Splunk Observability Cloud
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Send logs directly to Splunk Observability Cloud using Splunk Universal Forwarder

rahusri2
Path Finder
‎12-17-2024 12:50 AM

Hello,

Is it possible to send logs (for example: /var/log/GRPCServer.log) directly to Splunk Observability Cloud using  Splunk Universal Forwarder?

If yes, how we can configure Splunk Universal Forwarder to send logs to Splunk Observability Cloud directly as we don't have the IP Address / hostname of Splunk Observability Cloud as well the 9997 port open atSplunk Observability Cloud end, like in general we can the below steps to configure Splunk Universal Forwarder to Splunk Enterprise/Cloud as mentioned below:

  1.  Add IP_Address/Host_Name where the log has to be sent "./splunk add <IP/HOST_NAME>:9997"
  2. Add the file whose log has to collected "./splunk add monitor /var/log/GRPCServer.log" 

Thank You

Labels (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bishida
Splunk Employee
Splunk Employee
‎12-17-2024 07:15 AM

Splunk Observability Cloud relies on the Splunk Core Platform (Splunk Cloud or Splunk Enterprise) for logging capabilities. So, logs aren’t sent directly to Observability Cloud—you send them to Splunk Cloud/Enterprise and then pull them in to view with the Log Observer Connect integration in Observability Cloud. When you click to "Log Observer" in Observability Cloud, the logs you see are brought in to view at that moment by reading them from your Splunk Cloud/Enterprise.

View solution in original post

Reply
Solved! Jump to solution

rahusri2
Path Finder
‎12-17-2024 07:51 AM

Hello @bishida,

Thanks for sharing the information.

As per the document Splunk Enterprise it says "Choose this option if you manage Splunk Enterprise in a data center or public cloud. Follow the steps in the wizard to securely connect to Splunk Enterprise instance and query logs data using Log Observer."

If we are using Splunk Enterprise for logging and want to forward data to the Observability Cloud, is it possible for the Splunk Enterprise host to be on a private network?

If yes, what additional steps or configurations are needed to enable the Splunk Enterprise host to transfer data to the Observability Cloud?

Additionally, can this be achieved if the splunk-otel-collector.service is running on the Splunk Enterprise host in private network?

Thanks

 

0 Karma
Reply
Solved! Jump to solution

bishida
Splunk Employee
Splunk Employee
‎12-17-2024 08:14 AM

To configure log observer connect to Splunk Enterprise running on a private network, there will be additional considerations for you. You will need some help from your private networking team to allow incoming traffic from O11y Cloud. Note the IP addresses of this incoming traffic on this doc page:

https://docs.splunk.com/observability/en/logs/set-up-logconnect.html#logs-set-up-logconnect

A typical approach for this scenario is to use a load balancer (e.g., F5) to listen for this incoming traffic and then pass the request to the Splunk search head on your private network. Using a load balancer is nice because you can manage the ssl cert at the balancer. If you configure a true pass-through to the search head (e.g. port forwarding), then you will need to configure an ssl cert on the Splunk search head management interface which adds steps.

The fact that you have an OTel collector running on your Splunk Enterprise host doesn’t affect this scenario with log observer connect.

Reply
Solved! Jump to solution
Solution

bishida
Splunk Employee
Splunk Employee
‎12-17-2024 07:15 AM

Splunk Observability Cloud relies on the Splunk Core Platform (Splunk Cloud or Splunk Enterprise) for logging capabilities. So, logs aren’t sent directly to Observability Cloud—you send them to Splunk Cloud/Enterprise and then pull them in to view with the Log Observer Connect integration in Observability Cloud. When you click to "Log Observer" in Observability Cloud, the logs you see are brought in to view at that moment by reading them from your Splunk Cloud/Enterprise.

Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...