Get started guide phase 2: Initial rollout π
After completing the Get started guide phase 1: Onboarding readiness, you are ready for phase 2, initial rollout. In the initial rollout phase, you get your data into Splunk Observability Cloud and set up the Splunk Observability Cloud products that apply to your organization. These products include Infrastructure Monitoring, Application Performance Monitoring (APM), Real User Monitoring (RUM), and Synthetics.
To get a high-level overview of the entire getting started journey for Splunk Observability Cloud, see Get started guide for Splunk Observability Cloud admins.
Note
This guide is for Splunk Observability Cloud users with the admin role.
To configure Splunk Observability Cloud solutions for initial rollout, complete the following tasks if they are relevant to your organization:
Note
Work closely with your Splunk Sales Engineer or Splunk Customer Success Manager as you get started. They can help you fine tune your Splunk Observability Cloud journey and provide best practices, training, and workshop advice.
Select an initial rollout environment to get data in π
To get started with Splunk Observability Cloud, select an environment that supports the use of automatic discovery or the prepackaged integrations with cloud providers including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). See Discover telemetry sources automatically and Connect to your cloud service provider for detailed setup steps.
If you do not have an environment that supports the use of automatic discovery or the cloud service provider integrations, the following sections include additional options for getting data in for specific use cases. You can also get an overview in the Get data into Splunk Observability Cloud guide.
Set up Splunk Infrastructure Monitoring π
Use Splunk Infrastructure Monitoring to get insight into and run analytics on your infrastructure and resources for physical and virtual components across hybrid and multicloud environments. Infrastructure Monitoring offers support for a broad range of integrations for collecting full-fidelity data, from system metrics for infrastructure components to custom data from your applications.
To set up Splunk Infrastructure Monitoring, complete the following steps:
Use the integrations for AWS, Azure, and GCP to collect infrastructure metrics for applications hosted on cloud service providers. See Connect to your cloud service provider.
- Use the integrations for Kubernetes, Linux, and Windows to collect higher-resolution infrastructure metrics and logs.
For the most rapid deployment, use automatic discovery and configuration. See Discover telemetry sources automatically.
If automatic discovery does not support your use case, install the Collector for your data source. See Collect Kubernetes data, Collect Linux data, or Collect Windows data.
Set up Splunk Application Performance Monitoring (APM) π
Use Splunk APM to monitor and troubleshoot microservices-based applications. Splunk APM monitors applications by collecting distributed traces, which are a collection of spans or actions that complete a transaction. After you instrument your applications, Splunk APM collects and analyzes every trace and span and provides full-fidelity, infinite-cardinality exploration of trace data. Use Splunk APM trace data to break down and analyze application performance across any dimension.
To set up Splunk APM, complete the following steps:
If you used automatic discovery and configuration to instrument your infrastructure, youβre already capturing APM data for supported technologies. See Discover telemetry sources automatically.
To send APM trace data for technologies not supported by automatic discovery, deploy the Splunk Distribution of the OpenTelemetry Collector. Follow the guided setup steps for the Collector for Kubernetes, Linux, and Windows. See Collect Kubernetes data, Collect Linux data, or Collect Windows data.
To instrument your applications, you can export spans to a Collector running on the host or in the Kubernetes cluster that you deployed in the previous step. The Collector endpoint varies depending on the language you are instrumenting. Use the specific guided setups for each language. See Instrument back-end applications to send spans to Splunk APM.
Set up Splunk Real User Monitoring (RUM) π
Use Splunk RUM to get visibility into the experience of your end users across device types, web browsers, and geographies. Splunk RUM connects transactions from the web browser through back-end services, so your on-call engineers can spot slowness or errors, regardless of where a problem originates across a distributed system.
To set up Splunk RUM, complete the following steps:
To turn on RUM data capture, you need to create an access token. You can use an access token for either browser RUM or mobile RUM. Mobile RUM is available for both Android and iOS devices. See Set up Splunk RUM for mobile and browser applications for steps to set up an access token.
- Use the guided setup to create the required code snippets to use to instrument your webpages. The JavaScript resources can be self-hosted, CDN-hosted, or deployed as an NPM package for single-page web applications.
Go to the guided setup for browser instrumentation .
See Install the Browser RUM agent for Splunk RUM for detailed manual installation instructions.
- Use the guided setup for iOS and Android mobile device monitoring.
See Instrument Android applications for Splunk RUM for guided setup steps for Android.
See Instrument iOS applications for Splunk RUM for guided setup steps for iOS.
To create a complete end-to-end view of every transaction from the end user interaction, through micro services, and ultimately database calls or other transaction termination points, link your RUM and APM data. You can link RUM and APM data as part of the instrumentation parameters. See Link RUM with Splunk APM.
Set up Splunk Synthetic Monitoring π
Use Splunk Synthetic Monitoring to monitor and alert across critical endpoints, APIs, and business transactions and proactively find to fix functionality or performance issues. Your engineering teams can embed automatic pass/fail tests of new code based on performance budgets and standards into CI/CD processes. You can use Splunk Synthetic Monitoring to improve W3C metrics and the Lighthouse Performance Score on which Google bases its search rankings.
To get started with Splunk Synthetic Monitoring, create 1 of the 3 available tests: browser, uptime, or API. See Set up Splunk Synthetic Monitoring.
Optional and advanced configurations π
Consider these optional and advanced configurations to customize your setup as they apply to your organization.
Collect data from third-party metrics providers π
When using the Splunk Distribution of OpenTelemetry Collector, you can use receivers to collect metrics data from third-party providers. For example, you can use the Prometheus receiver to scrape metrics data from any application that exposes a Prometheus endpoint. See Prometheus receiver.
See Supported integrations in Splunk Observability Cloud for a list of receivers.
Set up Network Explorer to monitor network environment π
Use the Splunk Distribution of OpenTelemetry Collector Helm chart to configure Network Explorer. Network Explorer inspects packets to capture network performance data with extended Berkeley Packet Filter (eBPF) technology, which is run by Linux Kernel. eBPF allows programs to run in the operating system when the following kernel events occur:
When TCP handshake is complete
When TCP receives an acknowledgement for a packet
Network Explorer captures network data that is passed on to the reducer and then to the Splunk OTel Collector.
For Splunk OTel Collector to work with Network Explorer, you must install it in gateway mode. After installation, the Network Explorer navigator displays on the Infrastructure tab in Splunk Infrastructure Monitoring.
For comprehensive documentation on Network Explorer, see Network Explorer in Splunk Infrastructure Monitoring.
Turn on AlwaysOn Profiling to collect stack traces π
Use AlwaysOn Profiling for deeper analysis of the behavior of select applications. Code profiling collects snapshots of the CPU call stacks and memory usage. After you get profiling data into Splunk Observability Cloud, you can explore stack traces directly from APM and visualize the performance and memory allocation of each component using the flame graph.
Use this profiling data to gain insights into your code behavior to troubleshoot performance issues. For example, you can identify bottlenecks and memory leaks for potential optimization.
Education resources π
Get familiar with OpenTelemetry concepts, including the configuration of the pipeline components, including receivers, processors, exporters, and connectors. See https://opentelemetry.io/docs/concepts/.
To learn more about the data model for Splunk Observability Cloud, see Data types in Splunk Observability Cloud.
Next step π
Next, prepare to scale your rollout of Splunk Observability Cloud. See Get started guide phase 3: Scaled rollout.