Observability: Splunk Observability Cloud + Splunk Platform - Wed 8/14/24

Community Office Hours
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Observability: Splunk Observability Cloud + Splunk Platform - Wed 8/14/24

Observability: Splunk Observability Cloud + Splunk Platform - Wed 8/14/24

1 Comment
Cover Images - Office Hours (9).png
Published on ‎06-12-2024 09:21 AM by Splunk Employee | Updated on ‎09-12-2024 10:40 AM

Register here.  This thread for the Office Hours session on Splunk Observability Cloud + Splunk Platform on Wed, August 14, 2024 at 1pm PT/4pm PT.

 

This is your opportunity to ask questions related to your specific Splunk Observability Cloud + Splunk Platform challenge or use case, including:

  • Sending logs from Platform to Observability Cloud with Log Observer Connect
  • Unified Identity (single log-in for both Platform and Observability Cloud)
  • Splunk Add-on for the OpenTelemetry Collector
  • Related Content in Splunk Cloud (adding infra and app data to logs)
  • Anything else you’d like to learn!

 

Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here).

Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.

Look forward to connecting!


0 Karma
ArifV
Splunk Employee
Splunk Employee
‎09-04-2024 08:06 AM
‎09-04-2024 08:06 AM

Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel)

1) What are the benefits of using Log Observer Connect? Who can use it? 

  • Centralize data experience between metrics, traces, logs within Splunk products 
  • Point and click experience 
  • Reach peak cloud visibility 
  • Get started in under 10 minutes 
  • Extend value of Splunk investment at no additional cost 
  • Available for customers using: Observability and Splunk Cloud or Splunk Enterprise 

Documentation:

https://docs.splunk.com/observability/en/logs/intro-logconnect.html

2) Does configuring/ enabling unified identity forgo the issues surrounding Log Observer Connect and a PCI Splunk Cloud Instance?

  • Enabling Unified Identity forgoes the configuration process around Log Observer Connect. When a customer signs up for Unified Identity, a connection to the connected Splunk Cloud instance is made automatically and helps with RBAC (Role-based Access Control). This helps with allowing users to get access to selected indexes and/or have limits set on the number of searches that can be dispatched to the Splunk Cloud instance.
  • Configuring unified identity does not forgo PCI compliant issues. Observability is not PCI compliant, therefore, both Unified Identity and Log Observer Connect are not. 
  • If a customer still wants to connect their PCI-compliant stack to O11y using Unified Identity or Log Observer Connect, they need to sign a consent form and the Observability backend team will add their organization to the exception list.

3) I'm currently using UF's for collecting log data. What are the benefits of adding the OpenTelemetry collector as a TA if I want to collect traces and metrics??

  • Out of the box host metrics collection
  • Deploy and monitor using the Deployment Server
  • Similar lifecycle as other TAs
  • No change to log ingestion via UF

Documentation:

https://docs.splunk.com/Documentation/OTC/1.3.0/manual/About 

 

0 Karma