Splunk Log Observer: Fast and Powerful Log Investigation for DevOps Teams

When it comes to DevOps, Splunk has a lot to say at .conf20. There’s a lot to digest from new product names to introducing new products to create a complete observability experience. We announced the Splunk Observability Suite, which creates a seamless workflow across monitoring, investigation and troubleshooting tasks. We also extended our portfolio with Splunk Real User Monitoring, which provides front end engineers better insights into performance. Another announcement — one that got a lot of interest — is the announcement of a new offering and part of the Splunk Observability Suite, Splunk Log Observer

Introducing Splunk Log Observer

Splunk Log Observer is our new logging solution, which will be available as a beta this winter, designed for DevOps. It enables DevOps teams to understand the “why” behind application and infrastructure behavior. Splunk Log Observer sets up in minutes and connects to the crucial developer and SRE-oriented logs. In talking with developers and SREs, here are the things that they told us were important for their logging use cases and the experience they wanted to investigate their log data:

  • Onboarding data quickly, and in-context: Splunk Log Observer enables easy on-boarding of some of the most popular data sources, from Kubernetes to Fluentd and multiple AWS services. Perhaps more important, the data isn’t just ingested, it’s shaped to provide context around the data. Why is this important? That brings us to the second capability DevOps users are excited about.

  • Point-and-Click log investigation: Splunk Log Observer offers a point-and-click interface for rapid investigation of logs. Because Splunk Log Observer understands the fields of data upfront, it’s easy to filter, sort and explore data based on what’s important to you at that very moment -- which in many cases is rapidly getting to the “why” behind an outage or other unexpected behavior. Put another way, there is no need to learn a query language!

  • Live Tail: The moments after a deploy can be nerve-wracking. With Splunk Log Observer, Live Tail allows SREs and developers to filter and watch critical logs to see events as they unfold in production. This gives them confidence that they can not only see what is happening but quickly dive into the relevant set of logs to fix any potential problems right away. 

  • Seamless transition from Traces to Logs: The key to tight integration is context — the focus of your monitoring investigation should automatically be the starting point of your log investigation. With Splunk Log Explorer is designed so that an attribute of a trace, whether a specific trace ID, or a parameter of a tag, becomes a filter to remove extraneous steps from log exploration.

By starting an investigation by filtering log exploration on a suspect version causing a problem, we can quickly confirm what is the root cause of the problem. 

  • Part of the Splunk Observability Suite: Seamlessly moving from monitoring to troubleshooting to investigations requires a seamless product experience, and that’s what the Splunk Observability Suite enables — a single, consistent user experience across all your data, even your logs. No more swivel-chair antics when you’re investigating the source of performance problems and outages. 

Join the Beta Program!

Splunk Log Observer is a powerful and fast new way to investigate the source of problems, especially in cloud-native, microservices driven requirements. If you are interested in registering for the beta, you can sign up here and we’ll reach out when the beta is ready for you to try.

Happy Splunking,

Follow all the conversations coming out of #splunkconf20!

Bill Emmett

Posted by


Show All Tags
Show Less Tags