Splunk Enterprise Logs Now Available in Splunk Observability for Simplified Troubleshooting

We are excited to announce that Splunk Log Observer Connect for Splunk Enterprise, previewed at .conf21, is now generally available! Log Observer Connect is a new feature that lets observability users explore the data already being sent to existing Splunk instances with Splunk Log Observer’s intuitive no-code interface for faster troubleshooting and root-cause analysis. 

Why Is This Feature Important?

Our customers do a lot with log analytics. They leverage logs for compliance, to respond to security incidents, to investigate issues, to understand the behaviors of their users, to put out fires, start fires, build cabins and more. Logs and centralized log monitoring are critical components of an effective observability strategy but, for new cloud-native environments and microservices-based applications, logs alone are not enough for the real-time monitoring and troubleshooting required to maintain SLAs and deliver great user experiences from modern web/mobile apps. For complete visibility into customer experience and system health, teams need to leverage metric and trace data in context with log data to troubleshoot issues quickly, which is increasingly important as the cost of downtime and latency goes up. 

For developers who build applications and troubleshoot them in production, and SRE’s who configure and maintain the reliable operation of production systems their primary goals are:

  • Achieve faster time to market
  • Increase deployment frequency
  • Lower failure rates
  • Reduce mean-time-to-resolution (MTTR) 

In order to achieve these goals, they spend most of their time looking at metrics dashboards to monitor performance in real-time and may jump into traces and associated logs during an incident. Leveraging metrics and traces for monitoring and troubleshooting allows these teams to move quickly, since querying log data often requires knowledge of special languages and may be most beneficial for root cause analysis and in post-incident review. Furthermore log tools are often separate from metric and distributed tracing tools, making it hard to explore data quickly and take action on it. This separation also exacerbates tool sprawl and operational inefficiencies. 

All of Your Data In Splunk: 

Splunk Observability gives SRE and DevOps teams the ability to analyze metrics, trace, event and log data, all in context. Analyzing all telemetry data in one tool is important because for most of our customers, if there is an issue with an application, they first go to the dashboard for that application in order to see the infrastructure metrics, application metrics, and related logs for fast insights. Users need to see the logs that correspond to a metric or trace (or chart or service map) directly within the same experience, without needing to be experts in a query language. This is where Log Observer Connect comes in, providing a log investigation experience integrated in Splunk Observability Cloud.

Log Observer Connect allows users to centralize their observability data alongside their security, analytics, compliance, and other log data in Splunk Enterprise, bringing together metrics, traces, events and any relevant data, in context, in Splunk Observability Cloud so SREs and developers can troubleshoot issues quickly. If you happen to be an existing Splunk Enterprise customer who has Splunk Infrastructure Monitoring, Splunk APM or Splunk Observability Cloud licenses, you can start using Log Observer Connect right away at no extra cost. With this integration it’s easier than ever to consolidate tools and have centralized log management for improved observability and operations. And for more advanced investigations, post incident reviews and security, teams can leverage the power of Splunk Enterprise. It’s the best of both worlds. 

With Log Observer Connect, Splunk customers can extend the value of their existing Splunk instances to DevOps teams. It’s designed to enable DevOps, SRE and Platform teams who may not spend a lot of time in Splunk Enterprise to understand the “why” behind application and cloud infrastructure behavior. Investigations are intuitive, require no additional coding and empower teams to readily combine real-time log data with metrics and traces to gain immediate insights.

With Log Observer Connect You Can: 

  • Centralize your data and data management - Different teams in your organization may be leveraging Splunk for different use cases or other tools. Simplify management and build an operational center of excellence with all of your data centralized on Splunk.
  • Explore Splunk Enterprise data, correlated with metrics and traces through the Log Observer interface to reduce MTTR and get more out of your existing investment.
  • Get started quickly with minimal configuration changes, leveraging existing Splunk Universal Forwarder and technical add-ons (TAs) in addition to OpenTelemetry.
  • Improve customer experiences - Access the no-code Log Observer experience and related content links for faster troubleshooting and root-cause analysis.
  • Extend the value of your existing investment at no additional cost.

With Splunk’s best-in-class observability capabilities integrated with Splunk Enterprise, teams across your organization can harness the power of a unified observability solution that will scale with you to monitor mission critical applications and quickly understand and optimize customer experience. 

Try It Today!

Consolidate your tools on Splunk. Get the most out of your existing Splunk data by connecting it to your observability workflow via Log Observer Connect.

To set up Log Observer Connect, follow these steps:

In Observability Cloud, go to Organization Settings > Log Observer Connect to set up a connection with Splunk Enterprise.

In Splunk Enterprise, follow the instructions in the integration wizard to do the following:

  • Create a new Splunk Enterprise role.
  • Select the Splunk Enterprise indexes that you want to search in Log Observer Connect.
  • Create a new Splunk Enterprise user.
  • Secure your connection by adding certificates.

You can find more detailed instructions in our Log Observer documentation

Not a Splunk Observability customer, but want to explore new capabilities? Start a free trial today.

Nicolette Graham is a Product Marketing Manager at Splunk focused on Observability. She has a passion for Splunk users and loves to learn about all of the inventive and amazing things that they're doing with observability in order to ship code faster and provide amazing customer experiences! Prior to Splunk, Nicolette championed IT customer success stories at VMware as a Customer Reference Manager.