Observability
  • API docs
  • Blog
  • Training
  • Free Trial

Splunk

GET STARTED

  • Welcome to Splunk Observability Cloud
  • Get started
  • Use cases
  • Splunk Observability Cloud and the Splunk platform TOGGLE
  • Support

DATA MANAGEMENT

  • Get data into Splunk Observability Cloud
  • Supported integrations
  • Connect to your cloud service provider TOGGLE
  • Collect infrastructure metrics and logs TOGGLE
  • Instrument back-end services TOGGLE
  • Instrument serverless functions TOGGLE
  • Instrument front-end applications TOGGLE
  • Available host and application monitors TOGGLE
  • Splunk Distribution of OpenTelemetry Collector TOGGLE
  • Other data ingestion methods
  • SignalFx Smart Agent (Deprecated) TOGGLE

UNDERSTAND AND ANALYZE YOUR DATA

  • Data types in Splunk Observability Cloud
  • Metrics and events TOGGLE
  • SignalFlow and analytics TOGGLE

DASHBOARDS AND CHARTS

  • Dashboards TOGGLE
  • Charts TOGGLE
  • Navigate with data links
  • Override default time range
  • Read and write permissions
  • Related Content
  • Enable Related Content

ALERTS AND DETECTORS

  • Introduction to alerts and detectors
  • Alerts and detectors use case library TOGGLE
  • AutoDetect in Splunk Observability Cloud
  • List of available AutoDetect detectors
  • Create detectors to trigger alerts
  • View and manage permissions for detectors
  • Link detectors to charts
  • Manage notification subscribers
  • Detector options
  • Preview detector alerts
  • View alerts
  • View detectors
  • Built-in alert conditions TOGGLE
  • Mute alert notifications
  • Auto-clearing alerts
  • Troubleshoot detectors

APM

  • Introduction to Splunk APM
  • Key concepts in Splunk APM
  • Use cases: Troubleshoot errors and monitor application performance TOGGLE
  • Set up Splunk APM TOGGLE
  • Manage services, spans, and traces in Splunk APM TOGGLE
  • Analyze services with span tags and MetricSets TOGGLE
  • Correlate traces to track Business Workflows TOGGLE
  • Visualize and alert on your application in Splunk APM TOGGLE
  • AlwaysOn Profiling TOGGLE
  • Monitor Database Query Performance TOGGLE
  • Use Data Links to connect APM properties to relevant resources TOGGLE

INFRASTRUCTURE

  • Introduction
  • Key concepts
  • Quick start tutorial
  • Set up Infrastructure Monitoring
  • Monitor services and hosts
  • Use navigators
  • Metrics pipeline management TOGGLE
  • Network Explorer TOGGLE
  • Virtual metrics
  • Resolution and data retention
  • Resolution and data retention (DPM)
  • System limits

LOG OBSERVER

  • Splunk Log Observer Connect TOGGLE
  • Splunk Log Observer TOGGLE
    • Introduction to Splunk Log Observer
    • Set up Log Observer
    • View overall system health using Timeline
    • Verify changes to monitored systems with Live Tail
    • Query logs in Log Observer
    • Browse logs in the logs table
    • Search logs by keywords or fields
    • Filter logs by field
    • Create field aliases
    • View individual log details and create a field extraction processor
    • Display a field separately in the log details flyout
    • Group logs by fields using log aggregation
    • Apply processing rules across historical data
    • Save and share Log Observer queries
    • Add logs data to Splunk Observability Cloud dashboards
    • Manage the logs pipeline
    • Transform your data with log processing rules
    • Create metrics from your logs with log metricization rules
    • Archive your logs with infinite logging rules
    • Where does a log’s logical time come from?
    • Log Observer limits

RUM

  • Introduction to Splunk RUM
  • Key concepts in Splunk RUM
  • Splunk RUM use case library TOGGLE
  • Set up Splunk RUM
  • Data collected by Splunk RUM
  • Create custom events
  • Error monitoring and crash aggregation in Tag spotlight
  • Filter your data by tags in Splunk RUM
  • Write custom rules for URL grouping in Splunk RUM
  • Alert on Splunk RUM data
  • Splunk RUM dashboards TOGGLE
  • Splunk RUM metrics reference
  • Experiment with the demo applications for Splunk RUM for Mobile
  • System limits for Splunk RUM
  • Third-party software

SYNTHETICS

  • Introduction to Splunk Synthetic Monitoring
  • Key concepts in Splunk Synthetic Monitoring
  • Synthetics use case library TOGGLE
  • Set up Splunk Synthetic Monitoring
  • Use a browser test to test a webpage TOGGLE
  • Use an Uptime Test to test port or HTTP uptime TOGGLE
  • Use an API Test to test an endpoint TOGGLE
  • Configure your tests TOGGLE

INCIDENT INTELLIGENCE

  • Introduction to Splunk Incident Intelligence
  • Splunk Incident Intelligence overview
  • Key concepts in Splunk Incident Intelligence
  • Set up Incident Intelligence
  • Ingest alerts in Incident Intelligence TOGGLE
  • Create and configure incident policies
  • Create and manage on-call schedules TOGGLE
  • Respond to and manage incidents TOGGLE
  • Manage notifications from Incident Intelligence TOGGLE

MOBILE

  • Introduction to Splunk Observability Cloud for Mobile
  • Download the app
  • View dashboards and alerts
  • Set your on-call notification preferences

ADMINISTER OBSERVABILITY CLOUD

  • Set up and administer Splunk Observability Cloud
  • Use case: Maintain a secure organization with many teams and users
  • About SSO integrations for Splunk Observability Cloud TOGGLE
  • Create and manage authentication tokens TOGGLE
  • Allow Splunk Observability Cloud services in your network
  • Create and manage users
  • Create and manage teams TOGGLE
  • Send alert notifications to third-party services TOGGLE
  • Link metadata to related resources using global data links
  • View organization metrics
  • Monitor subscription usage TOGGLE

SETTINGS AND REFERENCE

  • Password and contact information
  • Organizations
  • Teams
  • Time zone and color accessibility settings
  • API access token
  • Supported browsers
  • Third-party software credits
  • Data retention
  • Per product limits
  • Glossary

Related Topics

  • Documentation overview
    • Previous: Log Observer Connect limits
    • Next: Introduction to Splunk Log Observer
Docs » Splunk Log Observer
Edit this page

Splunk Log Observer 🔗

  • Introduction to Splunk Log Observer

  • Set up Log Observer

  • View overall system health using Timeline

  • Verify changes to monitored systems with Live Tail

  • Query logs in Log Observer

  • Browse logs in the logs table

  • Search logs by keywords or fields

  • Filter logs by field

  • Create field aliases

  • View individual log details and create a field extraction processor

  • Display a field separately in the log details flyout

  • Group logs by fields using log aggregation

  • Apply processing rules across historical data

  • Save and share Log Observer queries

  • Add logs data to Splunk Observability Cloud dashboards

  • Manage the logs pipeline

    • Transform your data with log processing rules

    • Create metrics from your logs with log metricization rules

    • Archive your logs with infinite logging rules

  • Where does a log’s logical time come from?

  • Log Observer limits

If you do not have a Log Observer entitlement and instead use Log Observer Connect, see Splunk Log Observer Connect.


❮
Previous
Log Observer Connect limits
Next
Introduction to Splunk Log Observer
❯



  • API docs
  • Blog
  • Training
  • Free Trial

Was this topic useful?

Was this documentation topic helpful?

Please specify the reason

Comment should have minimum 5 characters and maximum of 1000 characters.

Submit

Feedback submitted, thanks!

Splunk

GET STARTED

  • Welcome to Splunk Observability Cloud
  • Get started
  • Use cases
  • Splunk Observability Cloud and the Splunk platform TOGGLE
  • Support

DATA MANAGEMENT

  • Get data into Splunk Observability Cloud
  • Supported integrations
  • Connect to your cloud service provider TOGGLE
  • Collect infrastructure metrics and logs TOGGLE
  • Instrument back-end services TOGGLE
  • Instrument serverless functions TOGGLE
  • Instrument front-end applications TOGGLE
  • Available host and application monitors TOGGLE
  • Splunk Distribution of OpenTelemetry Collector TOGGLE
  • Other data ingestion methods
  • SignalFx Smart Agent (Deprecated) TOGGLE

UNDERSTAND AND ANALYZE YOUR DATA

  • Data types in Splunk Observability Cloud
  • Metrics and events TOGGLE
  • SignalFlow and analytics TOGGLE

DASHBOARDS AND CHARTS

  • Dashboards TOGGLE
  • Charts TOGGLE
  • Navigate with data links
  • Override default time range
  • Read and write permissions
  • Related Content
  • Enable Related Content

ALERTS AND DETECTORS

  • Introduction to alerts and detectors
  • Alerts and detectors use case library TOGGLE
  • AutoDetect in Splunk Observability Cloud
  • List of available AutoDetect detectors
  • Create detectors to trigger alerts
  • View and manage permissions for detectors
  • Link detectors to charts
  • Manage notification subscribers
  • Detector options
  • Preview detector alerts
  • View alerts
  • View detectors
  • Built-in alert conditions TOGGLE
  • Mute alert notifications
  • Auto-clearing alerts
  • Troubleshoot detectors

APM

  • Introduction to Splunk APM
  • Key concepts in Splunk APM
  • Use cases: Troubleshoot errors and monitor application performance TOGGLE
  • Set up Splunk APM TOGGLE
  • Manage services, spans, and traces in Splunk APM TOGGLE
  • Analyze services with span tags and MetricSets TOGGLE
  • Correlate traces to track Business Workflows TOGGLE
  • Visualize and alert on your application in Splunk APM TOGGLE
  • AlwaysOn Profiling TOGGLE
  • Monitor Database Query Performance TOGGLE
  • Use Data Links to connect APM properties to relevant resources TOGGLE

INFRASTRUCTURE

  • Introduction
  • Key concepts
  • Quick start tutorial
  • Set up Infrastructure Monitoring
  • Monitor services and hosts
  • Use navigators
  • Metrics pipeline management TOGGLE
  • Network Explorer TOGGLE
  • Virtual metrics
  • Resolution and data retention
  • Resolution and data retention (DPM)
  • System limits

LOG OBSERVER

  • Splunk Log Observer Connect TOGGLE
  • Splunk Log Observer TOGGLE
    • Introduction to Splunk Log Observer
    • Set up Log Observer
    • View overall system health using Timeline
    • Verify changes to monitored systems with Live Tail
    • Query logs in Log Observer
    • Browse logs in the logs table
    • Search logs by keywords or fields
    • Filter logs by field
    • Create field aliases
    • View individual log details and create a field extraction processor
    • Display a field separately in the log details flyout
    • Group logs by fields using log aggregation
    • Apply processing rules across historical data
    • Save and share Log Observer queries
    • Add logs data to Splunk Observability Cloud dashboards
    • Manage the logs pipeline
    • Transform your data with log processing rules
    • Create metrics from your logs with log metricization rules
    • Archive your logs with infinite logging rules
    • Where does a log’s logical time come from?
    • Log Observer limits

RUM

  • Introduction to Splunk RUM
  • Key concepts in Splunk RUM
  • Splunk RUM use case library TOGGLE
  • Set up Splunk RUM
  • Data collected by Splunk RUM
  • Create custom events
  • Error monitoring and crash aggregation in Tag spotlight
  • Filter your data by tags in Splunk RUM
  • Write custom rules for URL grouping in Splunk RUM
  • Alert on Splunk RUM data
  • Splunk RUM dashboards TOGGLE
  • Splunk RUM metrics reference
  • Experiment with the demo applications for Splunk RUM for Mobile
  • System limits for Splunk RUM
  • Third-party software

SYNTHETICS

  • Introduction to Splunk Synthetic Monitoring
  • Key concepts in Splunk Synthetic Monitoring
  • Synthetics use case library TOGGLE
  • Set up Splunk Synthetic Monitoring
  • Use a browser test to test a webpage TOGGLE
  • Use an Uptime Test to test port or HTTP uptime TOGGLE
  • Use an API Test to test an endpoint TOGGLE
  • Configure your tests TOGGLE

INCIDENT INTELLIGENCE

  • Introduction to Splunk Incident Intelligence
  • Splunk Incident Intelligence overview
  • Key concepts in Splunk Incident Intelligence
  • Set up Incident Intelligence
  • Ingest alerts in Incident Intelligence TOGGLE
  • Create and configure incident policies
  • Create and manage on-call schedules TOGGLE
  • Respond to and manage incidents TOGGLE
  • Manage notifications from Incident Intelligence TOGGLE

MOBILE

  • Introduction to Splunk Observability Cloud for Mobile
  • Download the app
  • View dashboards and alerts
  • Set your on-call notification preferences

ADMINISTER OBSERVABILITY CLOUD

  • Set up and administer Splunk Observability Cloud
  • Use case: Maintain a secure organization with many teams and users
  • About SSO integrations for Splunk Observability Cloud TOGGLE
  • Create and manage authentication tokens TOGGLE
  • Allow Splunk Observability Cloud services in your network
  • Create and manage users
  • Create and manage teams TOGGLE
  • Send alert notifications to third-party services TOGGLE
  • Link metadata to related resources using global data links
  • View organization metrics
  • Monitor subscription usage TOGGLE

SETTINGS AND REFERENCE

  • Password and contact information
  • Organizations
  • Teams
  • Time zone and color accessibility settings
  • API access token
  • Supported browsers
  • Third-party software credits
  • Data retention
  • Per product limits
  • Glossary

Related Topics

  • Documentation overview
    • Previous: Log Observer Connect limits
    • Next: Introduction to Splunk Log Observer
Privacy | Terms | Export Control | © 2005 - 2022 Splunk Inc. All rights reserved.
Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.
Feedback