AWSOpenSearch UI Help Center
AWS Docs 
Feedback

GenAI Analytics

OpenSearch UI integrates AI-powered capabilities that help you explore data using natural language, generate visualizations automatically, summarize alerts, and get recommendations for anomaly detection. These features are powered by Amazon Q and large language models.

AI assistant overview

The AI assistant in OpenSearch UI provides conversational access to your data. Instead of writing PPL or SQL queries manually, you can describe what you're looking for in plain English, and the assistant generates the appropriate query.

What the AI assistant can do

CapabilityDescriptionExample
Natural language queriesConvert plain English to PPL/SQL"Show me the top 10 error-producing services this week"
Visualization generationCreate charts from descriptions"Create a line chart of request latency over the last 24 hours"
Alert summarizationSummarize active alerts in plain language"Summarize my current alerts"
Anomaly insightsExplain detected anomalies"Why did CPU spike at 3am?"
Query explanationExplain what a query does"Explain this PPL query"
Data explorationSuggest relevant queries for an index"What interesting patterns are in my web-logs index?"

Enabling the AI assistant

The AI assistant requires Amazon Bedrock access and must be enabled for your application.

Prerequisites

  1. Amazon Bedrock access — The AI assistant uses foundation models through Amazon Bedrock. Ensure your account has access to the required models in the application's region.
  2. IAM permissions — The application's service role needs permission to invoke Bedrock models.
  3. Supported region — The AI assistant is available in regions where both OpenSearch UI and Amazon Bedrock are supported.

Required IAM permissions

Add these permissions to the application's service role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": "arn:aws:bedrock:us-east-1::foundation-model/*"
    }
  ]
}

Enabling in the UI

  1. Launch your OpenSearch UI application
  2. Navigate to ManagementAI Assistant Settings
  3. Toggle Enable AI Assistant to on
  4. Select the foundation model to use
  5. Click Save

Natural language query generation

The most common use of the AI assistant is converting natural language questions into executable queries.

How to use it

  1. Open the AI assistant panel (chat icon in the top navigation)
  2. Type your question in natural language
  3. The assistant generates a PPL or SQL query
  4. Review the generated query
  5. Click Run to execute it
  6. Results appear in the Discover view

Example conversations

You: "Show me all 5xx errors from the payment service in the last hour"

Assistant generates:

source = app-logs-*
| where status_code >= 500 AND status_code < 600
| where service_name = 'payment-service'
| where timestamp > DATE_SUB(NOW(), INTERVAL 1 HOUR)
| sort - timestamp
| fields timestamp, status_code, request_path, error_message

You: "What's the average response time by region for the last 7 days?"

Assistant generates:

source = app-logs-*
| where timestamp > DATE_SUB(NOW(), INTERVAL 7 DAY)
| stats avg(response_time) as avg_latency by region
| sort - avg_latency

You: "Compare error rates between us-east-1 and eu-west-1"

Assistant generates:

source = app-logs-*
| where status_code >= 500
| where region IN ('us-east-1', 'eu-west-1')
| stats count() as error_count by region, span(timestamp, 1h) as hour
| sort hour

Tips for better results

  • Be specific about time ranges — "last 24 hours" works better than "recently"
  • Name your fields — "filter by the service_name field" is clearer than "filter by service"
  • Specify the index — "in the web-logs index" helps the assistant target the right data
  • Iterate — If the first query isn't right, refine your question based on the results

AI-powered visualizations

The assistant can generate visualizations directly from natural language descriptions.

Creating a visualization

  1. Open the AI assistant
  2. Describe the visualization you want:
    • "Create a bar chart showing the top 10 services by error count"
    • "Make a line chart of CPU utilization over the last week, grouped by host"
    • "Show a pie chart of traffic distribution by region"
  3. The assistant generates the visualization configuration
  4. Review and click Save to dashboard to add it to a dashboard

Supported visualization types

The AI assistant can generate:

  • Line charts (time-series data)
  • Bar charts (categorical comparisons)
  • Pie charts (proportional data)
  • Area charts (volume over time)
  • Data tables (detailed breakdowns)
  • Metric visualizations (single KPI values)

Alert summarization

When you have active alerts, the AI assistant can provide a plain-language summary of what's happening.

How it works

  1. Open the AI assistant
  2. Ask: "Summarize my active alerts"
  3. The assistant reviews all triggered monitors and provides:
    • A count of active alerts by severity
    • A summary of the most critical issues
    • Suggested investigation steps

Example summary

You: "What alerts are firing right now?"

Assistant:

You have 3 active alerts:

  1. Critical — CPU utilization on prod-web-03 has exceeded 95% for the last 15 minutes. This started at 14:32 UTC.
  2. High — Error rate for the payment service jumped to 12% (baseline is 0.5%). First triggered at 14:28 UTC.
  3. Medium — Disk usage on prod-db-01 is at 87%. Trending upward over the last 3 days.

The CPU and error rate alerts may be related — I'd suggest checking if the payment service is running on prod-web-03.

Anomaly detection recommendations

The AI assistant can help you set up and interpret anomaly detection.

Setting up anomaly detectors

  1. Ask the assistant: "Help me set up anomaly detection for response latency"
  2. The assistant suggests:
    • Which index and field to monitor
    • Appropriate detection interval
    • Feature configuration (e.g., average, sum, count)
  3. Review and create the detector

Interpreting anomalies

When anomalies are detected, ask the assistant for context:

You: "Why did latency spike at 3am on June 15?"

Assistant:

The latency anomaly at 3am on June 15 correlates with:

  • A 3x increase in request volume starting at 2:45am
  • A deployment event logged at 2:50am (service: checkout-api, version: 2.4.1)
  • No corresponding increase in error rate

This suggests the deployment may have introduced a performance regression under load. Consider rolling back or profiling the checkout-api v2.4.1 changes.

Conversation context

The AI assistant maintains context within a conversation session:

  • Follow-up questions reference previous queries
  • You can refine results: "Now filter that to just us-east-1"
  • You can change the visualization: "Show that as a bar chart instead"
  • Context resets when you close the assistant panel or start a new conversation

Data privacy and security

  • Queries are processed through Amazon Bedrock — Your data is sent to the foundation model for query generation
  • No data is stored by the model — Amazon Bedrock does not retain your data for model training
  • IAM controls apply — The assistant can only access data that the current user has permission to view
  • Audit trail — AI assistant interactions are logged and can be audited

Limitations

  • Complex joins — The assistant may struggle with queries that require joining data across multiple indices or data sources
  • Custom field names — Unusual or abbreviated field names may confuse the model. Use descriptive field names for better results.
  • Real-time data — The assistant generates queries but doesn't have real-time awareness of your data. It may suggest queries for fields that don't exist in your index.
  • Visualization customization — Generated visualizations use default styling. You may need to manually adjust colors, labels, and formatting.
  • Region availability — The AI assistant requires Amazon Bedrock, which is not available in all regions.

Troubleshooting

AI assistant not appearing in the UI

  • Verify the feature is enabled in ManagementAI Assistant Settings
  • Check that your IAM role has Bedrock permissions
  • Confirm Amazon Bedrock is available in your region

Generated queries return errors

  • The assistant may reference fields that don't exist — check field names in your index
  • Time range syntax may not match your data — adjust the generated query manually
  • The index name may be incorrect — specify the exact index name in your question

"Model not available" error

  • Your account may not have access to the required Bedrock foundation model
  • Request model access in the Amazon Bedrock console
  • Check if the model is available in your region

Slow response times

  • Complex queries take longer to generate
  • Large result sets take longer to process
  • Try narrowing your question to a specific time range or index