Docs » Splunk Observability Cloud service description

Splunk Observability Cloud service description 🔗

Welcome to the Splunk Observability Cloud service description.

Splunk Observability Cloud is a Software as a Service (SaaS) solution for infrastructure monitoring (Splunk IM), application performance monitoring (Splunk APM), real user monitoring (Splunk RUM), and synthetic monitoring (Splunk Synthetic Monitoring). Splunk Observability Cloud also provides a direct integration with logs ingested in Splunk Cloud Platform and Splunk Enterprise through Log Observer Connect. Through full-fidelity monitoring and troubleshooting across infrastructure, applications, and user interfaces, in real time and at any scale, Splunk Observability Cloud helps you keep your services reliable, deliver great customer experiences, and innovate faster.

Splunk Observability Cloud helps you respond to outages and identify root causes, while also giving you the guidance you need to optimize performance and productivity going forward. You can select from more than 200 supported open standards-based integrations with common data sources to get data from your on-premises and cloud infrastructure, applications and services, and user interfaces into Splunk Observability Cloud. When you send data from each layer of your environment, Splunk Observability Cloud transforms it into actionable insights in the form of dashboards, visualizations, alerts, and more.

The following sections describe the features, capabilities, limitations, and constraints of the Splunk Observability Cloud service and the responsibilities of Splunk to you as a SaaS provider. This document also notes your responsibilities as a subscriber to the service. Be sure to read the complete service description and the service terms and policies documents listed in the following sections. If you have questions after reading any of this material, contact your Splunk sales representative.

Note

For the service description of Splunk Cloud Platform see Splunk Cloud Platform Service Details .

Service term and policies

The following links access important terms and policies documents that pertain to Splunk Observability Cloud. Be sure to read these documents to have a clear understanding of the service. If you have any questions, contact your Splunk sales representative.

Data ingestion and retention

Splunk Observability Cloud provides software and APIs that allow you to ingest data from your on-premises infrastructure, applications, user interfaces, cloud services, servers, network devices, and more. Splunk Observability Cloud provides guided setups that help you install and configure OpenTelemetry instrumentation. See Get data into Splunk Observability Cloud for more information.

Note

All editions of Splunk Observability Cloud include Log Observer Connect, which let you analyze logs you’ve ingested to Splunk Cloud Platform and Splunk Enterprise at no additional cost. See Splunk Log Observer Connect for more information.

Splunk OpenTelemetry Collector

The Splunk Distribution of OpenTelemetry Collector is an open-source software agent capable of collecting traces, metrics, and logs from a wide variety of hosts, containers, and services. You are responsible for installing, configuring, transforming, sending data, and managing your Collector instances, including maintaining version compatibility and installing, configuring, and managing Collector components. See Get started with the Splunk Distribution of the OpenTelemetry Collector for more information.

Splunk provides support for the Splunk Distribution of OpenTelemetry Collector. See Send telemetry using the OpenTelemetry Collector Contrib project for more information.

Integration with cloud service providers

You can configure Splunk Observability Cloud to connect to services in AWS, Azure, and Google Cloud Platform to retrieve metrics and logs. See Connect to your cloud service provider for more information.

Splunk instrumentation can help you instrument serverless applications to bring traces and application metrics to Splunk Observability Cloud. See Instrument serverless functions for Splunk Observability Cloud.

Splunk distributions of OpenTelemetry instrumentation

The Splunk distributions of OpenTelemetry instrumentation are open-source software agents and libraries that can instrument back-end applications and front-end experiences for Splunk APM and Splunk RUM. Setup, configuration, transformation, and sending data from the instrumentation agents and libraries is your responsibility, including maintaining version compatibility and installing, configuring, and managing automatic and manual instrumentations. See Instrument back-end applications to send spans to Splunk APM and Instrument mobile and web applications for Splunk RUM for more information.

Splunk officially supports the Splunk distributions of OpenTelemetry instrumentation, including manual instrumentation.

Ingest API endpoints

You can use the REST API to send telemetry directly to Splunk Observability Cloud. This might be useful when you can’t use the Splunk Distribution of OpenTelemetry Collector or when you have specific networking or security requirements. See Send metrics, traces, and events using Splunk Observability Cloud REST APIs for more information. If your organization has stringent networking security policies that apply to sending data to third parties, see Allow Splunk Observability Cloud services in your network.

Private connectivity

If you prefer not to send data to Splunk public endpoints using HTTPS, you can use AWS Private Link to ingest data from sources deployed on AWS. See Private Connectivity using AWS PrivateLink for more information.

Data retention

When you send data to Splunk Observability Cloud, it is ingested and stored for a period of time that varies depending on the product and type of contract. See Data retention in Splunk Observability Cloud for more information.

You can monitor subscription usage for each product depending on the type of subscription. See Monitor and manage subscription usage and billing for more information.

Subscription types, expansions, renewals, and terminations

Your subscription to Splunk Observability Cloud depends on the Splunk product: host-based or usage-based for Splunk IM and Splunk APM, or web sessions for Splunk RUM or synthetics check for Splunk Synthetic Monitoring.

Host-based subscriptions

Host-based subscriptions base billing on the total number of unique hosts reporting data to Splunk Observability Cloud on an hourly basis, then calculate the average of those hourly measurements across each billing month. The calculation is done for each host, container, custom metric, and high resolution metric. A host is a physical, non-virtualized environment, or a virtual instance in a virtualized or public cloud environment, that reports metric data to Splunk Observability Cloud. You can increase the amount of hosts or containers per host if needed.

Usage-based subscriptions

Usage-based pricing is suited for custom metrics, containerized environments, and monitoring serverless environments or cloud services that don’t provide a view of underlying hosts. Usage is calculated depending on the product or feature. For example, Splunk Infrastructure Monitoring usage-based pricing relies on metric time series (MTS), whereas Splunk Real User Monitoring calculates usage from the number of web sessions. For more information on subscription usage and monitoring in Splunk Observability Cloud, see Monitor and manage subscription usage and billing.

Overages

Splunk Observability Cloud overages are based on usage measured over a month. Overages are incurred if the monthly usage is higher than your paid subscription. Splunk Observability Cloud provides transparent usage data with granular daily detailed reports on all monitored hosts, containers, and metrics. You can also turn on alerts or setup tokens to manage your usage. See Monitor and manage subscription usage and billing for more information.

Suite offerings

Splunk Observability Cloud is also available in different suites, including Splunk Observability Cloud Enterprise Edition and Splunk Observability Cloud Commercial Edition. See Suites on Splunk.com for more information.

Subscription updates, renewals, and terminations

You can update or expand your Splunk Observability Cloud subscription any time during the term of the subscription to meet your business needs. For example, you can:

  • Increase host-based or usage-based capacity.

  • Add products and features to your subscription.

  • Upgrade to enterprise edition licensing with Service Bureau features.

Splunk Observability Cloud informs about the need for renewal through a banner that appears 15 days prior to the subscription expiration date. For more information on subscription renewals, contact your Splunk sales representative.

On expiration date, a 15-day grace period starts. During the grace period, users see a banner when logging in reminding them of the expiration. After the grace period, the subscription enters suspended mode, which lasts 30 days and during which users can’t log in. After the 30 day suspension, the account is terminated and the data stored on the account is deleted.

For additional information, see:

Available regions or realms

Splunk Observability Cloud is available in the following global regions. Each Cloud provider region is mapped to a Splunk Observability Cloud realm, which determines access URLs and endpoints.

Realm to region equivalence

The following table shows which cloud regions correspond to each realm in Splunk Observability Cloud.

Splunk Observability Cloud Realm

AWS Region

GCP Region

us0

AWS US East Virginia (us-east-1)

us1

AWS US West Oregon (us-west-2)

us2

GCP US Oregon (us-west-1)

eu0

AWS EU Dublin (eu-west-1)

eu1

AWS EU Frankfurt (eu-central-1)

eu2

AWS EU London (eu-west-2)

au0

AWS AP Sydney (ap-southeast-2)

jp0

AWS AP Tokyo (ap-northeast-1)

Available components per region or realm

The following components are available for each global region. Each Cloud provider region is mapped to a Splunk Observability Cloud realm, which determines access URLs and endpoints.

Service component

AWS regions

Google Cloud regions

Splunk Observability Cloud realm

Application Performance Monitoring (APM)

  • US: Oregon (us-west-2), Virginia (us-east-1)

  • Europe: Dublin (eu-west-1), Frankfurt (eu-central-1), London (eu-west-2)

  • Asia Pacific: Sydney (ap-southeast-2), Tokyo (ap-northeast-1)

  • US: Oregon (us-west-1)

  • us0, us1, us2

  • eu0, eu1, eu2

  • au0, jp0

Infrastructure Monitoring (IM)

  • US: Oregon (us-west-2), Virginia (us-east-1)

  • Europe: Dublin (eu-west-1), Frankfurt (eu-central-1), London (eu-west-2)

  • Asia Pacific: Sydney (ap-southeast-2), Tokyo (ap-northeast-1)

  • US: Oregon (us-west-1)

  • us0, us1, us2

  • eu0, eu1, eu2

  • au0, jp0

Log Observer Connect

  • US: Oregon (us-west-2), Virginia (us-east-1)

  • Europe: Dublin (eu-west-1), Frankfurt (eu-central-1), London (eu-west-2)

  • Asia Pacific: Sydney (ap-southeast-2), Tokyo (ap-northeast-1)

  • US: Oregon (us-west-1)

  • us0, us1, us2

  • eu0, eu1, eu2

  • au0, jp0

Real User Monitoring (RUM)

  • US: Oregon (us-west-2), Virginia (us-east-1)

  • Europe: Dublin (eu-west-1), Frankfurt (eu-central-1), London (eu-west-2)

  • Asia Pacific: Sydney (ap-southeast-2), Tokyo (ap-northeast-1)

  • US: Oregon (us-west-1)

  • us0, us1, us2

  • eu0, eu1, eu2

  • au0, jp0

Synthetic Monitoring

  • US: Oregon (us-west-2), Virginia (us-east-1)

  • Europe: Dublin (eu-west-1), Frankfurt (eu-central-1), London (eu-west-2)

  • Asia Pacific: Sydney (ap-southeast-2), Tokyo (ap-northeast-1)

  • US: Oregon (us-west-1)

  • us0, us1, us2

  • eu0, eu1, eu2

  • au0, jp0

For additional information, see:

Compliance and certifications

Splunk has attained a number of compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide and part of our efforts to safeguard customer data. The following compliance attestations/certifications are available:

  • SOC 2 Type II: Splunk Observability Cloud has an annual SOC 2 Type II audit report issued. The SOC 2 audit assesses an organization’s security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customers’ data. If you require the SOC 2 Type II attestation to review, contact your Splunk sales representative to request it.

  • Health Insurance Portability and Accountability Act (HIPAA): Splunk Observability Cloud enables covered entities and their business associates to comply with U.S. Health Insurance Portability and Accountability Act of 1996. This regulation establishes a standard for the security of any entity that accesses, processes, transmits, or stores protected health information (PHI).

  • Cloud Security Alliance (CSA) Security, Trust, & Assurance Registry (STAR): Splunk Observability Cloud participates in the voluntary CSA STAR Level 1 Self Assessment to document compliance with CSA- published best practices. We submit our security and privacy self-assessments using the Cloud Controls Matrix and GDPR Code of Conduct based on the CSA Consensus Assessment Initiative Questionnaire (CAIQ).

For information regarding the availability of service components between the AWS and Google Cloud regions, see Available regions or realms.

For additional information, see:

Security

The security and privacy of your data is key to you and your organization, and Splunk makes this a top priority. Splunk Observability Cloud is designed and delivered using key security controls described in the following sections.

Data encryption

All data in transit to and from Splunk Observability Cloud is TLS 1.2+ encrypted. Splunk Observability Cloud uses AES 256-bit encryption by default. Encryption key management processes are in place to help ensure the secure generation, storage, distribution and destruction of encryption keys.

Data handling

Your data is stored securely in a Splunk Observability Cloud realm that corresponds to a cloud service provider's region. See Available regions or realms for more information on regions and realms.

Splunk retains Customer Content stored in its cloud computing services for at least thirty days after the expiration or termination of the subscription. See Subscription types, expansions, renewals, and terminations for more information.

For information on data retention, see Data ingestion and retention.

Security controls and compliance

Splunk has attained a number of compliance attestations and certifications from industry-leading auditors. See Available regions or realms for information on compliance certifications.

Realm security

Every realm in Splunk Observability Cloud runs in a secured environment on a stable operating system and in a network that is hardened to industry standards. Realms are scanned for threats on a regular basis.

User authentication and access

You can configure authentication using Single-sign on (SSO) integrations implementing SAML 2.0, such as Ping, Okta, or AzureAD. See About SSO integrations for Splunk Observability Cloud for more information.

To control what your Splunk Observability Cloud users can do, you assign them roles that have a defined set of specific capabilities. See About roles in Splunk Observability Cloud for more information.

For additional information, see:

Service level agreements

The Splunk Observability Cloud Service Level Schedule document describes the uptime SLA and exclusions. You may claim service credits in the event of SLA failures, as set forth in the Splunk SLA schedule.

Status page

You can check the current status of Splunk Observability Cloud realms through the https://status.signalfx.com status page. You can subscribe to updates on the status pages.

Supported browsers

Splunk Observability Cloud works as expected when using the latest and next-to-latest official releases of the following browsers:

  • Chrome

  • Firefox

  • Safari

  • Edge

See Supported browsers for Splunk Observability Cloud for more information.

System limits per product

Splunk Observability Cloud service limits are described in Per product system limits in Splunk Observability Cloud. Service limits may vary based on your Splunk Observability Cloud subscription. Some limits depend on a combination of configuration, system load, performance, and available resources. Unless noted, the service limit is identical for all regions.

Contact Splunk if your requirements are different or exceed what is recommended in Per product system limits in Splunk Observability Cloud.

Technical support

Splunk Observability Cloud subscriptions include technical support. For more information regarding support terms and program options, see Splunk Support Programs . Also note the following:

  • Splunk Observability Cloud is compatible with multiple options to ingest your data, so it is your responsibility to ensure the correct data collection method is configured for your data sources.

  • To use multifactor authentication for your Splunk Observability Cloud user accounts, you must use a SAML 2.0 identity provider that supports multifactor authentication. It is your responsibility to ensure your Splunk Observability Cloud user accounts are properly configured for multifactor authentication.

For additional information, see Splunk Observability Cloud support.

Users and authentication

You are responsible for creating and administering your users’s accounts, the roles and capabilities assigned to them, the authentication method, and global password policies. To control what your Splunk Observability Cloud users can do, you assign them roles that have a defined set of specific capabilities. You can assign roles using Splunk Observability Cloud in the browser or through the REST API. See Assign roles to users in Splunk Observability Cloud.

Roles give Splunk Observability Cloud users access to features and permission to perform tasks and searches. Each user account is assigned one or more roles. Each role contains a set of capabilities. Splunk Observability Cloud provides the admin role, which has the capabilities required to administer Splunk Observability Cloud. See About roles in Splunk Observability Cloud.

You can configure Splunk Observability Cloud to use SAML authentication for single sign-on (SSO). To use multifactor authentication, you must use a SAML 2.0 identity provider that supports multifactor authentication. Only SHA-256 signatures in the SAML message between your IdP and Splunk Observability Cloud are supported. You are responsible for the SAML configuration of your IdP including the use of SHA-256 signatures. See About SSO integrations for Splunk Observability Cloud.

Unified identity

When Splunk Cloud Platform customers purchase or start a trial of Splunk Observability Cloud, users can access both platforms using a single identity. A user’s role-based access to Splunk Cloud Platform indexes carries over to Splunk Observability Cloud. Administrators can set up all users in a central location, Splunk Cloud Platform. Users can log into Splunk Observability Cloud with SSO using their Splunk Cloud Platform credentials. Users can examine logs from the Splunk Cloud Platform instance in Log Observer Connect upon provisioning with no additional setup. See Unified Identity: Splunk Cloud Platform and Splunk Observability Cloud for more information.

This page was last updated on Dec 06, 2024.