Docs » Splunk Log Observer Connect » Add logs data to Splunk Observability Cloud dashboards

Add logs data to Splunk Observability Cloud dashboards 🔗

On a dashboard, metrics charts show what changed in your systems and when the problem started. Logs data on the same dashboard shows you in detail what is happening and why. Your metrics and logs data on the same dashboard respond to the same time selection and other dashboard filters, allowing you to drill down to the source of the problem faster.

A log view chart displays a table showing log records in chronological order for the duration of the period selected in the time picker. Log views automatically update to dashboard filters. Filter and aggregate logs in Log Observer before creating a log timeline chart.

Note

Log Observer Connect customers can only create log views in dashboards if each Log Observer Connect connection name is unique.

Add logs data to a dashboard 🔗

To add a log view or log timeline chart on a dashboard, follow these steps:

  1. Log into Log Observer and create a query. To learn how, see Search logs by keywords or fields or Filter logs by field.

  2. In the More menu, select Save to dashboard.

  3. Give your log view a name and optionally a description, then select a dashboard.

  4. In Chart type, select Log view, then select Save. Or, to see your new log view on its dashboard, select Save and go to dashboard.

You can now see your new log view along with all other charts on the same dashboard.

Modify your log view from the dashboard 🔗

You cannot directly edit a log view from the dashboard. For example, you cannot edit the column headings or data on your log view chart from the dashboard. You can delete a log view entirely using the More menu. See Chart actions to learn more.

Log views respond to any filter or time selection that you make on the dashboard. For example, when you adjust the Time field in the dashboard global control bar, your log view updates in unison with all other charts on the dashboard.

You can rearrange the columns in your log view by dragging and dropping column headers to a preferred order. You can sort rows in your log view by selecting the column header that you want to sort by.

Chart actions 🔗

You can take six actions on your log view from its dashboard. Select the More menu on the log view, then select one of the following options:

  • View in Log Observer

  • Copy

  • Info

  • Download chart as image

  • Troubleshoot from this Time Window (RUM)

  • Delete

You can only edit the contents of your log view by updating the query you derived it from in Log Observer. Select View in Log Observer to see and edit your log view in Log Observer. In Log Observer, you can update the log view’s filters, including field aliases. See Align log views with metrics charts on the same dashboard to learn more.

Select Copy if you want to paste your log view data elsewhere for further examination.

Select Info to see which user added and last updated the log view.

Select Download chart as image to download your log view as a PNG file.

Select Troubleshoot from this Time Window (RUM) to explore related data in Splunk RUM.

Select Delete to remove your log view from the dashboard. Deleting it from the dashboard does not impact the query you used to create your log view in Log Observer.

Align log views with metrics charts on the same dashboard 🔗

To maneuver seamlessly on your dashboard, it is important that logs fields and corresponding metrics fields use the same field names. You can ensure that field names match by aliasing logs fields when field names do not align.

To align logs data with metrics data, follow these steps:

  1. On the dashboard you are using to determine the source of a problem, take note of the field names of interest on your metrics charts.

  2. In Log Observer, check whether the corresponding logs fields use the same field names. If they do not match, create a field alias for the logs field using the same field name that your metrics charts use. See Create field aliases to learn how.

  3. Create a Log Observer query filtering by the new alias you created in the previous step.

  4. Follow the steps in Add logs data to a dashboard to save your new query as a chart.

Now you can easily cross reference data in your log view and data in your metrics charts. Logs fields that correspond to metrics fields on the same dashboard now use the same field name, so you can drill down to the problem faster.

Note

Field Aliasing does not rename or remove your original logs field name. When you alias a logs field, you can search for it by its original name or by any of its aliases.