ai.conf

The following are the spec and example files for ai.conf.

# This file contains settings and values that you can use to configure
# the Computence AI Agent for Splunk.

[install]

is_configured = <boolean>
* Specifies whether the app is already configured on this search head.
* When set to false, opening the app will redirect the user to the configuration page.
* Default: false

[backend]

server = <string>
* The server hosting the backend API for the agent.
* Can include a port number if needed.
* Default: api.computence.app

schema = <http|https>
* Schema to use for the backend API.
* HTTP is unencrypted and not recommended.
* Default: https

[systemRules]

RULE-<name> = <string>
* A rule which is applied to all user conversations.
* From the point of view of the agent, the rule appears as the first message in the conversation.

[riskyCommands]

allow_list = <comma-separated list>
* Comma-separated list of risky commands the agent may be allowed to execute.
* Supported allow-list entries:
* map,collect,mcollect,meventcollect,outputcsv,outputlookup
* Explicitly disallowed:
* delete,dump,run,runshellscript,script,sendalert,sendemail,tscollect
* Everything in both lists is blocked unless added here
* Default: None

[riskyCommand::<command>]
* Use this stanza style to mark additional Splunk commands as risky.
* You will have to specify a description and a category for the UI to display.
* You can have multiple instances of this stanza.

description = <string>
* Description for the custom risky command.
* Explain why this command should not be auto-executed by the agent.

category = <string>
* Category for the custom risky command.
* This will be used in the title of the risky command notification.

[format]

auto_format_spl_query = <boolean>
* Toggles automatic formatting of SPL queries in chat responses.
* When enabled, the agent:
* 1. Inserts newlines after each pipe.
* 2. Normalizes spacing around pipes.
* 3. Removes trailing pipes.
* Default: true