Skip to content

[8.x] 🌊 LLM-powered parsing suggestions#211869

Merged
flash1293 merged 2 commits intoelastic:8.xfrom
flash1293:backport/8.x/pr-208777
Feb 20, 2025
Merged

[8.x] 🌊 LLM-powered parsing suggestions#211869
flash1293 merged 2 commits intoelastic:8.xfrom
flash1293:backport/8.x/pr-208777

Conversation

@flash1293
Copy link
Copy Markdown
Contributor

@flash1293 flash1293 commented Feb 20, 2025

Backport

This will backport the following commits from main to 8.x:

@flash1293
🌊 LLM-powered parsing suggestions (elastic#208777)
c93764a 
Depends on elastic#209985

Add suggestions for grok processing:

<img width="594" alt="Screenshot 2025-02-05 at 10 31 27"
src="https://github.com/user-attachments/assets/4b717681-aa7d-4952-a4e0-9013d9b8aaf8"
/>

The logic for generating suggestions works like this:
* Take the current sample
* Split it into patterns based on a simple regex-based grouping
replacing runs of numbers with a placeholder, runs of regular numbers
with a placeholder, etc.
* For the top 5 found groups, pass a couple messages to the LLM in
parallel to come up with a grok pattern
* Check the grok patterns whether they actually match something and
don't break
* Report the patterns that have a positive match rate

For the `Generate patterns` button to show in the UI, make sure a
connector is configured and the license level is above basic (trial
license is easiest to test with).

I did some light refactoring on the processing routes, moving the
simulation bits into a separate file - no changes in this area though.

---------

Co-authored-by: Marco Antonio Ghiani <marcoantonio.ghiani01@gmail.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>
(cherry picked from commit 1f35d7a)

# Conflicts:
#	x-pack/solutions/observability/plugins/streams_app/tsconfig.json
@flash1293 flash1293 added the backport This PR is a backport of another PR label Feb 20, 2025
@flash1293 flash1293 enabled auto-merge (squash) February 20, 2025 09:53
@flash1293 flash1293 merged commit 329256c into elastic:8.x Feb 20, 2025
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 20, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #8 / Assignees template renders different multiple tags correctly

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
streamsApp 299 301 +2

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/streams-schema 266 268 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
streamsApp 283.8KB 289.5KB +5.7KB
Unknown metric groups

API count

id before after diff
@kbn/streams-schema 269 271 +2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@klacabane klacabane klacabane approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@flash1293 @elasticmachine @klacabane @kibanamachine