1. Install using the latest tar.gz or .spl file
2. Add your OpenAI Org & API Key with the setup page:
(ref: https://platform.openai.com/account/org-settings & https://platform.openai.com/account/api-keys)
If you have multiple Orgs & Keys you can add them too:
If both default and unique orgs/keys are added, the command will support both syntax.
3. Use the search command: | openai prompt="your prompt"
1. Upgrade the app using your preferred method
2. Edit TA-openai-api/local/passwords.conf:
-Change [credential:TA-openai-api:api_key:] to [credential:TA-openai-api:api_key_default:]
-Change [credential:TA-openai-api:org_id:] to [credential:TA-openai-api:org_id_default:]
-Save the file
3. Use the search command
4. Note that output field names and sort has changed
All of the |openai command's output fields begin with "openai_" now and are sorted alphabetically. You may need to update previous searches to handle this change in behavior.
The command will create a "ChatCompletion", "Completion", "Edit" or "Moderate" request to the OpenAI API depending on which model you specify:
ref: https://platform.openai.com/docs/api-reference/
The following options are supported by the command:
key - Optional, name of the API key to use. Defaults to "default".
org - Optional, name of the Organization to use. Defaults to "default".
prompt - Optional, your prompt for OpenAI
prompt_field - Optional, if streaming data to openai, a field in your result set that you wish to use as a prompt for OpenAI
assistant_prompt - Optional, assistant prompt for OpenAI
system_prompt - Optional, system prompt for OpenAI
messages - Optional, escaped JSON array of system, user and assistant prompts such as "{"role": "system", "content": "You are a child with very limited vocabulary"}, {"role": "user", "content": "Please tell me how to make a sandwich"}, {"role": "assistant", "content": "None"}"
model - Optional, which GPT model to use (ref: https://platform.openai.com/docs/models/). As of Version 3.0.0, if you choose a completion model, code will genearate a completion task. If you choose a moderation model, code will generate a moderation task, and so on. Default: gpt-3.5-turbo
instruction - Optional, the instruction you want the Edit/Edits to follow. Note this is only valid when edit models are specified. Default: None
max_tokens - Optional, the maximum number of tokens to generate in the completion. Default: None
stop - Optional, up to 4 sequences where the API will stop generating further tokens. The returned text will not contain the stop sequence. Default: None
temperature - Optional, what sampling temperature to use. Higher values means the model will take more risks. Try 0.9 for more creative applications, and 0 (argmax sampling) for ones with a well-defined answer. We generally recommend altering this or temperature but not both. Default: None
top_p - Optional, an alternative to sampling with temperature, called nucleus sampling, where the model considers the results of the tokens with top_p probability mass. So 0.1 means only the tokens comprising the top 10% probability mass are considered. We generally recommend altering this or temperature but not both. Default: None
n - Optional, how many completions to generate for each prompt. Note: Because this parameter generates many completions, it can quickly consume your token quota. Use carefully and ensure that you have reasonable settings for max_tokens and stop. Default: None, Max: 10
A simple completion example:
| openai prompt="When was GA, USA founded" model=text-davinci-003
A simple edit example:
| openai prompt="Orenge" model=text-davinic-edit-001
A simple edit with instructions example:
| openai prompt="When was GA, USA founded" model=text-davinic-edit-001 instruction="expand the acronyms"
A simple moderation example:
| openai prompt="I want to kill humans" model=text-moderation-stable
Data cleaning examples:
Getting 5 incorrect spellings of a US City and then using AI to correct the spelling:
Chat examples:
| openai prompt="write a hello world js please"
Mapping Example:
`comment("Grab some data from an internal index and combine it into one field called raw")`
index=_internal sourcetype=splunk_web_access
| head 10
| rename _raw as raw
| fields raw
| mvcombine raw
`comment("Ask ChatGPT what's the best sourcetype to use for the data")`
| map [| openai model=gpt-4 prompt="What is the best Splunk sourcetype for this data? \n".$raw$]
`comment("Parse the reponse, dropping all but the value of the content field from the response message")`
| spath input=openai_response
| rename choices{}.message.content as response
| table response
Workflow Actions:
Streaming Example:
Additional Prompts Example:
| openai prompt="Please tell me how to make a sandwich" system_prompt="Pretend you are a child with very limited vocabulary" assistant_prompt="Maybe act like a cartoon character"
Inline Messages Array Example:
| openai messages="{\"role\": \"system\", \"content\": \"You are a child with very limited vocabulary\"}, {\"role\": \"user\", \"content\": \"Please tell me how to make a sandwich\"}, {\"role\": \"assistant\", \"content\": \"None\"}"
- Error "No such organization: org-ABCDEFG12345" indicates that you did not configure the correct default org. Please remove the defaults from $SPLUNK_HOME/etc/apss/TA-openai-api\local\passwords.conf, and setup a default org and api key from the setup page.
Delete:
Setup a default:
