Creates a page summarizing all Elastic's AI-powered features #3768
Conversation
benironside
requested review from
florent-leborgne,
leemthompo and
mdbirnstiehl
…/elastic/docs-content into internal-455-list-genai-features
florent-leborgne
left a comment
florent-leborgne
left a comment
There was a problem hiding this comment.
This is a super nice start. I'd like this page (or set of pages) to do the following:
- List the AI features themselves (AI Assistants, Agent Builder) and clarify the link between these and AI connectors (and with EIS for the Elastic Managed LLM)
- List other features that rely on these AI features, and specify if this is optional, by default, etc -> This is important for users to make conscious choices about their config and about permissions of their own users, especially as they'll likely want to control pricing/token usage under control.
- Links to pricing pages for our default Elastic Managed LLM (at least) or to a page that focuses on AI features-related pricing impact
So that this inventory also becomes a source of understanding of how all of these relate to each other. We can chat about this at our sync :)
mdbirnstiehl
left a comment
mdbirnstiehl
left a comment
There was a problem hiding this comment.
One comment, but otherwise looks great!
|
On the ES/platform side, might be good to mention:
This would align with the PMM page: https://www.elastic.co/generative-ai Also we definitely need to mention:
@szabosteve will probably have additions :) |
There was a problem hiding this comment.
I left two small nits and a suggestion to drop some technical details that I think are too low-level for this overview. I really like the clarity and the structure of this page! It's great to see these features listed in one place. Everything that is on the page right now is LGTM. I think it would still be nice to add some more pieces to the page. Basically, all that Liam mentioned above. Some suggestions regarding the structure for the new content:
- I would suggest adding two or three new sections:
- Elastic inference or something similar (before AI-powered search), which could link to this page with a description like this: "Inference is a process of using a machine learning trained model to make predictions or operations - such as text embedding, or reranking - on your data." This subsection could mention EIS and the Inference API as the two main ways to use Elastic Inference.
- NLP models: this section could contain the built-in NLP models with ELSER highlighted, and the trained models deployed in your cluster.
- I think Elastic Managed LLM could have its own section. If you think it's too much, I would add it to the Elastic Inference section.
@leemthompo WDYT?
| serverless: | ||
| ``` | ||
|
|
||
| [AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content. These vector representations come in two forms: dense vectors that capture overall meaning, and sparse vectors that focus on key terms and their relationships. |
There was a problem hiding this comment.
Nit. Also, mentioning the two kinds of vectors here is too low-level a detail. We should focus on the semantic search workflow.
Edit: just saw Liam's suggestion; I agree to drop the tech details on vector types and add links to the two main paths users can choose from.
| [AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content. These vector representations come in two forms: dense vectors that capture overall meaning, and sparse vectors that focus on key terms and their relationships. | |
| [AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses {{ml}} models to capture meaning in content. These vector representations come in two forms: dense vectors that capture overall meaning, and sparse vectors that focus on key terms and their relationships. |
…/elastic/docs-content into internal-455-list-genai-features
eedugon
left a comment
eedugon
left a comment
There was a problem hiding this comment.
Looks awesome! Great initiative to create the AI-features doc.
Also the applies_to badges look very good and clear to understand.
I don't think there's anything to say from admin-docs side, as we don't deal with AI features in general.
florent-leborgne
left a comment
florent-leborgne
left a comment
There was a problem hiding this comment.
So nice to see the progress on this. Great work so far @benironside. I see a few approvals already but it's not in a mergeable state yet so I'll block it for now while we continue improving it :)
There was a problem hiding this comment.
I'd like this page to serve a clearer role in the narrative and answer the following questions for users:
- What has Elastic to offer in terms AI core capabilities?
- What features are augmented with AI?
- What do I need to know as a user to use these wisely in terms of configuration/customization options and pricing. For example, if I plug the AI Assistant to Open AI / ChatGPT-5, which of my features are now going to use this model, which ones are relying on a different config.
To slightly shift the narrative of the current page to answer these questions, can we:
- make a better distinction between the Elasticsearch platform's AI capabilities or architectural pieces (most notably the Elastic Inference Service and the Elastic Managed LLM, but also Gen AI connectors in general, or machine learning in general?), and AI-powered features that materialize in end-user flows in each solution. Said otherwise, some of these features here are not "search solution" features but rather platform capabilities. Think of this diagram (elastic internal)
- list more succinctly certain items here to find the right balance/emphasis to put on certain features. For example, sub-sections under Streams could be a list of bullet points.
- In the description of each feature, I think that instead of describing too much what the feature does, the goal of this page is rather to summarize how these features leverage AI, if that's automatic/by default or not (and if on by default, what does it use, what is customizable), what kind of AI-related configuration they rely on. For example, in the Attack Discovery docs, we can read:
Attack Discovery uses the same LLM connectors as AI Assistant. Does this mean that Attack Discovery's AI capabilities rely on your AI Assistant's config? - link not only to features but also relevant configuration documentation if necessary, and pricing. We know that pricing depends on the connector/model used. That's on users to know if they configure their own. But by default we have the Elastic Managed LLM enabled, which costs are controlled by Elastic and are documented per solution on our pricing pages
@benironside thank you for kicking off this PR. This is clearly a cross-team effort so if you can look after the Security piece of it on this page, that's great. In the meantime, @mdbirnstiehl @szabosteve @leemthompo can you help make these changes for your respective areas?
Co-authored-by: Liam Thompson <[email protected]>
Updated the AI features documentation to clarify the use of AI in suggesting queries based on data.
Co-authored-by: florent-leborgne <[email protected]>
|
|
||
| ## AI-powered features in {{es}} | ||
|
|
||
| ### Agent builder |
There was a problem hiding this comment.
Soon AB will be everywhere, so we should probably put it in the platform section to be ahead of the game
There was a problem hiding this comment.
I think we should only move it once it becomes available everywhere
There was a problem hiding this comment.
Well I guess technically it's available everywhere already apart from serverless security and obs
Vale Linting ResultsSummary: 2 warnings, 23 suggestions found
|
| File | Line | Rule | Message |
|---|---|---|---|
| explore-analyze/ai-features/ai-assistant.md | 46 | Elastic.QuotesPunctuation | Put punctuation outside the quotation marks. |
| explore-analyze/ai-features/ai-assistant.md | 46 | Elastic.DontUse | Don't use 'just'. |
💡 Suggestions (23)
| File | Line | Rule | Message |
|---|---|---|---|
| explore-analyze/ai-features/ai-assistant.md | 44 | Elastic.FutureTense | 'will be' might be in future tense. Write in the present tense to describe the state of the product as it is now. |
| explore-analyze/ai-features/ai-assistant.md | 46 | Elastic.FirstPerson | Avoid first-person pronouns such as 'me'. |
| explore-analyze/ai-features/ai-assistant.md | 48 | Elastic.Wordiness | Consider using 'also' instead of 'In addition'. |
| explore-analyze/ai-features/ai-assistant.md | 50 | Elastic.FirstPerson | Avoid first-person pronouns such as ' I '. |
| explore-analyze/ai-features/ai-assistant.md | 51 | Elastic.FirstPerson | Avoid first-person pronouns such as ' I '. |
| explore-analyze/ai-features/ai-assistant.md | 54 | Elastic.FutureTense | 'will be' might be in future tense. Write in the present tense to describe the state of the product as it is now. |
| explore-analyze/ai-features/ai-assistant.md | 56 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| explore-analyze/ai-features/ai-assistant.md | 56 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| explore-analyze/ai-features/ai-assistant.md | 56 | Elastic.FutureTense | 'will keep' might be in future tense. Write in the present tense to describe the state of the product as it is now. |
| explore-analyze/ai-features/ai-assistant.md | 56 | Elastic.Wordiness | Consider using 'before' instead of 'prior to'. |
| explore-analyze/ai-features/ai-assistant.md | 58 | Elastic.Capitalization | 'Elastic Managed LLM [elastic-managed-llm-ai-assistant]' should use sentence-style capitalization. |
| explore-analyze/ai-features/ai-features.md | 34 | Elastic.EmDashes | Don't put a space before or after a dash. |
| explore-analyze/ai-features/ai-features.md | 39 | Elastic.Acronyms | 'EIS' has no definition. |
| explore-analyze/ai-features/ai-features.md | 48 | Elastic.Acronyms | 'ELSER' has no definition. |
| explore-analyze/ai-features/ai-features.md | 135 | Elastic.Capitalization | 'AI Assistant for Security' should use sentence-style capitalization. |
| explore-analyze/ai-features/ai-features.md | 153 | Elastic.Capitalization | 'Automatic Migration' should use sentence-style capitalization. |
| explore-analyze/ai-features/ai-features.md | 160 | Elastic.Capitalization | 'Automatic Import' should use sentence-style capitalization. |
| explore-analyze/ai-features/ai-features.md | 167 | Elastic.Acronyms | 'ECS' has no definition. |
| explore-analyze/ai-features/ai-features.md | 169 | Elastic.Capitalization | 'Automatic Troubleshooting' should use sentence-style capitalization. |
| explore-analyze/ai-features/manage-access-to-ai-assistant.md | 17 | Elastic.WordChoice | Consider using 'deactivate, deselect, hide, turn off' instead of 'disable', unless the term is in the UI. |
| explore-analyze/ai-features/manage-access-to-ai-assistant.md | 25 | Elastic.Capitalization | 'The GenAI Settings page' should use sentence-style capitalization. |
| solutions/security/ai/ai-assistant.md | 26 | Elastic.FutureTense | 'will help' might be in future tense. Write in the present tense to describe the state of the product as it is now. |
| solutions/security/ai/attack-discovery.md | 59 | Elastic.FutureTense | 'will be' might be in future tense. Write in the present tense to describe the state of the product as it is now. |
|
I just pushed some updates to the security section. I mostly made the it more concise. Also changed the Attack Discovery docs to remove the confusing line you pointed out in your comment, Florent. I considered adding more info to each feature about how you need to configure an LLM connector to use it (this applies to all the features in the security section), but I decided not to, in favor of consistency across the solution sections (also since we point out at the top of the page that many of the features need LLM connectors it seemed a bit redundant). I also added a brief section at the top of the Security section that addresses some of the points identified by Florent. |
florent-leborgne
left a comment
florent-leborgne
left a comment
There was a problem hiding this comment.
Thank you all for all of the edits. I have a few more comments that I think we need to address to have this page aligned with its goal. Some things to generally think about when we describe these:
- With this content, can the user understand the role that AI plays when using this feature?
- Is AI going to be used on this feature regardless of my intention to use it? Can I choose to use it or not when using this feature?
Based on this, the way we should present things on this page vary a little:
- Case 1: "This capability is an AI component (LLM, inference service...) built and provided by Elastic, that you can set up and use to activate AI-powered features in Elastic"
- Case 2: "This capability only works with AI and does this. If you don't have AI set up, you can't use it"
- Case 3: "This capability is augmented with AI. When you set up AI for this feature, then it can help you with this this and that."
Thank you all!
| ## Requirements | ||
|
|
||
| - To use Elastic's AI-powered features, you need an appropriate license and feature tier. These vary by solution and feature. Refer to each feature's documentation to learn more. | ||
| - Most features require at least one working LLM connector. To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). |
There was a problem hiding this comment.
- I think we should mention here that there's a default LLM connector: the Elastic Managed LLM connector
- This links to security solution docs, do we have a better place that's not sending users into a specific solution context for this? (if not we should plan for this and to come back and edit this link once it's done)
|
|
||
| # AI-powered features | ||
|
|
||
| AI is built into many parts of the {{stack}}. This page describes Elastic's AI-powered features, organized by solution, and provides links to more detailed information about each of them. |
There was a problem hiding this comment.
| AI is built into many parts of the {{stack}}. This page describes Elastic's AI-powered features, organized by solution, and provides links to more detailed information about each of them. | |
| AI is a core part of the {{stack}}. It augments certain features and helps you analyze your data more effectively. This page lists the AI-powered capabilities and features available to you in each solution, and provides links to more detailed information about each of them. |
Slightly rewording to not sound like we "just" added a layer of AI tools on top of our products.
| - To use Elastic's AI-powered features, you need an appropriate license and feature tier. These vary by solution and feature. Refer to each feature's documentation to learn more. | ||
| - Most features require at least one working LLM connector. To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). | ||
|
|
||
| ## AI-powered features on the Elastic platform |
There was a problem hiding this comment.
Would be nice to have an intro under this title to explain what it means for users to have AI powered features available for the "platform" @szabosteve
| ### Elastic {{infer-cap}} | ||
| ```{applies_to} | ||
| stack: | ||
| serverless: | ||
| ``` | ||
|
|
||
| [Elastic {{infer-cap}}](/explore-analyze/elastic-inference.md) enables you to use {{ml}} or AI models to make predictions or enact operations — such as text embedding, or reranking - on your data. | ||
|
|
||
| To learn more, refer to: | ||
|
|
||
| - [Elastic {{infer-cap}} Service (EIS)](/explore-analyze/elastic-inference/eis.md): a managed service that runs {{infer}} outside your cluster resources. | ||
| - [The {{infer}} API](/explore-analyze/elastic-inference/inference-api.md): a general-purpose API that enables you to run {{infer}} using EIS, your own models, or third-party services. |
There was a problem hiding this comment.
@szabosteve Do you think we could introduce the Elastic Managed LLM here? It's missing from this page - In fact, I think I understand this better when I read the 1st paragraph and 1st section of https://www.elastic.co/docs/explore-analyze/elastic-inference/eis than this. Is there a chance we could make those snippets and somehow reuse them?
| ### Natural language processing | ||
| ```{applies_to} | ||
| stack: | ||
| serverless: | ||
| ``` | ||
| Natural Language Processing (NLP) enables you to analyze natural language data and make predictions. | ||
|
|
||
| Elastic offers a range of [built-in NLP models](/explore-analyze/machine-learning/nlp/ml-nlp-built-in-models.md) such as the Elastic-trained [ELSER](/explore-analyze/machine-learning/nlp/ml-nlp-elser.md). You can also [deploy custom models](/explore-analyze/machine-learning/nlp/ml-nlp-overview.md). |
There was a problem hiding this comment.
@szabosteve Should we more explicitly call out "Machine learning" in this section?
I'm thinking it may be a little clearer to present this section with something like this?
Hi these are AI-powered capabilities or features augmented with AI available to you without requiring a specific solution context:
- EIS. This is EIS... It powers:
- the Elastic Managed LLM, which is xxx and that you can use in xxx
- ELSER, which is is an NLP model trained by Elastic that enables you to perform semantic search with Elastic machine learning.
| security: ga | ||
| ``` | ||
|
|
||
| [Attack Discovery](/solutions/security/ai/attack-discovery.md) uses AI to identify potential threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to identify related users and hosts, map alerts to the MITRE ATT&CK matrix, and help identify threat actors. |
There was a problem hiding this comment.
@benironside Is AI mandatory to use attack discovery, or does it enhance the existing functionality?
| stack: preview 9.1, ga 9.2 | ||
| ``` | ||
|
|
||
| [Streams](/solutions/observability/streams/streams.md) is an AI-assisted centralized UI within {{kib}} that streamlines common tasks like extracting fields, setting data retention, and routing data. Streams incorporates AI in the following features: |
|
|
||
| ### Automatic Migration | ||
|
|
||
| [Automatic Migration](/solutions/security/get-started/automatic-migration.md) helps you quickly migrate Splunk assets to {{elastic-sec}}. It supports the following asset types: |
There was a problem hiding this comment.
@benironside how does this feature use AI? And is it mandatory to have AI set up to use this feature?
| security: ga | ||
| ``` | ||
|
|
||
| [Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources without prebuilt Elastic integrations. |
| serverless: | ||
| security: ga | ||
| ``` | ||
| [Automatic troubleshooting](/solutions/security/manage-elastic-defend/automatic-troubleshooting.md) helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. It provides actionable insights into the following common problem areas: |
Fixes elastic/docs-content-internal/issues/455 by creating a new page that lists all our AI-powered features.
This PR also:
Also, reviewers, this is a minor point but what do you think of adding "AI" to our glossary and linking to this PR's new page?