Docs » Get data into Splunk Observability Cloud

Get data into Splunk Observability Cloud 🔗

The first step toward full-stack observability using Splunk Observability Cloud is getting data from all your infrastructure, applications, and user interfaces into the following products in our suite:

  • Splunk Infrastructure Monitoring

  • Splunk Application Performance Monitoring (APM)

  • Splunk Real User Monitoring (RUM)

  • Splunk Log Observer

Here’s a high-level overview of your options for getting data from each layer of your stack into the Observability Cloud product best suited to provide insights about your data. This diagram also provides a recommended sequence of steps. Splunk highly recommends that you perform steps 1-8 to get the most out of Observability Cloud.

Note

The following task sequence is just a recommendation. Follow the sequence that better suits your workflow and environment.

../../_images/GDI_sequence.png

Depending on your observability goals and environment, you can choose to perform only a subset of the steps. For example, this might be the case if you don’t use every Observability Cloud product or don’t want to collect data from every eligible data source.

Per product integration recommendations 🔗

If you are not yet implementing full-stack observability as described in the diagram above, and are using only one or a few products, see the table below to learn which steps are recommended, optional, or not applicable (n/a) based on which environment you want to use. For example:

  • If you don’t use cloud services, step 1 is not applicable.

  • If you don’t want to collect infrastructure application data, step 3 is optional.

  • If you don’t use serverless functions, skip step 5.

  • If you don’t need to use the Observability Cloud API to collect custom data, disregard step 8.

Step

Infrastructure Monitoring only

APM only

RUM only

Sends logs to Log Observer?

1. Integrate with cloud services

Recommended

n/a

n/a

Yes

2. Configure servers and clusters

Recommended

Recommended

n/a

Yes

3. Configure third-party server apps

Optional

Optional

n/a

Yes

4. Instrument homegrown apps

Optional

Recommended

n/a

Yes

5. Instrument serverless functions

Optional

Recommended

n/a

No

6. Configure homegrown apps and serverless functions to send custom data

n/a

n/a

Recommended

No

7. Instrument user interfaces

Recommended

Recommended

n/a

No

8. Use the API to send custom data

Optional

Optional

n/a

Yes


1. Integrate with cloud services to send metrics and logs 🔗

If you are using cloud services for your infrastructure, the first step is to integrate these services with Observability Cloud.

This integration can send:

  • Metrics and metadata; such as tags, labels and properties; to Infrastructure Monitoring

  • Logs to Log Observer (AWS and GCP)

After you’ve integrated with your cloud services, you can access your data in the following locations:

Steps 🔗

For example, you might want to use the guided setup if you are setting up just a few integrations, such as five or less. However, if you are setting up many integrations, such as for different accounts and regions, use the API or Terraform. Note that if you need all of the latest integration features, you may want to use the API because support may not yet be available using Terraform.

Troubleshooting 🔗

For help with an Amazon Web Services integration, see Troubleshoot your AWS connection.

For help with other questions, contact Splunk Observability Cloud support.

2. Configure servers and clusters to send metrics and logs 🔗

Install the Splunk OpenTelemetry Collector on any servers (hosts) or in any clusters you are using as a part of your infrastructure. For example, this might mean installing the Splunk OpenTelemetry Collector on servers running in your data center or on a virtual machine running in the cloud.

The Splunk OpenTelemetry Collector:

After you’ve installed the Splunk OpenTelemetry Collector and configured your servers and clusters, you can access your data in the following locations:

Steps 🔗

One of the benefits of using the Splunk OpenTelemetry Collector to send your data to Observability Cloud is that Related Content, a feature that enables users to seamlessly move between key views in Observability Cloud, is easier to implement. For more information, see Related Content in Splunk Observability Cloud.

Troubleshooting 🔗

For help with Splunk OpenTelemetry Collector installation, see Troubleshoot issues when collecting data.

For help with other questions, contact Splunk Observability Cloud support.

3. Configure third-party server applications to send metrics, logs, and traces 🔗

After you’ve completed step 2. Configure servers and clusters to send metrics and logs in which you installed the Splunk OpenTelemetry Collector on your servers (hosts) or in your clusters, you can now configure Splunk OpenTelemetry Collector receivers for any of these third-party applications running on your servers or in your clusters.

For example, these receivers can send data from applications; such as Apache, Cassandra, Hadoop, Kafka, and NGINX; that are running on your servers and in your clusters.

This integration can send:

  • Metrics to Infrastructure Monitoring

  • Logs to Log Observer

  • Traces to APM (SignalFx Forwarder only)

After you’ve configured Splunk OpenTelemetry Collector receivers for your desired server applications, you can access your data in the following locations:

Steps 🔗

For information about available server application receivers and how to configure them, see Configure application receivers.

Troubleshooting 🔗

For help with Splunk OpenTelemetry Collector application receiver configuration, see Troubleshoot issues when collecting data.

For help with other questions, contact Splunk Observability Cloud support.

4. Instrument homegrown applications to send traces, logs, and metrics 🔗

You can choose to instrument your homegrown applications that you’ve developed in-house to send data to Observability Cloud.

This integration can send:

  • Traces to APM

  • Logs (events) to Log Observer

  • Metrics to Infrastructure Monitoring (Java only)

After you’ve instrumented your application, you can access your data in the following locations:

Steps 🔗

See the instrumentation documentation for your application’s language:

One of the benefits of using Splunk Distribution of OpenTelemetry Collector to send your data to Observability Cloud is that Related Content, a feature that enables users to seamlessly move between key views in Observability Cloud, is much easier to implement. For more information, see Related Content in Splunk Observability Cloud.

Troubleshooting 🔗

For help with application instrumentation, see Troubleshoot your instrumentation.

For help with other questions, contact Splunk Observability Cloud support.

5. Instrument serverless functions to send traces and metrics 🔗

You can choose to instrument your serverless functions.

Note: This step is about bringing in built-in metrics and traces. Once you have a chance to familiarize yourself with your data coming in, you can use this same instrumentation to bring in custom data. For more information, see step 7. Configure homegrown applications and serverless functions to send custom data.

This integration can send:

  • Traces to APM

  • Metrics to Infrastructure Monitoring

After you’ve instrumented your serverless functions, you can access your data in the following locations:

Steps 🔗

To instrument your AWS Lambda serverless functions, see Instrument serverless functions for Splunk Observability Cloud.

Troubleshooting 🔗

For help with instrumenting your AWS Lambda serverless functions, see Troubleshoot the Splunk OpenTelemetry Lambda Layer.

For help with other questions, contact Splunk Observability Cloud support.

6. Instrument user interfaces to send user sessions 🔗

You can choose to instrument browser and mobile user interfaces to monitor front-end application user experiences.

This integration sends user sessions to RUM.

After you’ve instrumented your user interfaces, you can use RUM to start reviewing key metrics and vitals, as well as investigate errors in your spans:

This screenshot shows an example of the Splunk RUM landing page

Steps 🔗

Troubleshooting 🔗

For help with instrumenting user interfaces, contact Splunk Observability Cloud support.

7. Configure homegrown applications and serverless functions to send custom data 🔗

Now that you have built-in data from your full stack flowing into Observability Cloud, assess whether there are custom data points you need to bring in. You can configure applications to send custom metrics and instrument serverless functions to send custom traces.

For many teams, some of the most meaningful data is custom data because you can define these data points to focus on what is most important to you in your specific environment.

For example, if you run an e-commerce site, you might configure your application to send a custom metric about the number of orders placed. You can then create a detector to receive an alert when the number of orders drops significantly. You might also configure your application to send a custom metric about how long payment processing takes. You can then create a detector to issue alerts when the processing time exceeds a threshold.

This integration can send:

  • Custom metrics to Infrastructure Monitoring

  • Custom traces to APM

After you’ve configured your homegrown applications and instrumented your serverless functions to send custom metrics and traces, you can access your data in the following locations:

Configuration steps for homegrown applications 🔗

Use the library for your application’s language:

Instrument serverless functions 🔗

To instrument your AWS Lambda serverless functions, see Instrument serverless functions for Splunk Observability Cloud.

Troubleshooting 🔗

For help with configuring homegrown applications to send custom data to Observability Cloud, file an issue in the associated client library GitHub repo.

For help with instrumenting your AWS Lambda serverless functions, see Troubleshoot the Splunk OpenTelemetry Lambda Layer.

For help with other questions, contact Splunk Observability Cloud support.

8. Use the Observability Cloud API to send custom data 🔗

Now that you have built-in data from your full stack flowing into Observability Cloud, assess whether there are custom data points you need to bring in. You can use the Observability Cloud API to bring in custom data.

You might want to use the API if you want to integrate with:

  • A third-party tool that provides an API/webhook integration only.

  • An application written in a language we don’t provide a library for.

This API integration can send all types of data to Observability Cloud. While you can use the API to send logs to Log Observer, we recommend using other integration types to do so. For details about which integrations can send logs to Log Observer, see Per product integration recommendations.

After you’ve configured your integration to send custom data, you can access your data in the following locations:

Steps 🔗

For information about using the Observability Cloud API to send custom data, see Observability Cloud REST APIs for sending data points.

Troubleshooting 🔗

For help with using the Observability Cloud API to send custom data, contact Splunk Observability Cloud support.

Next steps 🔗

Once you have your desired full stack of data coming into Observability Cloud, consider exploring the following features that can help you monitor, visualize, and coordinate team work around your data: