Create an AI Ops Assistant Using Elasticsearch for Real‑Time Monitoring & NL Queries

Solution Advantages

Real‑time monitoring & intelligent diagnosis – The AI assistant calls Elasticsearch APIs to fetch cluster status, builds visual dashboards and helps operators locate issues quickly.

Natural language query – Users input plain‑language commands; the assistant translates them into complex Elasticsearch DSL queries, removing the need to know the syntax.

Full‑process automation – From query construction to execution and performance tuning, the assistant automates the entire workflow, improving efficiency and result reliability.

Lower technical threshold – Intelligent suggestions and guided operations enable non‑technical staff to perform troubleshooting, threat detection and data analysis.

Solution Architecture

The solution uses Alibaba Cloud Elasticsearch combined with the AI Search Open Platform model service and Kibana for visualization, turning Elasticsearch from a log store into an intelligent decision hub.

Solution Deployment

The solution supports one‑click deployment via ROS. Create an Elasticsearch instance using the provided parameters:

Available zone ID – example uses zone K.

Kibana public whitelist IP – enter the current public IP.

Instance password – set a custom password for the Elasticsearch instance.

After configuration, the instance is created in about 12 minutes.

Solution Validation

1. Import sample data – Use Kibana to load the eCommerce orders and web logs sample datasets.

2. Assist cluster operation and index management

Example command: 创建名为 test 的索引，并将其副本数设置为10 Query cluster status: 查询集群状态 List current indices (excluding hidden/system):

请列出当前集群的索引，不要包含隐藏索引或者系统索引

Analyze device info:

分析 kibana_sample_data_logs 索引，查询最近一天请求的 machine.os top 10，并制作图表

Query PV and UV: 分析 kibana_sample_data_logs 索引，今日 PV 和 UV Problem consulting example:

请对 kibana_sample_data_ecommerce 索引执行以下操作：1、列出所有唯一的商品分类名称；2、提供对应的 Elasticsearch DSL 查询语句

Resource Cleanup

After testing, delete the ROS‑deployed cloud resources and the AI Search Open Platform API keys to avoid further charges.

Delete the ROS stack via the ROS console.

Disable then delete the API keys in the AI Search Open Platform.