From e0ab85e9a866cbb5932eddd0e62d3870d4611b31 Mon Sep 17 00:00:00 2001 From: Mike Birnstiehl Date: Wed, 29 Oct 2025 13:37:12 -0500 Subject: [PATCH 1/2] [Streams] Add note about LLM connector requirements --- solutions/observability/streams/management/extract.md | 2 +- solutions/observability/streams/management/extract/grok.md | 2 +- .../observability/streams/management/significant-events.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/solutions/observability/streams/management/extract.md b/solutions/observability/streams/management/extract.md index a0e8253c11..f80582cdc5 100644 --- a/solutions/observability/streams/management/extract.md +++ b/solutions/observability/streams/management/extract.md @@ -26,7 +26,7 @@ Streams supports the following processors: - [**Date**](./extract/date.md): Converts date strings into timestamps, with options for timezone, locale, and output formatting. - [**Dissect**](./extract/dissect.md): Extracts fields from structured log messages using defined delimiters instead of patterns, making it faster than Grok and ideal for consistently formatted logs. -- [**Grok**](./extract/grok.md): Extracts fields from unstructured log messages using predefined or custom patterns, supports multiple match attempts in sequence, and can automatically generate patterns with an LLM connector. +- [**Grok**](./extract/grok.md): Extracts fields from unstructured log messages using predefined or custom patterns, supports multiple match attempts in sequence, and can automatically generate patterns with an [LLM connector](../../../security/ai/set-up-connectors-for-large-language-models-llm.md). - [**Set**](./extract/set.md): Assigns a specific value to a field, creating the field if it doesn’t exist or overwriting its value if it does. - [**Rename**](./extract/rename.md): Changes the name of a field, moving its value to a new field name and removing the original. - [**Append**](./extract/append.md): Adds a value to an existing array field, or creates the field as an array if it doesn’t exist. diff --git a/solutions/observability/streams/management/extract/grok.md b/solutions/observability/streams/management/extract/grok.md index 7f71837108..921b23fb9c 100644 --- a/solutions/observability/streams/management/extract/grok.md +++ b/solutions/observability/streams/management/extract/grok.md @@ -39,7 +39,7 @@ The previous pattern can then be used in the processor. ## Generate patterns [streams-grok-patterns] :::{note} -Requires an LLM Connector to be configured. +This feature requires an [LLM connector](../../../security/ai/set-up-connectors-for-large-language-models-llm.md). ::: Instead of writing the Grok patterns by hand, you can use the **Generate Patterns** button to generate the patterns for you. diff --git a/solutions/observability/streams/management/significant-events.md b/solutions/observability/streams/management/significant-events.md index 817bc74a45..0d2c8bf8bb 100644 --- a/solutions/observability/streams/management/significant-events.md +++ b/solutions/observability/streams/management/significant-events.md @@ -10,5 +10,5 @@ Significant Events periodically runs a query on your stream to find important ev To define significant events, either: -- **Generate significant events with AI:** If you don't know what you're looking for, let AI suggest queries based on your data. This works by using the previously identified [features](./advanced.md#streams-advanced-features) in your Stream to create specific queries based on the data you have in your Stream. Then, select the suggestions that make sense to you. +- **Generate significant events with AI:** (requires an [LLM connector](../../../security/ai/set-up-connectors-for-large-language-models-llm.md)) If you don't know what you're looking for, let AI suggest queries based on your data. This works by using the previously identified [features](./advanced.md#streams-advanced-features) in your Stream to create specific queries based on the data you have in your Stream. Then, select the suggestions that make sense to you. - **Create significant events from a query:** If you know what you're looking for, write your own query to find important events. \ No newline at end of file From 6f7e0b62cb9abbfe34cf704c6d13d7ab3b63c2e1 Mon Sep 17 00:00:00 2001 From: Mike Birnstiehl Date: Wed, 29 Oct 2025 13:53:23 -0500 Subject: [PATCH 2/2] fix link --- solutions/observability/streams/management/extract/grok.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/observability/streams/management/extract/grok.md b/solutions/observability/streams/management/extract/grok.md index 921b23fb9c..577e1a544e 100644 --- a/solutions/observability/streams/management/extract/grok.md +++ b/solutions/observability/streams/management/extract/grok.md @@ -39,7 +39,7 @@ The previous pattern can then be used in the processor. ## Generate patterns [streams-grok-patterns] :::{note} -This feature requires an [LLM connector](../../../security/ai/set-up-connectors-for-large-language-models-llm.md). +This feature requires an [LLM connector](../../../../security/ai/set-up-connectors-for-large-language-models-llm.md). ::: Instead of writing the Grok patterns by hand, you can use the **Generate Patterns** button to generate the patterns for you.