Introduction to Splunk Log Observer Connect 🔗
Splunk Log Observer Connect is an integration that allows you to query your Splunk Enterprise or Splunk Cloud Platform logs using the capabilities of Splunk Log Observer and Related Content in Splunk Observability Cloud. With Log Observer Connect, you can troubleshoot your application and infrastructure behavior using high-context logs. Perform codeless queries on your Splunk Enterprise or Splunk Cloud Platform logs to detect the source of problems in your systems, then jump to Related Content throughout Splunk Observability Cloud in one click. Seeing your logs data correlated with metrics and traces in Splunk Observability Cloud helps your team to locate and resolve problems exponentially faster.
Region and version availability 🔗
Splunk Log Observer Connect is available in the AWS regions us0, us1, eu0, eu1, eu2, jp0, and au0, and in the GCP region us2. Splunk Log Observer Connect is compatible with Splunk Enterprise versions 9.0.1 and higher, and Splunk Cloud Platform versions 9.0.2209 and higher. Log Observer Connect is not available for Splunk Cloud Platform trials.
You cannot access logs from a GovCloud environment through Log Observer Connect. However, you can use global data links to link from Log Observer Connect to your GovCloud environment where you can access your logs. For more information on global data links, see Link metadata to related resources using global data links.
What can I do with Log Observer Connect? 🔗
The following table lists features available to customers who have integrated Splunk Enterprise or Splunk Cloud Platform with Splunk Observability Cloud, allowing them to use Log Observer Connect.
Do this |
With this tool |
Link to documentation |
|---|---|---|
View your incoming logs and zoom in or out to the time period of your choice. |
Timeline |
|
Scan logs. |
Logs table |
|
Find out which path in your API has the slowest response time. |
Log aggregations |
|
Search logs by keyword or field. |
Content control bar |
|
Filter your logs to see only logs that contain a field of your choice with the value error. |
Logs table |
|
View the JSON schema of an individual log. |
Log details |
|
See the metrics, traces, and infrastructure related to a specific log. |
Related Content |
|
Save and share Log Observer queries. |
Saved Queries |
Get started with Log Observer Connect 🔗
If you manage Splunk Enterprise in a data center or public cloud and want to begin using Log Observer Connect, see Set up Log Observer Connect for Splunk Enterprise. If you use Splunk Cloud Platform and want to integrate Log Observer Connect, see Set up Log Observer Connect for Splunk Cloud Platform.
Note
You can collect data using both the Splunk Distribution of OpenTelemetry Collector and the Universal Forwarder without submitting any duplicate telemetry data. See Use the Splunk Universal Forwarder with the Collector to learn how.