[securityAssistant] LangGraph ES|QL query generation tool #186489
Conversation
… to use kbDataClient instead of esStore
…ggraph # Conflicts: # yarn.lock
…raph # Conflicts: # x-pack/plugins/observability_solution/observability_ai_assistant_app/public/functions/visualize_esql.tsx
…raph # Conflicts: # package.json # x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/graph.ts # x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/index.ts # x-pack/plugins/search_playground/server/lib/conversational_chain.test.ts # x-pack/test/security_solution_cypress/config.ts # yarn.lock
|
/ci |
|
/ci |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
async chunk count
ESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
patrykkopycinski
changed the title
patrykkopycinski
added
release_note:enhancement
Team:Security Generative AI
…raph # Conflicts: # x-pack/plugins/elastic_assistant/server/lib/langchain/execute_custom_llm_chain/index.ts # x-pack/plugins/elastic_assistant/server/lib/langchain/executors/types.ts # x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/index.ts # x-pack/plugins/elastic_assistant/server/routes/post_actions_connector_execute.test.ts # x-pack/plugins/elastic_assistant/server/routes/post_actions_connector_execute.ts
There was a problem hiding this comment.
Thanks for the enhancement @patrykkopycinski 👍 👍 👍
I enabled the knowledge base and preview the case, but still had an error. Could you please check if you can reproduce this?
Screen.Recording.2024-07-04.at.17.22.49.mov
| </EuiCodeBlock> | ||
| </EuiFlexItem> | ||
|
|
||
| {!showVisualization && ( |
There was a problem hiding this comment.
If it relies on knowledge base to work, should we check if the knowledge base toggle is on here?
There was a problem hiding this comment.
Thank you @angorayc, the UI part doesn't need Knowledge base to be enabled, but it requires in your case to packetbeat-* to exists and have proper data propagated
There was a problem hiding this comment.
Yes, I can confirm that I have packetbeat-* data. I searched the same ESQL within timeline, and there was one entry appeared in the table, but it wasn't able to be visualised from the case markdown when using preview.
There was a problem hiding this comment.
will double check, Thank you 🙇
|
/ci |
1 similar comment
|
/ci |
…aseByDefault and assistantModelEvaluation FF
spong
added
ci:cloud-redeploy
|
/ci |
⏳ Build in-progress, with failures
Failed CI Steps
History
|
| @@ -141,7 +141,7 @@ | |||
| ], | |||
| "id": "ml", | |||
| "size": { | |||
| "value": 1024, | |||
There was a problem hiding this comment.
afaik, this is no longer needed, with the autoscaling we have in place
Important
Upping cloud deploy ML memory for ELSER and enabling eval FF. Must revert 45e586b before merging!
Summary
Adds LangGraph-based ESQL generation tool that was heavily inspired by Observability AI Assistant query function
Currently functionality is hidden behind FF:
xpack.securitySolution.enableExperimental=['aiAssistantGraphEsqlTool']This tool relies also on Knowledge base to be enabled.
To test
Caseschanges feel free to just post a comment like:(make sure to close esql tag, because github formatting didn't allow me to do so)
esql.generation.1.mp4