Docs » Get started guide for Splunk Observability Cloud admins » Get started guide phase 2: Initial rollout

Get started guide phase 2: Initial rollout πŸ”—

After completing the Get started guide phase 1: Onboarding readiness, you are ready for phase 2, initial rollout. In the initial rollout phase, you get your data into Splunk Observability Cloud and set up the Splunk Observability Cloud products that apply to your organization. These products include Infrastructure Monitoring, Application Performance Monitoring (APM), Real User Monitoring (RUM), and Synthetics.

To get a high-level overview of the entire getting started journey for Splunk Observability Cloud, see Get started guide for Splunk Observability Cloud admins.

Note

This guide is for Splunk Observability Cloud users with the admin role.

Flow showing the 3 phases of the get started journey: onboarding, initial rollout, and scaled rollout. The initial rollout phase is highlighted in this initial rollout topic.

To configure Splunk Observability Cloud solutions for initial rollout, complete the following tasks if they are relevant to your organization:

  1. Select an initial rollout environment to get data in

  2. Set up Splunk Infrastructure Monitoring

  3. Set up Splunk Application Performance Monitoring (APM)

  4. Set up Splunk Real User Monitoring (RUM)

  5. Set up Splunk Synthetic Monitoring

Note

Work closely with your Splunk Sales Engineer or Splunk Customer Success Manager as you get started. They can help you fine tune your Splunk Observability Cloud journey and provide best practices, training, and workshop advice.

Select an initial rollout environment to get data in πŸ”—

To get started with Splunk Observability Cloud, select an environment that supports the use of automatic discovery or the prepackaged integrations with cloud providers including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). See Automatic discovery of apps and services and Connect to your cloud service provider for detailed setup steps.

If you do not have an environment that supports the use of automatic discovery or the cloud service provider integrations, the following sections include additional options for getting data in for specific use cases. You can also get an overview in the Get data into Splunk Observability Cloud guide.

Set up Splunk Infrastructure Monitoring πŸ”—

Use Splunk Infrastructure Monitoring to get insight into and run analytics on your infrastructure and resources for physical and virtual components across hybrid and multicloud environments. Infrastructure Monitoring offers support for a broad range of integrations for collecting full-fidelity data, from system metrics for infrastructure components to custom data from your applications.

To set up Splunk Infrastructure Monitoring, complete the following steps:

  1. Use the integrations for AWS, Azure, and GCP to collect infrastructure metrics for applications hosted on cloud service providers. See Connect to your cloud service provider.

  2. Use the integrations for Kubernetes, Linux, and Windows to collect higher-resolution infrastructure metrics and logs.

Set up Splunk Application Performance Monitoring (APM) πŸ”—

Use Splunk APM to monitor and troubleshoot microservices-based applications. Splunk APM monitors applications by collecting distributed traces, which are a collection of spans or actions that complete a transaction. After you instrument your applications, Splunk APM collects and analyzes every trace and span and provides full-fidelity, infinite-cardinality exploration of trace data. Use Splunk APM trace data to break down and analyze application performance across any dimension.

To set up Splunk APM, complete the following steps:

  1. If you used automatic discovery and configuration to instrument your infrastructure, you’re already capturing APM data for supported technologies. See Automatic discovery of apps and services.

    To send APM trace data for technologies not supported by automatic discovery, deploy the Splunk Distribution of the OpenTelemetry Collector. Follow the guided setup steps for the Collector for Kubernetes, Linux, and Windows. See Collect Kubernetes data, Collect Linux data, or Collect Windows data.

  2. To instrument your applications, you can export spans to a Collector running on the host or in the Kubernetes cluster that you deployed in the previous step. The Collector endpoint varies depending on the language you are instrumenting. Use the specific guided setups for each language. See Instrument back-end applications to send spans to Splunk APM.

Set up Splunk Real User Monitoring (RUM) πŸ”—

Use Splunk RUM to get visibility into the experience of your end users across device types, web browsers, and geographies. Splunk RUM connects transactions from the web browser through back-end services, so your on-call engineers can spot slowness or errors, regardless of where a problem originates across a distributed system.

To set up Splunk RUM, complete the following steps:

  1. To turn on RUM data capture, you need to create an access token. You can use an access token for either browser RUM or mobile RUM. Mobile RUM is available for both Android and iOS devices. See Set up Splunk RUM for mobile and browser applications for steps to set up an access token.

  2. Use the guided setup to create the required code snippets to use to instrument your webpages. The JavaScript resources can be self-hosted, CDN-hosted, or deployed as an NPM package for single-page web applications.
  3. Use the guided setup for iOS and Android mobile device monitoring.
  4. To create a complete end-to-end view of every transaction from the end user interaction, through micro services, and ultimately database calls or other transaction termination points, link your RUM and APM data. You can link RUM and APM data as part of the instrumentation parameters. See Link RUM with Splunk APM.

Set up Splunk Synthetic Monitoring πŸ”—

Use Splunk Synthetic Monitoring to monitor and alert across critical endpoints, APIs, and business transactions and proactively find to fix functionality or performance issues. Your engineering teams can embed automatic pass/fail tests of new code based on performance budgets and standards into CI/CD processes. You can use Splunk Synthetic Monitoring to improve W3C metrics and the Lighthouse Performance Score on which Google bases its search rankings.

To get started with Splunk Synthetic Monitoring, create 1 of the 3 available tests: browser, uptime, or API. See Set up Splunk Synthetic Monitoring.

Optional and advanced configurations πŸ”—

Consider these optional and advanced configurations to customize your setup as they apply to your organization.

Collect data from third-party metrics providers πŸ”—

When using the Splunk Distribution of OpenTelemetry Collector, you can use receivers to collect metrics data from third-party providers. For example, you can use the Prometheus receiver to scrape metrics data from any application that exposes a Prometheus endpoint. See Prometheus receiver.

See Supported integrations in Splunk Observability Cloud for a list of receivers.

Set up Network Explorer to monitor network environment πŸ”—

Use the Splunk Distribution of OpenTelemetry Collector Helm chart to configure Network Explorer. Network Explorer inspects packets to capture network performance data with extended Berkeley Packet Filter (eBPF) technology, which is run by Linux Kernel. eBPF allows programs to run in the operating system when the following kernel events occur:

  • When TCP handshake is complete

  • When TCP receives an acknowledgement for a packet

Network Explorer captures network data that is passed on to the reducer and then to the Splunk OTel Collector.

For Splunk OTel Collector to work with Network Explorer, you must install it in gateway mode. After installation, the Network Explorer navigator displays on the Infrastructure tab in Splunk Infrastructure Monitoring.

For comprehensive documentation on Network Explorer, see Network Explorer in Splunk Infrastructure Monitoring.

Turn on AlwaysOn Profiling to collect stack traces πŸ”—

Use AlwaysOn Profiling for deeper analysis of the behavior of select applications. Code profiling collects snapshots of the CPU call stacks and memory usage. After you get profiling data into Splunk Observability Cloud, you can explore stack traces directly from APM and visualize the performance and memory allocation of each component using the flame graph.

Use this profiling data to gain insights into your code behavior to troubleshoot performance issues. For example, you can identify bottlenecks and memory leaks for potential optimization.

Education resources πŸ”—

Next step πŸ”—

Next, prepare to scale your rollout of Splunk Observability Cloud. See Get started guide phase 3: Scaled rollout.

This page was last updated on Dec 18, 2024.