Skip to content

DataPrime AI query prompts

Selecting the correct prompt for Coralogix AI Query

The Coralogix AI query assistance enables users to access their data using natural language. For example:

get the top 10 IP addresses

Will (depending on your data of course) translate into:

top 10 $d.source_ip_address by count()

What is prompt engineering?

Prompt engineering is the refinement of the natural language that one uses when working with an AI tool like Coralogix AI Query, to get the best possible results. By refining your prompts, and by including some key details, it arms the model with much more specific information with which it can work.

Be specific with keypaths

Consider the following document:

{
    "http": {
        "ip_address": "17.8.9.4",
        "http_request_size_bytes": 100340,
        ...
    },
    "edge_ip": "40.67.88.123",
    "original_ip": "100.4.5.23",
    ...
}

There are many fields that contain an IP address, and they each contain a different value. This is because http.ip_address represents the IP address of the proxy that forwarded the request, edge_ip represents the CDN node that handled the request, and original_ip is the original client that sent the request. Now consider the following AI natural language query:

Give me the ip addresses with the biggest requests

On which IP address should the Query Assistance focus? It is certainly clever enough to focus on one of them and produce a query that matches what you ask, but since they each represent different values, which IP address is most important?

This is why keypath specitificity is so crucial, when issuing requests to the Coralogix DataPrime Query Assistance. Rather than asking for an "IP Address", name the field:

give me the top 10 http.ip_address with the biggest requests

This removes the ambiguity and requires very little extra effort. Everything is still written in plain English, but some of the key information is now stated clearly.

Use similar language to the relevant keywords, if possible

When you want to tell the AI Query Agent to group your logs together on a particular keyword, it is sometimes helpful to work backwards from the DataPrime syntax.

NOTE: This isn't required, and the AI Query Agent is very capable of discerning your meaning if you use alternate phrasing, but it increases your chances of success.

For example, consider the following document:

{
    "http": {
        "ip_address": "17.8.9.4",
        "http_request_size_bytes": 100340,
        ...
    }
}

Let's assume we would like to get an output that looks something like this:

{
    "ip_address": "17.8.9.4",
    "average_request_size": 90483
},
{
    "ip_address": "99.8.31.123",
    "average_request_size": 12003
}
...

In order to yield this output using a raw DataPrime Query, we would write a query like:

groupby http.ip_address aggregate avg(http.average_request_size) as average_request_size

So when we describe our natural language prompt, while we don't need to know exactly which query we want to write, using language that's consistent with the DataPrime syntax will help:

get me the average http.request_size grouped by http.ip_address

Be concise

While the LLM is designed to be conversational, there's no need to add extra words into your query that are not necessary. It is, in essence, a very clever translator. The more words you give it, the more it has to translate.

Rather than:

Hey please fetch the logs for my http service and turn it into a report about the most active users

Brevity should be preferred:

get the top 10 http.username for http_service traffic

Previous Previous Troubleshooting
Next DataPrime fair usage limits Next
Home
User Guides User Guides
DataPrime DataPrime
Integrations Integrations
OpenTelemetry OpenTelemetry
Developer Portal Developer Portal