Skip to main content

Setting Up Data for Copilot

Before we can see Copilot in action with real-world examples, we need to create a data source and destination to work with& enable AI. This setup will provide the foundation for our hands-on exploration of Copilot's capabilities in the following sections.

note

Lets go to Stream > default Worker Group and create a datagen to generate some sample Palo Alto traffic logs. Stream has an actual datagen built in for testing purposes. You can upload a sample of your data then configure Stream to push the data into itself at prescribed intervals.

Datagens allow you to apply functions to enrich and transform your data without being in production. Neat!

First things first lets Enable AI
  1. In the left navigation pane, click on Settings
  2. Click Global Settings
  3. Scroll down to the AI Settings section
  4. AI Settings > [X] I have read and understand the AI disclaimer
  5. Click Turn On Cribl Copilot
  6. Click Stream Home On the left navigation

Let's configure a datagen to generate some sample Palo Alto traffic logs:

Create a Datagen
  1. Still in the Stream > default Worker Group, at the top, click into Routing > QuickConnect.
  2. Click Add Source.
  3. Find and click on the Datagen tile.
  4. For Input ID, enter palo_traffic.
  5. For the Datagen > Data Generator File, select palo_alto_traffic.log.
  6. Click Save.

Now, let's set up a destination in Cribl Lake to receive our sample data:

Plumb it like it's hot
  1. Still on Routing > QuickConnect, click Add Destination at the top right
  2. Select Cribl Lake and click Add New
  3. Configure your new Lake Destination by filling in the following information:
    • Output ID: sbx_logs
    • Lake dataset: default_logs
  4. Click Save
  5. Click the + on the palo_traffic Datagen Source on the left, drag a connection over to the sbx_logs Cribl Lake Destination on the right, and release
  6. In the resulting pop-up, leave Passthru selected and click Save

Commit & Deploy Your Changes

Cribl.Cloud runs our products in a distributed architecture. What this means is that our changes, while saved, haven't been pushed out to our workers until we commit and deploy them.

Commit & Deploy
  1. In the top right, click Commit & Deploy
    I don't have that button...

    If you are seeing separate Commit and Deploy buttons, click Commit instead.

  1. In the resulting window, click Commit & Deploy in the bottom right. :::
Remember This Process

Throughout the rest of this sandbox, whenever you see instructions to "Commit & Deploy", you'll need to follow these same steps to apply your changes. We won't repeat the detailed instructions each time.

With our data source and destination configured, we're now ready to explore Copilot's powerful capabilities for transforming logs, starting with the Copilot Editor in the next section.