# AI Action Assistant {% embed url="" %} {% hint style="warning" %} Note that this feature is only available for certain Tenants. Contact us if you need to use it and don't see it in your Tenant. {% endhint %} ## Overview The **Action Assistant** is an AI-powered chat feature designed to help users configure their [Actions](/the-workspace/pipelines/actions.md) within a [Pipeline](/the-workspace/pipelines.md). Any configuration requested through the chat will be automatically applied. This is especially useful for requesting specific use cases, as the AI will automatically apply the necessary fields and settings to achieve the desired result. To start using it, open the Action configuration and just click this icon at the bottom left corner:
{% hint style="warning" %} The Action Assistant is only available for a specific set of Actions, but it will soon be expanded to cover more. These are the Actions where you can currently use it: * [Accumulator](broken://pages/rcVshIDx9f7DG8tgvupM) * [Conditional](/the-workspace/pipelines/actions/filtering/conditional.md) * [Field Transformation](/the-workspace/pipelines/actions/transformation/field-transformation.md) * [Group By](/the-workspace/pipelines/actions/aggregation/group-by.md) * [Math Expression](/the-workspace/pipelines/actions/transformation/math-expression.md) * [Message Builder](/the-workspace/pipelines/actions/formatting/message-builder.md) * [Unique](/the-workspace/pipelines/actions/utils/unique.md) {% endhint %} ## Examples Here are some example use cases where we ask for help from the Action Assistant. Check the prompts we use and the resulting configuration in each example picture.
Conditional **Prompt: Please could you identify common windows logs event ids and create a condition for each value?** * In this example, we request a condition for each of the most common Windows event IDs: * In this case, we request conditions for each of the most common FortiGate log IDs: * Here, we are filtering events with `Success` status only:
Group By **Prompt: Group events every 5 minutes by host\_ip and count the occurrences.** * In this example, we need to identify each unique IP address for every 10 minutes: * In this case, we need all the unique app name values every 5 seconds, grouped by source ports and IP addresses:
Math Expression **Prompt: Convert the priority field to an integer, convert the source and destination ips to he format, identify the appnames starting with windows**
* In this case, we ask the assistant to transform a series of amounts from bytes to megabytes: * Here we are transforming our epoch dates in milliseconds into seconds: * In this example, we want to calculate the time difference between a series of from and to dates:
Message Builder **Prompt: Please build me a message in json format with the most important fields.** * In this example, we ask for the most relevant fields but in key-value format: * Here we are requesting the most relevant fields as a message in JSON format: * In this case, we want to order all our fields in alphabetical order: * Here we want to filter only string-type fields:
Unique **Prompt: Please identify the unique message IDs and codify them in 8 bits.** * In this example, we want to identify the unique message IDs and codify them in 8 bits.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/the-workspace/pipelines/building-a-pipeline/ai-assistant/ai-action-assistant.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.