The AI co-pilot for Splunk that respects your data, your roles, and your LLM choice.
AI Workbench drops an AI assistant directly into Search, ITSI, Enterprise Security and your own apps — generating SPL, dashboards, alerts and ML workflows. It never sees more than the user is allowed to see, it runs on the LLM you choose, and every object it creates lands in the right Splunk app.
Everyone wants AI in Splunk…
Data leakage
Most AI tools ship your indexed events to an external SaaS. For a SOC, that’s a non-starter. AI Workbench runs inside Splunk — bring your own LLM, keys stay server-side, or run fully air-gapped on a local model.
Privilege escalation
An assistant that ignores Splunk roles is a security incident waiting to happen. Every capability is derived from the user’s own Splunk roles — the AI can never exceed them.
LLM lock-in
Picking a single model today means re-platforming tomorrow. Choose Anthropic, OpenAI, Azure, Gemini, Groq, Bedrock, OpenRouter or local Ollama — and switch any time.
AI Workbench features
Validated generation
Describe the outcome in plain language. AI Workbench writes the SPL, runs it against real rows to confirm it works, then saves the dashboard or alert into the correct app namespace.
Bring your own LLM
Route through the Splunk proxy so API keys never touch the browser, or run a local model for fully air-gapped environments. One install, every major provider, switchable per tenant.
Knowledge on demand
Instead of stuffing every prompt with reference data, the assistant pulls from Security Essentials detections and your curated playbooks only when relevant — and cites its source.
Multi-tenant, multi-org
Org and Business-Unit scoping, per-tenant tool assignment, and per-environment isolation. One license key can cover multiple Splunk environments with clean separation.
How-it-works
From a question to a saved Splunk object in four steps.
Open in context
The analyst opens AI Workbench from a nav entry inside Search, ITSI, ES or a custom app.
Scope to user
Available templates, tools and LLMs are derived from that app and the user’s Splunk roles.
Generate & validate
The chosen LLM drafts SPL or markup, runs it against real data, and self-corrects on failure.
Land in the right app
The dashboard, alert or saved search is written into that app’s namespace, ready to use.
Start free inside your own Splunk. Pay when it earns its place.
A single AI-generated dashboard can replace hours of senior consultant time. Start with the free Personal edition, move to Professional when a second user needs it, and talk to us when you’re scaling across teams or customers.
See AI Workbench in your own Splunk.
Book a 30-minute demo, or start a structured Proof of Value with success criteria agreed up front. No data leaves your environment.