Splunk Observability Cloud
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Send logs directly to Splunk Observability Cloud using Splunk Universal Forwarder

rahusri2
Path Finder
‎12-17-2024 12:50 AM

Hello,

Is it possible to send logs (for example: /var/log/GRPCServer.log) directly to Splunk Observability Cloud using  Splunk Universal Forwarder?

If yes, how we can configure Splunk Universal Forwarder to send logs to Splunk Observability Cloud directly as we don't have the IP Address / hostname of Splunk Observability Cloud as well the 9997 port open atSplunk Observability Cloud end, like in general we can the below steps to configure Splunk Universal Forwarder to Splunk Enterprise/Cloud as mentioned below:

  1.  Add IP_Address/Host_Name where the log has to be sent "./splunk add <IP/HOST_NAME>:9997"
  2. Add the file whose log has to collected "./splunk add monitor /var/log/GRPCServer.log" 

Thank You

Labels (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bishida
Splunk Employee
Splunk Employee
‎12-17-2024 07:15 AM

Splunk Observability Cloud relies on the Splunk Core Platform (Splunk Cloud or Splunk Enterprise) for logging capabilities. So, logs aren’t sent directly to Observability Cloud—you send them to Splunk Cloud/Enterprise and then pull them in to view with the Log Observer Connect integration in Observability Cloud. When you click to "Log Observer" in Observability Cloud, the logs you see are brought in to view at that moment by reading them from your Splunk Cloud/Enterprise.

View solution in original post

Reply
Solved! Jump to solution

rahusri2
Path Finder
‎12-17-2024 07:51 AM

Hello @bishida,

Thanks for sharing the information.

As per the document Splunk Enterprise it says "Choose this option if you manage Splunk Enterprise in a data center or public cloud. Follow the steps in the wizard to securely connect to Splunk Enterprise instance and query logs data using Log Observer."

If we are using Splunk Enterprise for logging and want to forward data to the Observability Cloud, is it possible for the Splunk Enterprise host to be on a private network?

If yes, what additional steps or configurations are needed to enable the Splunk Enterprise host to transfer data to the Observability Cloud?

Additionally, can this be achieved if the splunk-otel-collector.service is running on the Splunk Enterprise host in private network?

Thanks

 

0 Karma
Reply
Solved! Jump to solution

bishida
Splunk Employee
Splunk Employee
‎12-17-2024 08:14 AM

To configure log observer connect to Splunk Enterprise running on a private network, there will be additional considerations for you. You will need some help from your private networking team to allow incoming traffic from O11y Cloud. Note the IP addresses of this incoming traffic on this doc page:

https://docs.splunk.com/observability/en/logs/set-up-logconnect.html#logs-set-up-logconnect

A typical approach for this scenario is to use a load balancer (e.g., F5) to listen for this incoming traffic and then pass the request to the Splunk search head on your private network. Using a load balancer is nice because you can manage the ssl cert at the balancer. If you configure a true pass-through to the search head (e.g. port forwarding), then you will need to configure an ssl cert on the Splunk search head management interface which adds steps.

The fact that you have an OTel collector running on your Splunk Enterprise host doesn’t affect this scenario with log observer connect.

Reply
Solved! Jump to solution
Solution

bishida
Splunk Employee
Splunk Employee
‎12-17-2024 07:15 AM

Splunk Observability Cloud relies on the Splunk Core Platform (Splunk Cloud or Splunk Enterprise) for logging capabilities. So, logs aren’t sent directly to Observability Cloud—you send them to Splunk Cloud/Enterprise and then pull them in to view with the Log Observer Connect integration in Observability Cloud. When you click to "Log Observer" in Observability Cloud, the logs you see are brought in to view at that moment by reading them from your Splunk Cloud/Enterprise.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...