Glossary
Key terms — MCP, SPL, Agent, Workflow, Integration, GDI, ITSI, CIM, Smithery, and more
Glossary
Key terms used in Deslicer AI documentation.
Navigation
- Parent: Reference
- Related: What is Deslicer? | FAQ
A–D
ADK — Agent Development Kit. Google's framework for building AI agents. Legacy component — current production uses Vercel AI SDK within the Next.js app.
Agent — An AI assistant in Deslicer. Agents have a role, system prompt, attached tools, and a selected model. You chat with agents to get SPL, configs, investigations, or guidance.
BOTS — Boss of the SOC. Splunk's security competition dataset. The BOTS Hunter agent is designed for BOTS-style investigations.
CIM — Common Information Model. Splunk's standardized field naming convention. Agents reference CIM data models when generating configs and SPL.
Credits — Deslicer's consumption unit for AI usage. Each plan includes monthly credits. Chat and workflow runs consume credits based on model and token usage.
E–I
GDI — Getting Data In. Splunk's process for ingesting data. The GDI agent generates inputs.conf, props.conf, transforms.conf, tags.conf, and serverclass.conf.
Index — A Splunk index. A logical container for events. Agents list and query indexes via MCP.
Integration — A connection from Deslicer to an external system via MCP. Examples: Splunk MCP, VirusTotal, Censys, GitHub, Exa.
ITSI — IT Service Intelligence. Splunk's service monitoring product. Deslicer workflows analyze ITSI episodes and KPIs.
M–O
LiteLLM — An LLM proxy that sits between Deslicer and AI model providers. Routes requests, load-balances across API keys, and tracks usage.
Magic 8 — Eight best practices for Splunk data onboarding: sourcetype naming, line breaking, timestamp extraction, field extraction, CIM alignment, validation, documentation, and monitoring.
MCP — Model Context Protocol. The protocol that connects Deslicer agents to Splunk and other tools. Agents use MCP to run searches, inspect configs, and access live data.
MCP Server — A server that implements MCP. The Splunk MCP server exposes Splunk capabilities to agents. Custom MCP servers can be added via JSON import.
Organization — A tenant in Deslicer. Each org has its own integrations, agents, team members, and billing.
Observer — Deslicer Observer API. Connects to your Splunk deployment for host inventory, configuration management, and change plans with approval workflows.
S–Z
Smithery — An MCP tool marketplace with 3,500+ tools. Agents can browse and use tools from Smithery without custom development.
Sourcetype — A Splunk sourcetype. Identifies the format of incoming data (e.g., linux_secure, syslog). Agents use sourcetypes when generating SPL and configs.
SPL — Search Processing Language. Splunk's query language. Deslicer agents generate, optimize, and execute SPL.
Tenant — Same as Organization. Used in multi-tenant deployments.
Workflow — A multi-step automation that chains tool calls, agent reasoning, evaluators, and conditional routing into a DAG. Workflows produce structured reports.
