Docs » Splunk Log Observer Connect » Introduction to Splunk Log Observer Connect

Introduction to Splunk Log Observer Connect 🔗

If you have a Log Observer entitlement rather than Log Observer Connect, see Introduction to Splunk Log Observer.

Splunk Log Observer Connect is an integration that allows you to query your Splunk Enterprise or Splunk Cloud Platform logs using the capabilities of Splunk Log Observer and Related Content in Splunk Observability Cloud. With Log Observer Connect, you can troubleshoot your application and infrastructure behavior using high-context logs. Perform codeless queries on your Splunk Enterprise or Splunk Cloud Platform logs to detect the source of problems in your systems, then jump to Related Content throughout Splunk Observability Cloud in one click. Seeing your logs data correlated with metrics and traces in Observability Cloud helps your team to locate and resolve problems exponentially faster.

Region and version availability 🔗

Splunk Log Observer Connect is available in the AWS regions us0, us1, eu0, jp0, and au0, and in the GCP region us2. Splunk Log Observer Connect is compatible with Splunk Enterprise versions 9.0.1 and higher, and Splunk Cloud Platform versions 9.0.2209 and higher. Log Observer Connect is not available for Splunk Cloud Platform trials.

Customers cannot access logs from a GovCloud environment through Log Observer Connect. However, you can use global data links to link from Log Observer Connect to your GovCloud environment where you can access your logs. For more information on global data links, see Link metadata to related resources using global data links.

What can I do with Log Observer Connect? 🔗

The following table lists features available to customers who have integrated Splunk Enterprise or Splunk Cloud Platform with Log Observer, allowing them to use Log Observer Connect. If you have a Log Observer entitlement in Observability Cloud, see Introduction to Splunk Log Observer for a complete list of Log Observer features.

Do this

With this tool

Link to documentation

View your incoming logs and zoom in or out to the time period of your choice.

Timeline

View overall system health using Timeline

Scan logs.

Logs table

Browse logs in the logs table

Find out which path in your API has the slowest response time.

Log aggregations

Group logs by fields using log aggregation

Search logs by keyword or field.

Content control bar

Search logs by keywords or fields

Filter your logs to see only logs that contain a field of your choice with the value error.

Logs table

Search logs by keywords or fields

View the JSON schema of an individual log.

Log details

View individual log details and create a field extraction processor

See the metrics, traces, and infrastructure related to a specific log.

Related Content

Scenario: Kai troubleshoots an issue from the browser to the back end using Splunk Observability Cloud

Save and share Log Observer queries.

Saved Queries

Save and share Log Observer queries

Get started with Log Observer Connect 🔗

If you manage Splunk Enterprise in a data center or public cloud and want to begin using Log Observer Connect, see Set up Log Observer Connect for Splunk Enterprise. If you use Splunk Cloud Platform and want to integrate Log Observer Connect, see Set up Log Observer Connect for Splunk Cloud Platform.

Note

You can collect data using both the Splunk Distribution of OpenTelemetry Collector and the Universal Forwarder without submitting any duplicate telemetry data. See Use the Splunk Universal Forwarder with the Collector to learn how.