Docs » Introduction to Splunk Log Observer

Introduction to Splunk Log Observer 🔗

What is Log Observer? 🔗

Troubleshoot your application and infrastructure behavior using high-context logs in Splunk Observability Cloud. With Splunk Log Observer, you can perform codeless queries on logs to detect the source of problems in your systems. You can also extract fields from logs in Log Observer to set up log processing rules and transform your data as it arrives.

What can I do with Log Observer? 🔗

Do this

With this tool

Link to documentation

View your incoming logs grouped by severity over time and zoom in or out to the time period of your choice.


View overall system health using Timeline

Create a chart to see trends in your logs.

Log metricization rules

Log metricization rules

Find out which path in your API has the slowest response time.

Log aggregations

Identify problem areas using log aggregation

Filter your logs to see only logs that contain the field error.

Raw Logs table

Filter logs by field

Redact data to mask personally identifiable information in your logs.

Field redaction processors

Field Redaction Processors

Confirm that a recent fix stopped a problem.

Live Tail

Verify changes to monitored systems with Live Tail

Apply processing rules across historical data to find a problem in the past.

Search-time rules

Apply processing rules across historical data

Transform your data or a subset of your data as it arrives in Observability Cloud.

Log processing rules

Log processing rules

Minimize expense by archiving unindexed logs in Amazon S3 buckets for potential future use.

Infinite Logging rules

Infinite Logging rules

Get started with Log Observer 🔗

To set up Log Observer and start performing queries on your logs, see Set up Splunk Log Observer.