Docs » Splunk Log Observer Connect » View individual log details

View individual log details đź”—


Customers with a Splunk Log Observer entitlement in Splunk Observability Cloud must transition from Log Observer to Log Observer Connect by December 2023. With Log Observer Connect, you can ingest more logs from a wider variety of data sources, enjoy a more advanced logs pipeline, and expand into security logging. See Splunk Log Observer transition to learn how.

After you find log records that contain a specific area, view the contents of an individual record to get a precise view of the data related to the problem.

To view the contents of an individual log record, follow these steps:

  1. Select a log record line in the Logs table to display the log details panel. This panel displays the entire record in JSON format as well as a table of each field and its value.

  2. To do more with a particular field in the table, select the field value. Log Observer displays a drop-down list with 5 options:

    • To copy the field value to the clipboard, select Copy

    • To filter to the Logs table so it only displays log records containing the selected value, select Add to filter.

    • To filter the Logs table so it doesn’t display log records containing the selected value, select Exclude from filter.

    • To add the field as a new column in the Logs table, select Add field as column.

    • Select View <field_name> to go to the appropriate view in the Splunk Observability Cloud. For example, if you select a field related to Kubernetes, Splunk Observability Cloud displays related data in the Kubernetes Navigator. If you select fields related to APM, such as View trace_id or View span_id, Splunk Observability Cloud displays the trace or span in the APM Navigator.

This page was last updated on May 28, 2024.