When conversing with Chaos AI Assistant, follow these best practices for phrasing the questions that you want to transform into Search Analytics (Discover searches) or SQL Analytics queries.

Querying Format for the Assistant

When typing questions for querying, follow this basic question structure:

Type the keyword phrase sql query or search query, some sort of filtering criteria (such as the five most active users or records with 4xx error codes), the ChaosSearch view (dataset) to query against, and optionally a range of time if you do not want the default of current day (SQL) or last 15 minutes (Search).

• SQL example: Please write a sql query to show the unique values of sc_status in the sample-nginx-view. Chaos AI Assistant displays and explains the query it creates, and displays a prompt to run that query via the embedded Superset API in the conversation session. You can also copy the SQL query displayed in the conversation and paste it into a favorite SQL tool (like the SQL Editor in the console) to adapt the query and run it, or to save it as a favorite for future use or charts.

• Search example: Write a search query to find records with Invalid Logins in the cloudtrail_view dataset over the last 30 days. Chaos AI Assistant displays the search with some explanation, and will prompt you so that you can choose to open Search Analytics > Discover and run the query it creates. Use the Discover UI and its controls to change filters, constraints, and time ranges as needed to refine your search, and save the refined search to re-run it when needed, or to use it for visualizations.

📘

Sometimes sample queries cannot be run.

If you ask a question that does not follow the recommended query structure, that references an unknown dataset, or that has some spelling mistakes, Chaos AI Assistant tries to form a sample query, but might not display an option to run it.

Also, the Chaos Assistant might respond to user questions with valid sample searches or queries using SQL or Elastic syntax that is not supported. Running that sample in Assistant, if prompted, might result in a SQL error or Discover error. If this happens, it can be helpful to copy the sample SQL query and paste it into the SQL Editor, or edit the Discover window options, to form a supported request.

Help with Investigations and Analysis

Chaos AI Assistant can suggest some common or typical questions to ask of your datasets, and can categorize and group answers to organize the possible lines of investigation and inquiry.

Some sample prompts include:

• I am a business analyst, what type of questions would I ask on these datasets? Please put them into categories.
• I am a security analyst, what type of questions would I ask on these datasets? Please put them into categories.
• I am looking for influencers, what type of questions would I ask on these datasets? Please put them into categories.
• Please list the initial datasets again
• What kinds of information can I find in CloudTrail logs

You can experiment with prompts that follow these types of questions to use Chaos AI Assistant as a guide to practical data analysis and to help unlock the wealth of information contained within your ChaosSearch indexed data.