SLS DataAgent is an intelligent assistant for business data analysis. It offers powerful data querying and deep insights to help you quickly obtain key business information.
Overview
SLS DataAgent provides the following core capabilities:
-
Knowledge-driven Q&A: Answers operations and maintenance (O&M) questions by using the Standard Operating Procedure (SOP) documents in its associated knowledge base.
-
Multiple knowledge base support: Supports three types of knowledge bases: OSS, Alibaba Cloud DevOps (Codeup), and the built-in SLS knowledge base.
-
Flexible permission configuration: Supports two permission modes: service role and custom role.
-
Custom rules: Allows you to configure default rules to guide the behavior of the digital employee.
Note: SLS DataAgent, built on the digital employee framework, is a Q&A system that relies entirely on SOP documents within its knowledge base. It cannot provide effective answers without one.
Prerequisites
Before you use SLS DataAgent, ensure that you meet the following requirements:
|
User type |
Permission requirements |
|
primary account |
Has all administrative permissions by default and can create a digital employee directly. |
|
RAM user |
Contact your administrator to grant the required permissions. For more information, see Grant permissions to a RAM user. |
Create a digital employee
-
Log on to the Log Service console.
-
Choose Log Apps > SLS DataAgent, and then click Digital Employee.
-
On the digital employee page, click Create Digital Employee in the upper-right corner.
-
In the Create Digital Employee dialog box, configure the following parameters:
Parameter
Required
Description
ID
Yes
The unique identifier for the digital employee. This ID cannot be changed after it is created. We recommend using a combination of letters and numbers, such as
order-system-expert.Display name
Yes
The name displayed for the digital employee in the UI. We recommend using a name that reflects its business purpose, such as "Order System Monitoring Expert" or "Big Data Cluster Inspector".
RAM role type
Yes
Specifies the type of RAM role for the digital employee. You can select one of the following options:
• service role: Use the system-provided service role (no configuration required). The digital employee automatically obtains read permissions for Log Service and ARMS.
• custom role: Select this option if you need to access a specific Model Studio knowledge base or restrict the access scope. You must configure an authorized RAM role ARN. For more information, see Create and authorize a RAM role.
RAM role ARN
Yes
This parameter is required only if you select a custom role. The default service role uses the
ServiceRoleForCloudMonitorrole, which has read permissions for CloudMonitor, Log Service (SLS), and ARMS.Built-in SLS knowledge base
No
If enabled, the digital employee answers questions related to SLS. This is enabled by default.
Description
No
Describe the digital employee's responsibilities and capabilities. For example: "Responsible for daily inspection, anomaly analysis, and root cause analysis for core applications in the order center. Capable of analyzing slow MySQL queries."
Default rules
No
Default rules to guide the digital employee's behavior. We recommend using Markdown syntax. You can define the employee's role, scope of capabilities, and behavioral guidelines.
-
After you configure the parameters, click OK.
Associate a knowledge base
After you create a digital employee, you need to associate a knowledge base with it. If you enabled the Built-in SLS knowledge base option during creation, you can immediately start asking SLS-related questions. To associate a custom knowledge base, refer to the following steps.
SOP knowledge base structure
The SOP knowledge base uses a modular, directory-based structure with SOP.md as the core entry file. This structure allows the agent to autonomously find the information it needs.
The following is a recommended directory structure: accesslog_sop .zip
knowledge_base_root/
├── SOP.md # Core entry file, describes the overview of each knowledge domain
├── accesslog/ # Access log domain
│ ├── overview.md # Domain overview
│ └── troubleshooting.md # Troubleshooting guide
├── monitoring/ # Monitoring domain
│ ├── overview.md
│ └── alert-handling.md
└── ...
In SOP.md, provide an overview of each knowledge domain, and then provide detailed information in the corresponding files within each directory.
Associate the built-in SLS knowledge base
The built-in SLS knowledge base contains standard operating procedures and best practices for Log Service, which helps answer SLS-related questions.
Method 1: Enable during creation
When you create the digital employee, keep the Built-in SLS knowledge base switch enabled.
Method 2: Add after creation
-
In the digital employee list, click the target digital employee to open its details page.
-
Select the Knowledge base tab.
-
Click Add Knowledge Base and select the Built-in knowledge base type.
-
In the Knowledge base ID field, enter
slsand click OK.
Associate an OSS knowledge base
If your SOP documents are stored in OSS, follow these steps to associate an OSS knowledge base.
Prerequisites
-
You have created an OSS bucket and uploaded your SOP documents.
-
You have created and configured a custom RAM role. For details, see Create and authorize a RAM role.
Procedure
-
Change the RAM role type of the digital employee to Custom role and configure the authorized RAM role ARN.
-
On the digital employee details page, select the Knowledge base tab.
-
Click Add Knowledge Base and select the OSS knowledge base type.
-
Configure the following parameters:
Parameter
Description
OSS region
The region where the OSS bucket that stores the SOP documents is located.
OSS bucket
The name of the OSS bucket.
Document library root path
The directory path where the
SOP.mdfile is located. IfSOP.mdis in the root directory of the bucket, enter/. If it is in a subdirectory, enter the full path, such as/docs/sop/. -
Click OK.
Associate an Alibaba Cloud DevOps knowledge base
If you use Alibaba Cloud DevOps (Codeup) to manage your SOP documents, follow these steps to associate an Alibaba Cloud DevOps knowledge base.
Prerequisites
-
You have created a code repository in the Alibaba Cloud DevOps console and uploaded your SOP documents.
-
You have created a personal access token.
Obtain configuration information
-
Organization ID: You can find the organization ID in the page URL. The URL is in the format
https://codeup.aliyun.com/<Organization_ID>/<Repository_Name>\. -
Repository ID: On the code repository page, choose Settings > Basic Information to view the ID.
-
Personal access token:
-
In the Alibaba Cloud DevOps console, click your profile picture in the upper-right corner and select Personal settings.
-
Choose Personal access tokens and click Create Access Token.
-
Set a name, expiration date, and permission scope for the token, and then click Create.
-
Copy and securely save the generated token. The token is displayed only once.
-
Procedure
-
On the digital employee details page, select the Knowledge base tab.
-
Click Add Knowledge Base and select the Alibaba Cloud DevOps knowledge base type.
-
Configure the following parameters:
Parameter
Description
Organization ID
The ID of your Alibaba Cloud DevOps organization.
Repository ID
The ID of your code repository.
Branch name
The branch to associate, such as
masterormain.Personal access token
Your Alibaba Cloud DevOps personal access token.
Document library root path
The directory path where the
SOP.mdfile is located. -
Click OK.
Chat with a digital employee
After you create the digital employee and associate a knowledge base, you can start a conversation.
-
On the SLS DataAgent page, click New Conversation in the left-side menu.
-
In the conversation input box, select the digital employee you want to chat with.
-
Enter your question and press Enter or click the send button.
-
The digital employee answers your question based on the content of the associated knowledge base.
Note: You can set a time range in the upper-right corner of the chat interface. This limits the time frame of the data that the digital employee retrieves.
Appendix
Grant permissions to a RAM user
To use SLS DataAgent as a RAM user, an administrator must first grant you the necessary permissions.
Permission to pass a role
Allows a RAM user to pass a RAM role to the CloudMonitor service. This permission is required when you create a digital employee.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ram:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"acs:Service": "cloudmonitor.aliyuncs.com"
}
}
}
]
}
Note: To restrict the scope of this permission, you can set the Resource to a specific role ARN.
Conversation permissions
Allows a RAM user to only chat with a digital employee.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cms:CreateChat",
"cms:CreateThread",
"cms:GetThread",
"cms:GetThreadData",
"cms:ListThreads"
],
"Resource": "acs:cms:*:*:digitalEmployee/*"
}
]
}
Administrative permissions
Allows a RAM user to manage digital employees, which includes conversation permissions.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cms:CreateChat",
"cms:GetDigitalEmployee",
"cms:ListDigitalEmployees",
"cms:GetThread",
"cms:GetThreadData",
"cms:ListThreads",
"cms:CreateDigitalEmployee",
"cms:UpdateDigitalEmployee",
"cms:DeleteDigitalEmployee",
"cms:CreateThread",
"cms:UpdateThread",
"cms:DeleteThread"
],
"Resource": [
"acs:cms:*:*:digitalemployee/*",
"acs:cms:*:*:digitalemployee/*/thread/*"
]
}
]
}
Create and authorize a RAM role
If you need to use a custom role, such as for accessing an OSS knowledge base, follow these steps to create and authorize a RAM role.
Step 1: Create a RAM role
-
Log on to the RAM console.
-
In the left-side navigation pane, choose Identities > Roles.
-
Click Create Role and select Alibaba Cloud Service as the trusted entity type.
-
Configure the following information:
-
Role name: Enter a custom name for the role.
-
Select trusted service: Select CloudMonitor/Cms.
-
-
Click Complete.
Step 2: Authorize the RAM role
-
Create a custom permission policy. The following policy grants read permissions for OSS and Log Service:
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:GetObject",
"oss:GetObjectAcl",
"oss:ListObjects",
"oss:ListObjectVersions"
],
"Resource": [
"acs:oss:*:*:<OSS_BUCKET_NAME>",
"acs:oss:*:*:<OSS_BUCKET_NAME>/*"
]
},
{
"Effect": "Allow",
"Action": [
"log:Get*",
"log:List*"
],
"Resource": "*"
}
]
}
Note: Replace <OSS_BUCKET_NAME> with the actual name of your OSS bucket.
-
Attach the custom permission policy that you created to the RAM role.
FAQ
Q: Is SLS DataAgent a paid service?
A: SLS DataAgent (formerly Intelligent Q&A Assistant) is currently in public preview and is free of charge.
Q: What is the difference between the SLS DataAgent and the CloudMonitor digital employee?
A: Both are built on the same digital employee framework. SLS DataAgent focuses on question-and-answer scenarios based on SOP documents and is a system driven entirely by a knowledge base. The CloudMonitor digital employee, however, offers a broader range of monitoring and operations capabilities.
Q: Why can't the digital employee answer my question?
A: Check the following:
-
Ensure that a knowledge base is associated and contains relevant content.
-
Verify that the knowledge base has the correct structure and that the core entry file,
SOP.md, exists. -
Confirm that the digital employee has the necessary permissions to access the knowledge base.