Log Observer Connect is a new feature that lets observability users (i.e. SRE, Developers, CloudOps folks) explore the data already being sent to existing Splunk instances with Splunk Log Observer’s intuitive no-code interface, part of Observability Cloud, for faster troubleshooting and root-cause analysis (which ultimately leads to amazing customer experiences!)
Why is this feature important?
You do a lot with log analytics. You leverage logs for compliance, to respond to security incidents, to investigate issues, to understand the behaviors of users, to put out fires, start fires, build cabins, and more. Logs and centralized log monitoring are critical components of an effective observability strategy but, for new cloud-native environments and microservices-based applications, logs alone are not enough for the real-time monitoring and troubleshooting required to maintain SLAs and deliver great user experiences from modern web/mobile apps. For complete visibility into customer experience and system health, teams need to leverage metric and trace datain context with log data to troubleshoot issues quickly, which is increasingly important as the cost of downtime and latency goes up.
All of Your Data in Splunk?! Yes! Here are the deetz:
Splunk Observability gives SRE and DevOps teams the ability to analyze metrics, trace, event, and log data, all in context. Analyzing all telemetry data in one tool is important because for most of our Observability users if there is an issue with an application, they first go to the dashboard for that application in order to see the infrastructure metrics, application metrics, and related logs for fast insights. Users need to see the logs that correspond to a metric or trace (or chart or service map) directly within the same experience, without needing to be experts in a query language. This is where Log Observer Connect comes in, providing a log investigation experience integrated in Splunk Observability Cloud.
Log Observer Connect allows Splunk users to centralize their observability data alongside their security, analytics, compliance, and other log data in Splunk Enterprise, in Splunk Observability Cloud so SREs and developers can troubleshoot mission-critical applications quickly. If you are an existing Splunk Enterprise customer who has Splunk Infrastructure Monitoring, Splunk APM, or Splunk Observability Cloud licenses, you can start using Log Observer Connect right away at no extra cost. With this integration, it’s easier than ever to consolidate tools and have centralized log management for improved observability and operations. And for more advanced investigations, post-incident reviews, and security, teams can leverage the power of Splunk Enterprise. It’s the best of both worlds.
With Log Observer Connect You Can:
Centralize your data and data management - Different teams in your organization may be leveraging Splunk for different use cases or other tools. Simplify management and build an operational center of excellence with all of your data centralized on Splunk.
Explore Splunk Enterprise data, correlated with metrics and traces through the Log Observer interface to reduce MTTR and get more out of your existing investment.
Get started quickly with minimal configuration changes, leveraging existing Splunk Universal Forwarder and technical add-ons (TAs) in addition to OpenTelemetry.
Improve customer experiences - Access the no-code Log Observer experience and related content links for faster troubleshooting and root-cause analysis.
With Splunk’s best-in-class observability capabilities integrated with Splunk Enterprise, teams across your organization can harness the power of a unified observability solution that will scale with you to monitor mission-critical applications and quickly understand and optimize the customer experience.
Start Exploring Splunk Enterprise Data in Log Observer:
Consolidate your tools on Splunk. Get the most out of your existing Splunk data by connecting it to your observability workflow via Log Observer Connect.
To set up Log Observer Connect, follow these steps:
In Observability Cloud, go to Organization Settings > Log Observer Connect to set up a connection with Splunk Enterprise.
In Splunk Enterprise, follow the instructions in the integration wizard to do the following:
Create a new Splunk Enterprise role.
Select the Splunk Enterprise indexes that you want to search in Log Observer Connect.
Create a new Splunk Enterprise user.
Secure your connection by adding certificates.
You can find more detailed instructions in our Log Observer documentation.
If you haven’t explored Splunk’s Observability portfolio yet, you can dive right in here or start a free trial to see how you can expand your use cases, and make your operations better - and life easier! Thanks for reading about the awesome new Log Observer Connect integration! Make sure to connect with us on what you’re most excited about! Make a comment below, if you'd like to share your feedback with us 😁.
O11y pun time. O11y = Observability:
Splunk has O11y you want and more! And, as Janet Jackson would say… it’s O11y for you.