Related Content in Splunk Observability Cloud ๐
The Related Content feature automatically correlates data between different views within Splunk Observability Cloud by presenting related data at the bottom of the screen.
Select tiles in the Related Content bar to seamlessly navigate from one view to another in Splunk Observability Cloud. The following animation shows a user navigating from APM to Infrastructure Monitoring to Log Observer.

In the preceding example, the user navigates through the following sequence:
The user starts in APM by exploring the service dependency map. They select the Frontend service because it shows a high error rate.
In the Related Content bar at the bottom of the screen, the user sees an Infrastructure tile showing related EC2 instances and selects it. Results are grouped by component. For example, Infrastructure, Logs, APM. Hovering over the tile indicates whether there are any Related Content results to view.
Splunk Observability Cloud takes the user to Infrastructure where they select the first EC2 instance because it shows the highest CPU utilization.
In the Related Content bar, the user sees a tile showing logs related to the EC2 instance, so they click it.
Splunk Observability Cloud takes them to Log Observer where they can drill down into the related logs to find the root cause of the problem.
Note
Related Content is different from data links, a separate capability, which lets you dynamically transfer contextual information about the property youโre viewing to the resource, helping you get to relevant information faster. To learn more about data links, see Link APM services, traces, and spans to relevant resources.
Prerequisites ๐
Related Content relies on specific metadata that allow APM, Infrastructure Monitoring, and Log Observer to pass filters around Observability Cloud.
The following sections list the metadata key names required to enable Related Content for each view in Splunk Observability Cloud. If your data does not have the field names listed here, Splunk Observability Cloud cannot correlate your related data.
APM ๐
The following APM span tags are required to enable Related Content:
service.name
deployment.environment
The Splunk Distribution of OpenTelemetry Collector already provides the span tags.
To learn more about deployment environments in Splunk APM, see Set up deployment environments in Splunk APM.
Infrastructure Monitoring ๐
The following Infrastructure Monitoring metadata keys are required to enable Related Content:
host.name
k8s.cluster.name
k8s.node.name
k8s.pod.name
container.id
k8s.namespace.name
kubernetes.workload.name
If youโre using the Splunk Distribution of the OpenTelemetry Collector for Kubernetes, the required Infrastructure Monitoring metadata is provided. See more at Install the Collector for Kubernetes.
If youโre using other configurations to collect infrastructure data, Related Content wonโt work out of the box.
Log Observer ๐
The following metadata keys are required to enable Related Content for Log Observer:
service.name
deployment.environment
host.name
trace_id
span_id
Note
Customers with a Splunk Log Observer entitlement in Splunk Observability Cloud must transition from Log Observer to Log Observer Connect by December 2023. With Log Observer Connect, you can ingest more logs from a wider variety of data sources, enjoy a more advanced logs pipeline, and expand into security logging. See Splunk Log Observer transition to learn how.
Enable Related Content ๐
See Enable Related Content in Splunk Observability Cloud to learn how you can make any necessary updates to metadata key names to enable Related Content in Observability Cloud.
Where can I see Related Content? ๐
The following table describes when and where in Splunk Observability Cloud you can see Related Content:
Starting Point |
Possible Destinations |
---|---|
APM services |
Related Kubernetes clusters filtered by service, AWS EC2s, GCP GCEs, Azure VMs, all log lines for the service |
Database service |
Related database host or instance |
Database instance |
Related Database Query Performance, related APM services |
Host or Cloud compute instance (AWS EC2, GCP GCE, Azure VM) |
Related APM services, log lines for the specific instance |
Kubernetes cluster, node, pod, container |
Related log lines for the node |
Kubernetes pod or container |
Related APM service in that pod or container, log lines for that pod or container |
Specific log line |
Related APM service, trace, Kubernetes node/pod/container, Host or compute instance (AWS EC2, GCP GCE, Azure VM) |
Specific trace ID |
Related log line |