Related Content in Splunk Observability Cloud ๐
The Related Content feature automatically correlates data between different views within Splunk Observability Cloud by presenting related data at the bottom of the screen.
Select tiles in the Related Content bar to seamlessly navigate from one view to another in Splunk Observability Cloud. The following animation shows a user navigating from APM to Infrastructure Monitoring to Log Observer.
In the preceding example, the user navigates through the following sequence:
The user starts in APM by exploring the service dependency map. They select the Frontend service because it shows a high error rate.
In the Related Content bar at the bottom of the screen, the user sees an Infrastructure tile showing related EC2 instances and selects it. Results are grouped by component. For example, Infrastructure, Logs, APM. Hovering over the tile indicates whether there are any Related Content results to view.
Splunk Observability Cloud takes the user to Infrastructure where they select the first EC2 instance because it shows the highest CPU utilization.
In the Related Content bar, the user sees a tile showing logs related to the EC2 instance, so they click it.
Splunk Observability Cloud takes them to Log Observer where they can drill down into the related logs to find the root cause of the problem.
Note
Related Content is different from data links, a separate capability, which lets you dynamically transfer contextual information about the property youโre viewing to the resource, helping you get to relevant information faster. To learn more about data links, see Link APM services, traces, and spans to relevant resources.
Prerequisites ๐
Related Content relies on specific metadata that allow APM, Infrastructure Monitoring, and Log Observer to pass filters around Observability Cloud.
The following sections list the metadata key names required to enable Related Content for each view in Splunk Observability Cloud. If your data does not have the field names listed here, Splunk Observability Cloud cannot correlate your related data.
APM ๐
The following APM span tags are required to enable Related Content:
service.namedeployment.environment
The Splunk Distribution of OpenTelemetry Collector already provides the span tags.
To learn more about deployment environments in Splunk APM, see Set up deployment environments in Splunk APM.
Infrastructure Monitoring ๐
The following Infrastructure Monitoring metadata keys are required to enable Related Content:
host.namek8s.cluster.namek8s.node.namek8s.pod.namecontainer.idk8s.namespace.namekubernetes.workload.name
If youโre using the Splunk Distribution of the OpenTelemetry Collector for Kubernetes, the required Infrastructure Monitoring metadata is provided. See more at Install the Collector for Kubernetes.
If youโre using other configurations to collect infrastructure data, Related Content wonโt work out of the box.
Log Observer ๐
The following metadata keys are required to enable Related Content for Log Observer:
service.namedeployment.environmenthost.nametrace_idspan_id
Note
Customers with a Splunk Log Observer entitlement in Splunk Observability Cloud must transition from Log Observer to Log Observer Connect by December 2023. With Log Observer Connect, you can ingest more logs from a wider variety of data sources, enjoy a more advanced logs pipeline, and expand into security logging. See Splunk Log Observer transition to learn how.