Docs » Splunk Log Observer Connect » Accomplish logs pipeline rules in Splunk platform

Accomplish logs pipeline rules in Splunk platform 🔗

All customers who ingest logs into Splunk Observability Cloud now use Log Observer Connect, a bridge between Splunk Observability Cloud and Splunk platform. Using the Splunk platform allows you to ingest more logs from a wider variety of data sources, use a more advanced logs pipeline, and use logging for security use cases.

The following sections explain how to achieve all logging pipeline features in Splunk platform.

Log processing rules 🔗

You can process data in the Splunk platform using the following methods:

Processing method

Documentation

Field extractions

See Build field extractions with the field extractor

Ingest actions

See Use ingest actions to improve the data input process

.conf configuration

See Overview of event processing .

Edge Processor

See About the Edge Processor solution

Data Stream Processor

See Use the Data Stream Processor .

Live Tail 🔗

To achieve Live Tail functionality, adjust the time range picker in the Splunk platform Search & Reporting app to All time (real-time) or 30 second window. You must select Search again and rerun your search to see the most recent log events because live events do not stream in unprompted. For more information, see Select time ranges to apply to your search

This page was last updated on Oct 03, 2024.