Deslicer vocabulary
Definitions for the proprietary vocabulary Deslicer uses across its product, documentation, and marketing surfaces — agents, change governance, and the Deslicer Automation Platform (DAP).
Updated .
agentic intelligence layer
The agentic intelligence layer is Deslicer's category framing — an agent platform that sits above Splunk and uses live MCP access to diagnose data, explain findings, and generate SPL, configs, or governed change plans. Distinct from a chatbot bolt-on or a vendor-native assistant, it is the layer that makes Splunk environments operable by AI agents.
MCP for Splunk
MCP for Splunk is Deslicer's Model Context Protocol integration that lets agents query indexes, sourcetypes, fields, knowledge objects, and CIM coverage from a live Splunk instance. It complements Splunk's own MCP Server: Deslicer agents can call either or both, then use the data to draft change plans and remediations reviewers can approve.
Diagnose. Explain. Generate.
Diagnose. Explain. Generate. is the three-step loop every Deslicer agent follows. The agent connects to the live Splunk environment, inspects real schemas to form a hypothesis, shows the searches and rows that supported the hypothesis, then produces SPL, configs, or a change plan annotated for the reviewer's approval gate.
GDI Agent
The GDI Agent (Getting Data In) onboards a new Splunk source. It analyses sample logs, matches CIM data models, and generates a multi-app config package — inputs.conf, props.conf, transforms.conf, tags.conf, serverclass.conf — with Magic 8 best practices, then validates the package with a data-quality score before reviewer approval.
CIM Compliance Agent
The CIM Compliance Agent inspects every sourcetype against the relevant Splunk Common Information Model data model, scores compliance from 0 to 100, and drafts field-extraction and tagging fixes. Drafted fixes attach to a DAP change plan with a confirmation card listing each change item before any reviewer approves and ships them to Splunk.
Data Explorer Agent
The Data Explorer Agent inspects indexed Splunk data — running fieldsummary against indexes and sourcetypes, sampling events, and inferring field types. It proposes three to five monitoring use cases per sourcetype with the supporting field combinations cited, so a reviewer can sanity-check fit before any dashboard or saved search is generated.
DAP (Deslicer Automation Platform)
The Deslicer Automation Platform (DAP) is the governance layer for Splunk configuration change. Insights Nodes on each Splunk host report operational state, agents draft change plans, and reviewers approve every edit before it executes. The platform tracks fleet health, certificate expirations, app inventory, and per-host execution status across the rollout.
DAP change plan
A DAP change plan bundles one or more configuration edits — file, stanza, key, value — for a Splunk host group. Each plan transitions through draft → pending → approved → executing → completed with a confirmation card listing every change item grouped by host, app, file, and stanza, and a per-host execution log persisted after rollout.
fleet observability
Fleet observability is the single-pane view DAP gives over every enrolled Splunk host. It surfaces node status, Splunk version distribution, cluster health, app inventory, and certificate alerts across four severity tiers. Teams use it to shift certificate and version issues from reactive discovery to proactive 90-day alerts before customers notice.
Insights Node
An Insights Node is a lightweight Deslicer agent installed on a Splunk host. It reports operational state, configuration snapshots, and certificate status to DAP without requiring inbound network ingress. Each node carries its own per-host API key, surfaces in the Insights Dashboard, and serves as the execution target for approved change plans.
conversational CIM audit
A conversational CIM audit is the in-chat workflow where the CIM Compliance Agent walks a reviewer through compliance scoring, drafted remediations, and the resulting DAP change plan inside a single chat thread. Reviewers approve, reject, or amend each suggested edit through confirmation cards without leaving the conversation or opening a separate dashboard.
governed change
Governed change is Deslicer's principle that every modification to a Splunk environment passes through an explicit approval workflow with full audit trail. DAP change plans, in-chat confirmation cards, dry-run previews, and per-host execution logs combine so that no agent-generated change reaches production without a reviewer-recorded approval step.