Content Pack for Splunk Observability Cloud

Content Pack for Splunk Observability Cloud

This documentation does not apply to the most recent version of Content Pack for Splunk Observability Cloud. For documentation on the most recent version, go to the latest release.

About the Content Pack for Splunk Observability Cloud

The Content Pack for Splunk Observability Cloud enables IT Service Intelligence (ITSI) users and IT Essentials Work (ITE Work) users to visualize and investigate the health of applications that use Splunk Observability Cloud. The content pack provides a seamless experience for IT Ops personnel to combine monitoring of Splunk Observability Cloud, including Splunk Infrastructure Monitoring, Splunk APM, and Splunk Synthetic Monitoring, with business services monitoring to gain a more complete view of their enterprise.

The Content Pack for Splunk Observability Cloud also includes Splunk Real User Monitoring (RUM) and RUM Mobile, so that you can monitor your web properties, apps, and cloud footprint by leveraging real user data together with the other data sources already in your ITSI or ITE Work environment.

Observability Content Pack v3 Service Tree with RUM and RUM Mobile


Content pack features

The content pack provides a robust collection of features for you to monitor the performance of your applications.

Dashboards

The content pack includes several dashboards so that you can access data for Splunk APM, Splunk Infrastructure Monitoring, Splunk Real User Monitoring, and Splunk Synthetic Monitoring in one place.

Entity searches

The content pack includes 14 entity searches. You can enable these searches when you are ready to run them to import your Observability Cloud entities. See Enable your Splunk Observability Cloud entity searches for steps to enable the searches.

Entity types

The content pack includes 15 custom entity types, including three to support aspects of Real User Monitoring, plus one for each of the metrics from the Splunk Infrastructure Monitoring Add-on, one for Splunk APM, and one for each of the metrics from the Splunk Synthetic Monitoring Add-on.

  • AWS EC2
  • AWS Lambda
  • Azure Functions
  • Azure VM
  • GCP Cloud Functions
  • GCP Compute Engine
  • OS Hosts
  • RUM App Metrics
  • RUM Browser Metrics
  • RUM Synthetic Metrics
  • Splunk Infrastructure Monitoring
  • Splunk APM
  • Synthetic API Test
  • Synthetic Browser Test
  • Synthetic HTTP Test

Glass tables

The content pack includes seven glass tables that you can use to monitor the performance of your applications at a high level.

  • The Observability_DevOps SRE Detailed View glass table provides insights across Splunk Synthetic Monitoring, Splunk Application Performance Management, Splunk Real User Monitoring, and Splunk Infrastructure Monitoring at a summary level, as well as two levels down.
  • The Observability_Executive Glass Table delivers rolled-up insights across three major observability areas: Splunk Synthetic Monitoring, Splunk Infrastructure Monitoring, and Splunk Application Performance Monitoring.
  • The Observability_NOC Glass Table [Layered] is designed for a 40-foot wall or hallway monitor, enables visibility and awareness, showing the trend and history along with current state for all your critical key performance indicators (KPIs) in summary form.
  • The Observability_Overview [Columns] glass table provides a quick overview of the four major observability areas: Splunk Synthetic Monitoring, Splunk Application Performance Monitoring, Splunk Real User Monitoring (RUM) and Splunk Infrastructure Monitoring.
  • The Observability_Overview [Layered with Radio Gauges] glass table provides immediate insight and results, which can be viewed at a distance, with radio gauges on the left side making it easy to know the status of Splunk Synthetic Monitoring, Splunk Application Performance Monitoring, Splunk Real User Monitoring (RUM) and Splunk Infrastructure Monitoring for your environment at a glance.
  • The Observability_RUM_ Executive Glass Table delivers rolled-up insights specific to Splunk Real User Monitoring (RUM) and RUM Mobile applications.
  • The Observability_RUM_ Overview [Columns] glass table displays your Real User Monitoring landscape in one window, showing the overall health of real user sessions in apps, native browsers, and synthetic user tests on the right, and clickable color-coded KPIs on the left.

KPI base searches and metrics

The content pack includes these KPI base searches with 70+ associated metrics.

  • RUM_App_Base
  • RUM_Browser_Base
  • RUM_Synthetics_Base
  • SIM_cloud_aws_ec2
  • SIM_cloud_aws_lambda
  • SIM_cloud_azure_functions
  • SIM_cloud_azure_vm
  • SIM_cloud_gcp_compute
  • SIM_cloud_gcp_functions
  • SIM_containers
  • SIM_data_center_hosts
  • SIM_kubernetes
  • SplunkAPM Rate Base Search
  • SSM_api_tests
  • SSM_browser_tests
  • SSM_http_tests

Services and KPIs

The content pack includes 33 services with 98 KPIs. For a full list of services and KPIs, see the KPI reference for the Content Pack for Splunk Observability Cloud.

Service analyzer

The content pack includes a preconfigured saved service analyzer view called Splunk Observability Cloud that provides visual representation of your Splunk Observability Cloud services and the dependencies between them. You can use this custom view to see the KPIs associated with a service.

Vital metrics

The entity types in this content pack contain a set of vital metrics which describe the overall performance the entities within it. You can view these metrics on the Entity Health page and drill down further into individual Observability Cloud entities.

ITSI and ITE Work support

The content in Content Pack for Splunk Observability Cloud is supported in both ITSI and ITE Work. The features available in ITE Work are a subset of the full feature set available in the content pack for ITSI.

Objects ITE Work ITSI
Dashboards 7 7
Entity searches 14 14
Entity types 15 15
Glass tables 0 7
KPIs 0 98
KPI base searches 0 16
Services 0 33
Service analyzer dashboards 0 1
Service templates 0 6
Vital metrics 38 38

Installation

You can install the Content Pack for Splunk Observability Cloud after installing the Splunk App for Content Packs on the search head where you have installed ITSI or ITE Work. For detailed installation and configuration instructions, see Install and configure the Content Pack for Splunk Observability Cloud.

Deployment requirements

Review these version compatibility requirements for the Content Pack for Splunk Observability Cloud.

Content pack version ITSI version ITE Work version Splunk App for Content Packs version Splunk Infrastructure Monitoring Add-on version
1.0.0 4.9.4, 4.11.x 4.9.4, 4.11.x 1.4.0 1.2.0
2.0.0 4.11.x and higher 4.11.x and higher 1.6.0 1.2.2
3.0.0 4.11.x and higher 4.11.x and higher 1.8.0 1.2.2

Content pack object conflicts

The Content Pack for Splunk Observability Cloud contains these objects that conflict with either the Content Pack for Splunk Infrastructure Monitoring or the Content Pack for Splunk Synthetic Monitoring.

See the Migrate from the Content Pack for Splunk Synthetic Monitoring to the Content Pack for Splunk Observability Cloud and Migrate from the Content Pack for Splunk Infrastructure Monitoring to the Content Pack for Splunk Observability Cloud topics for migration steps.

Object name Object type Conflicting content pack
AWS EC2 Service The Content Pack for Splunk Infrastructure Monitoring
AWS Lambda Service The Content Pack for Splunk Infrastructure Monitoring
AWS Services The Content Pack for Splunk Infrastructure Monitoring
Azure Functions Service The Content Pack for Splunk Infrastructure Monitoring
Azure VM Service The Content Pack for Splunk Infrastructure Monitoring
Azure Service The Content Pack for Splunk Infrastructure Monitoring
GCP Cloud Functions Service The Content Pack for Splunk Infrastructure Monitoring
GCP Compute Engine Service The Content Pack for Splunk Infrastructure Monitoring
GCP Service The Content Pack for Splunk Infrastructure Monitoring
AWS EC2 Entity type The Content Pack for Splunk Infrastructure Monitoring
AWS Lambda Entity type The Content Pack for Splunk Infrastructure Monitoring
Azure Functions Entity type The Content Pack for Splunk Infrastructure Monitoring
GCP Cloud Functions Entity type The Content Pack for Splunk Infrastructure Monitoring
GCP Compute Engine Entity type The Content Pack for Splunk Infrastructure Monitoring
Splunk Infrastructure Monitoring Entity type The Content Pack for Splunk Infrastructure Monitoring
Synthetic API Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic Benchmark Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic Content Entity Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic HTTP Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic Real Browser Entity type The Content Pack for Splunk Synthetic Monitoring

Additional resources

Last modified on 27 February, 2024
  Release notes for the Content Pack for Splunk Observability Cloud

This documentation applies to the following versions of Content Pack for Splunk Observability Cloud: 3.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters