, Forbes publishes weekly articles related to this topic. You may be wondering, what does this have to do with Splunk?

I didn’t come to tell you about the vanities of ChatGPT, I want to show you how using Artificial Intelligence technologies, like ChatGPT, can help you learn and use Splunk! If you have ever encountered any of the following, I encourage you to keep reading this post:

  • I am new to Splunk and need to learn its query language.
  • I have to document the search queries I create in the department.
  • I am looking for new ideas to improve my search queries.

I am new to Splunk and need to learn its query language

Our first recommendation is to check all the free ‘getting started’ content, that Splunk and its community offer, to start your journey in this path of analysis. However, we aren’t here to review documentation or videos, so lets look at using ChatGPT to start our learning instead!

Let’s firstly ask ChatGPT what SPL is and see if it knows…

what is SPL
Source: ChatGPT

Now we have a simple description of what SPL is. For new users, it’s essential to establish a solid foundation, so ChatGPT can assist by providing explanations of basic SPL concepts such as search commands, filters, fields, and statistical functions. Users can inquire about SPL syntax, specific commands, or any fundamental questions. I recommend you continue exploring the topic with questions such as: 

  • How can I create new queries?
  • What are the search commands?
  • How can I define filters?
  • How can I add transformations and calculations?
  • Give me 3 examples to check the internal logs in Splunk with transformations.
  • Get me the manual for the tstats command.

I have to document the search queries I create in the department

We have all created queries for our Splunk environments and we all need to document them for the rest of the team or for new hires. Understanding the output of SPL queries and effectively visualizing the results are crucial for extracting meaningful insights, this increases traceability and internal training in our departments. How can ChatGPT help me with this? Easy! Sanitize the query to remove sensitive information such as host, users, locations, etc., give it to ChatGPT and ask it to explain this one to you.

Let’s now get ChatGPT to explain a Splunk search…

chatgpt help with SPL queries
SPL query breakdown
Source: ChatGPT

That’s some pretty nice output from ChatGPT there. You could use this as a template or guide for your final documentation!

I am looking for new ideas to improve my search queries

Last, but not least, what if we need more search query ideas – can ChatGPT help me with this? Sure, the AI can help the user with some examples and can share best practices and tips to enhance users’ SPL skills. It can cover topics such as data sourcetypes, field extractions, time-based searches, correlation searches, and advanced statistical analysis. However, you will still need to be careful, these are ideas, we always recommend that you compare and correct them.

Let’s use ChatGPT to find some more ideas about a search query…

SPL query ideas to check website performance
chatgpt and spl analysis
Source: ChatGPT

Let’s try another approach focused on improvement of an existing search…

improved SPL queries with ChatGPT
Source: ChatGPT

…and now?

Remember, these tools are here to help us and save us time, but before using their content it’s important to take a moment to give it a good review, improve it, and add your own special “spicy” touch ;), and as we always say, Have fun!!

If ChatGPT’s answers aren’t hitting the mark, fear not! You can always call upon our team of Splunk experts to streamline your internal security processes and help you achieve and enhance your goals.

Looking to expedite your success with Splunk? Click here to view our Splunk Professional Service offerings.

© Discovered Intelligence Inc., 2023. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

You might also like
SpamPredict Spam Using Machine Learning Classification
Simplifying SPL: A Beginner’s Guide to the Splunk AI Assistant
splunk attack rangeGet Excited About The Splunk Cloud ACS CLI
splunk attack rangeNorthern Enlightenment – Splunking Canadian Weather Extremes
Building a Unified View: Integrating Google Cloud Platform Events with Splunk
splunk attack rangeHeartbleed Command for Splunk
splunk attack rangeSplunk 6.6 New Features – Part IV – Trellis Layout Visualization
splunk attack rangeSave Time and Improve your Security Posture with Splunk Attack Range