View individual log details 🔗
Customers with a Splunk Log Observer entitlement in Splunk Observability Cloud must transition from Log Observer to Log Observer Connect by January 2024. With Log Observer Connect, you can ingest more logs from a wider variety of data sources, enjoy a more advanced logs pipeline, and expand into security logging. See Splunk Log Observer transition to learn how.
After you find log records that contain a specific area, view the contents of an individual record to get a precise view of the data related to the problem.
To view the contents of an individual log record, follow these steps:
Select a log record line in the Logs table to display the log details panel. This panel displays the entire record in JSON format as well as a table of each field and its value.
To do more with a particular field in the table, select the field value. Log Observer displays a drop-down list with 5 options:
To copy the field value to the clipboard, select
To filter to the Logs table so it only displays log records containing the selected value, select.
To filter the Logs table so it doesn’t display log records containing the selected value, select.
To add the field as a new column in the Logs table, select.
Selectto go to the appropriate view in the Splunk Observability Cloud. For example, if you select a field related to Kubernetes, Observability Cloud displays related data in the Kubernetes Navigator. If you select fields related to APM, such as or , Observability Cloud displays the trace or span in the APM Navigator.