name | description | languages | products | page_type | urlFragment | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ChatGPT + Enterprise data |
Chat with your data using OpenAI and AI Search. |
|
|
sample |
azure-search-openai-demo |
Important
As of November 15, 2023, Azure Cognitive Search has been renamed to Azure AI Search.
Announcing JavaScript, .NET, and Java samples based on this one in Python. Learn more at https://aka.ms/azai.
- Features
- Azure account requirements
- Azure deployment
- Sharing environments
- Enabling optional features
- Using the app
- Running locally
- Monitoring with Application Insights
- Customizing the UI and data
- Productionizing
- Clean up
- Troubleshooting
- Resources
This sample demonstrates a few approaches for creating ChatGPT-like experiences over your own data using the Retrieval Augmented Generation pattern. It uses Azure OpenAI Service to access the ChatGPT model (gpt-35-turbo), and Azure AI Search for data indexing and retrieval.
The repo includes sample data so it's ready to try end to end. In this sample application we use a fictitious company called Contoso Electronics, and the experience allows its employees to ask questions about the benefits, internal policies, as well as job descriptions and roles.
- Chat and Q&A interfaces
- Explores various options to help users evaluate the trustworthiness of responses with citations, tracking of source content, etc.
- Shows possible approaches for data preparation, prompt construction, and orchestration of interaction between model (ChatGPT) and retriever (AI Search)
- Settings directly in the UX to tweak the behavior and experiment with options
- Performance tracing and monitoring with Application Insights
πΊ Watch a video overview of the app.
IMPORTANT: In order to deploy and run this example, you'll need:
- Azure account. If you're new to Azure, get an Azure account for free and you'll get some free Azure credits to get started. See guide to deploying with the free trial.
- Azure subscription with access enabled for the Azure OpenAI service. You can request access with this form. If your access request to Azure OpenAI service doesn't match the acceptance criteria, you can use OpenAI public API instead. Learn how to switch to an OpenAI instance.
- Azure account permissions:
- Your Azure account must have
Microsoft.Authorization/roleAssignments/write
permissions, such as Role Based Access Control Administrator, User Access Administrator, or Owner. If you don't have subscription-level permissions, you must be granted RBAC for an existing resource group and deploy to that existing group. - Your Azure account also needs
Microsoft.Resources/deployments/write
permissions on the subscription level.
- Your Azure account must have
Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage. However, you can try the Azure pricing calculator for the resources below.
- Azure App Service: Basic Tier with 1 CPU core, 1.75 GB RAM. Pricing per hour. Pricing
- Azure OpenAI: Standard tier, ChatGPT and Ada models. Pricing per 1K tokens used, and at least 1K tokens are used per question. Pricing
- Azure AI Document Intelligence: SO (Standard) tier using pre-built layout. Pricing per document page, sample documents have 261 pages total. Pricing
- Azure AI Search: Standard tier, 1 replica, free level of semantic search. Pricing per hour. Pricing
- Azure Blob Storage: Standard tier with ZRS (Zone-redundant storage). Pricing per storage and read operations. Pricing
- Azure Monitor: Pay-as-you-go tier. Costs based on data ingested. Pricing
To reduce costs, you can switch to free SKUs for various services, but those SKUs have limitations. See this guide on deploying with minimal costs for more details.
azd down
.
You have a few options for setting up this project. The easiest way to get started is GitHub Codespaces, since it will setup all the tools for you, but you can also set it up locally if desired.
You can run this repo virtually by using GitHub Codespaces, which will open a web-based VS Code in your browser:
A related option is VS Code Dev Containers, which will open the project in your local VS Code using the Dev Containers extension:
- Start Docker Desktop (install it if not already installed)
- Open the project:
- In the VS Code window that opens, once the project files show up (this may take several minutes), open a terminal window
- Run
azd auth login
- Now you can follow the instructions in Deploying below
First install the required tools:
- Azure Developer CLI
- Python 3.9, 3.10, or 3.11
- Important: Python and the pip package manager must be in the path in Windows for the setup scripts to work.
- Important: Ensure you can run
python --version
from console. On Ubuntu, you might need to runsudo apt install python-is-python3
to linkpython
topython3
.
- Node.js 14+
- Git
- Powershell 7+ (pwsh) - For Windows users only.
- Important: Ensure you can run
pwsh.exe
from a PowerShell terminal. If this fails, you likely need to upgrade PowerShell.
- Important: Ensure you can run
Then bring down the project code:
- Create a new folder and switch to it in the terminal
- Run
azd auth login
- Run
azd init -t azure-search-openai-demo
- note that this command will initialize a git repository and you do not need to clone this repository
Follow these steps to provision Azure resources and deploy the application code:
- (Optional) This is the point where you can customize the deployment by setting environment variables, in order to use existing resources, enable optional features, or deploy to free tiers.
- Run
azd up
- This will provision Azure resources and deploy this sample to those resources, including building the search index based on the files found in the./data
folder.- Important: Beware that the resources created by this command will incur immediate costs, primarily from the AI Search resource. These resources may accrue costs even if you interrupt the command before it is fully executed. You can run
azd down
or delete the resources manually to avoid unnecessary spending. - You will be prompted to select two locations, one for the majority of resources and one for the OpenAI resource, which is currently a short list. That location list is based on the OpenAI model availability table and may become outdated as availability changes.
- Important: Beware that the resources created by this command will incur immediate costs, primarily from the AI Search resource. These resources may accrue costs even if you interrupt the command before it is fully executed. You can run
- After the application has been successfully deployed you will see a URL printed to the console. Click that URL to interact with the application in your browser. It will look like the following:
NOTE: It may take 5-10 minutes for the application to be fully deployed. If you see a "Python Developer" welcome screen or an error page, then wait a bit and refresh the page. See guide on debugging App Service deployments.
If you already have existing Azure resources, you can re-use those by setting azd
environment values.
- Run
azd env set AZURE_RESOURCE_GROUP {Name of existing resource group}
- Run
azd env set AZURE_LOCATION {Location of existing resource group}
- Run
azd env set AZURE_OPENAI_SERVICE {Name of existing OpenAI service}
- Run
azd env set AZURE_OPENAI_RESOURCE_GROUP {Name of existing resource group that OpenAI service is provisioned to}
- Run
azd env set AZURE_OPENAI_CHATGPT_DEPLOYMENT {Name of existing ChatGPT deployment}
. Only needed if your ChatGPT deployment is not the default 'chat'. - Run
azd env set AZURE_OPENAI_EMB_DEPLOYMENT {Name of existing GPT embedding deployment}
. Only needed if your embeddings deployment is not the default 'embedding'.
When you run azd up
after and are prompted to select a value for openAiResourceGroupLocation
, make sure to select the same location as the existing OpenAI resource group.
- Run
azd env set OPENAI_HOST openai
- Run
azd env set OPENAI_ORGANIZATION {Your OpenAI organization}
- Run
azd env set OPENAI_API_KEY {Your OpenAI API key}
- Run
azd up
You can retrieve your OpenAI key by checking your user page and your organization by navigating to your organization page. Learn more about creating an OpenAI free trial at this link. Do not check your key into source control.
When you run azd up
after and are prompted to select a value for openAiResourceGroupLocation
, you can select any location as it will not be used.
- Run
azd env set AZURE_SEARCH_SERVICE {Name of existing Azure AI Search service}
- Run
azd env set AZURE_SEARCH_SERVICE_RESOURCE_GROUP {Name of existing resource group with ACS service}
- If that resource group is in a different location than the one you'll pick for the
azd up
step, then runazd env set AZURE_SEARCH_SERVICE_LOCATION {Location of existing service}
- If the search service's SKU is not standard, then run
azd env set AZURE_SEARCH_SERVICE_SKU {Name of SKU}
. If you specify the free tier, then your app will no longer be able to use semantic ranker, and it will use keys instead of managed identity for accessing the search service. Be advised that search SKUs cannot be changed. (See other possible SKU values) - If you have an existing index that is set up with all the expected fields, then run
azd env set AZURE_SEARCH_INDEX {Name of existing index}
. Otherwise, theazd up
command will create a new index.
You can also customize the search service (new or existing) for non-English searches:
- To configure the language of the search query to a value other than "en-US", run
azd env set AZURE_SEARCH_QUERY_LANGUAGE {Name of query language}
. (See other possible values) - To turn off the spell checker, run
azd env set AZURE_SEARCH_QUERY_SPELLER none
. Consult this table to determine if spell checker is supported for your query language. - To configure the name of the analyzer to use for a searchable text field to a value other than "en.microsoft", run
azd env set AZURE_SEARCH_ANALYZER_NAME {Name of analyzer name}
. (See other possible values)
In order to support analysis of many document formats, this repository uses a preview version of Azure Document Intelligence (formerly Form Recognizer) that is only available in limited regions. If your existing resource is in one of those regions, then you can re-use it by setting the following environment variables:
- Run
azd env set AZURE_DOCUMENTINTELLIGENCE_SERVICE {Name of existing Azure AI Document Intelligence service}
- Run
azd env set AZURE_DOCUMENTINTELLIGENCE_LOCATION {Location of existing service}
- Run
azd env set AZURE_DOCUMENTINTELLIGENCE_RESOURCE_GROUP {Name of resource group with existing service, defaults to main resource group}
- Run
azd env set AZURE_DOCUMENTINTELLIGENCE_SKU {SKU of existing service, defaults to S0}
You can also use existing Azure AI Document Intelligence and Storage Accounts. See ./infra/main.parameters.json
for list of environment variables to pass to azd env set
to configure those existing resources.
If you've only changed the backend/frontend code in the app
folder, then you don't need to re-provision the Azure resources. You can just run:
azd deploy
If you've changed the infrastructure files (infra
folder or azure.yaml
), then you'll need to re-provision the Azure resources. You can do that by running:
azd up
To give someone else access to a completely deployed and existing environment, either you or they can follow these steps:
- Install the Azure CLI
- Run
azd init -t azure-search-openai-demo
or clone this repository. - Run
azd env refresh -e {environment name}
They will need the azd environment name, subscription ID, and location to run this command. You can find those values in your.azure/{env name}/.env
file. This will populate their azd environment's.env
file with all the settings needed to run the app locally. - Set the environment variable
AZURE_PRINCIPAL_ID
either in that.env
file or in the active shell to their Azure ID, which they can get withaz ad signed-in-user show
. - Run
./scripts/roles.ps1
or.scripts/roles.sh
to assign all of the necessary roles to the user. If they do not have the necessary permission to create roles in the subscription, then you may need to run this script for them. Once the script runs, they should be able to run the app locally.
We generally find that most developers are able to get high quality answers using GPT 3.5. However, if you want to try GPT-4, you can do so by following these steps:
- In
infra/main.bicep
, changechatGptModelName
to 'gpt-4' instead of 'gpt-35-turbo'. - You may also need to adjust the capacity above that line depending on how much TPM your account is allowed.
This section covers the integration of GPT-4 Vision with Azure AI Search. Learn how to enhance your search capabilities with the power of image and text indexing, enabling advanced search functionalities over diverse document types. For a detailed guide on setup and usage, visit our Enabling GPT-4 Turbo with Vision page.
Azure AI search recently introduced an integrated vectorization feature in preview mode. This feature is a cloud-based approach to data ingestion, which takes care of document format cracking, data extraction, chunking, vectorization, and indexing, all with Azure technologies.
To enable integrated vectorization with this sample:
- If you've previously deployed, delete the existing search index.
- Run
azd env set USE_FEATURE_INT_VECTORIZATION true
- Run
azd up
to update system and user roles - You can view the resources such as the indexer and skillset in Azure Portal and monitor the status of the vectorization process.
By default, the deployed Azure web app will have no authentication or access restrictions enabled, meaning anyone with routable network access to the web app can chat with your indexed data. You can require authentication to your Azure Active Directory by following the Add app authentication tutorial and set it up against the deployed web app.
To then limit access to a specific set of users or groups, you can follow the steps from Restrict your Azure AD app to a set of users by changing "Assignment Required?" option under the Enterprise Application, and then assigning users/groups access. Users not granted explicit access will receive the error message -AADSTS50105: Your administrator has configured the application <app_name> to block users unless they are specifically granted ('assigned') access to the application.-
By default, the deployed Azure web app allows users to chat with all your indexed data. You can enable an optional login system using Azure Active Directory to restrict access to indexed data based on the logged in user. Enable the optional login and document level access control system by following this guide.
By default, the deployed Azure web app will only allow requests from the same origin. To enable CORS for a frontend hosted on a different origin, run:
- Run
azd env set ALLOWED_ORIGIN https://<your-domain.com>
- Run
azd up
For the frontend code, change BACKEND_URI
in api.ts
to point at the deployed backend URL, so that all fetch requests will be sent to the deployed backend.
For an alternate frontend that's written in Web Components and deployed to Static Web Apps, check out azure-search-openai-javascript and its guide on using a different backend. Both these repositories adhere to the same HTTP protocol for RAG chat apps.
You can only run locally after having successfully run the azd up
command. If you haven't yet, follow the steps in Azure deployment above.
- Run
azd auth login
- Change dir to
app
- Run
./start.ps1
or./start.sh
or run the "VS Code Task: Start App" to start the project locally.
See more tips in the local development guide.
- In Azure: navigate to the Azure WebApp deployed by azd. The URL is printed out when azd completes (as "Endpoint"), or you can find it in the Azure portal.
- Running locally: navigate to 127.0.0.1:50505
Once in the web app:
- Try different topics in chat or Q&A context. For chat, try follow up questions, clarifications, ask to simplify or elaborate on answer, etc.
- Explore citations and sources
- Click on "settings" to try different options, tweak prompts, etc.
By default, deployed apps use Application Insights for the tracing of each request, along with the logging of errors.
To see the performance data, go to the Application Insights resource in your resource group, click on the "Investigate -> Performance" blade and navigate to any HTTP request to see the timing data. To inspect the performance of chat requests, use the "Drill into Samples" button to see end-to-end traces of all the API calls made for any chat request:
To see any exceptions and server errors, navigate to the "Investigate -> Failures" blade and use the filtering tools to locate a specific exception. You can see Python stack traces on the right-hand side.
You can also see chart summaries on a dashboard by running the following command:
azd monitor
Once you successfully deploy the app, you can start customizing it for your needs: changing the text, tweaking the prompts, and replacing the data. Consult the app customization guide as well as the data ingestion guide for more details.
This sample is designed to be a starting point for your own production application, but you should do a thorough review of the security and performance before deploying to production. Read through our productionizing guide for more details.
To clean up all the resources created by this sample:
- Run
azd down
- When asked if you are sure you want to continue, enter
y
- When asked if you want to permanently delete the resources, enter
y
The resource group and all the resources will be deleted.
Here are the most common failure scenarios and solutions:
-
The subscription (
AZURE_SUBSCRIPTION_ID
) doesn't have access to the Azure OpenAI service. Please ensureAZURE_SUBSCRIPTION_ID
matches the ID specified in the OpenAI access request process. -
You're attempting to create resources in regions not enabled for Azure OpenAI (e.g. East US 2 instead of East US), or where the model you're trying to use isn't enabled. See this matrix of model availability.
-
You've exceeded a quota, most often number of resources per region. See this article on quotas and limits.
-
You're getting "same resource name not allowed" conflicts. That's likely because you've run the sample multiple times and deleted the resources you've been creating each time, but are forgetting to purge them. Azure keeps resources for 48 hours unless you purge from soft delete. See this article on purging resources.
-
You see
CERTIFICATE_VERIFY_FAILED
when theprepdocs.py
script runs. That's typically due to incorrect SSL certificates setup on your machine. Try the suggestions in this StackOverflow answer. -
After running
azd up
and visiting the website, you see a '404 Not Found' in the browser. Wait 10 minutes and try again, as it might be still starting up. Then try runningazd deploy
and wait again. If you still encounter errors with the deployed app, consult the guide on debugging App Service deployments. Please file an issue if the logs don't help you resolve the error.
- Additional documentation for this app
- π Revolutionize your Enterprise Data with ChatGPT: Next-gen Apps w/ Azure OpenAI and AI Search
- π Azure AI Search
- π Azure OpenAI Service
- π Comparing Azure OpenAI and OpenAI
- π Access Control in Generative AI applications with Azure Cognitive Search
- πΊ Quickly build and deploy OpenAI apps on Azure, infused with your own data
- πΊ AI Chat App Hack series
This is a sample built to demonstrate the capabilities of modern Generative AI apps and how they can be built in Azure. For help with deploying this sample, please post in GitHub Issues. If you're a Microsoft employee, you can also post in our Teams channel.
This repository is supported by the maintainers, not by Microsoft Support, so please use the support mechanisms described above, and we will do our best to help you out.
Note: The PDF documents used in this demo contain information generated using a language model (Azure OpenAI Service). The information contained in these documents is only for demonstration purposes and does not reflect the opinions or beliefs of Microsoft. Microsoft makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the information contained in this document. All rights reserved to Microsoft.