LLM Features Settings
Timesketch includes experimental features leveraging Large Language Models (LLMs) to enhance analysis capabilities. These features include event summarization and AI-generated queries (NL2Q - Natural Language to Query). This document outlines the steps required for users to enable these features.
Note: This requires your Timesketch administrator to have set-up the necessary LLM configuration.
Enabling LLM Features (users)
Users can control the LLM features through the Settings dialog in the Timesketch UI. These settings are configured on a per-user/per-instance basis, not per Sketch.
- Access the Settings Dialog: Log in to Timesketch and navigate to the "Settings" section (usually found in the user menu).
- Enable/Disable Main Switch: A main switch is available to enable or disable all experimental AI features.
- Individual Feature Controls: Within the Settings dialog, you'll find individual switches to control, such as:
- LLM event summarization
- AI-generated queries (NL2Q)
