Introduction to Splunk Log Observer 🔗
Note
Customers with a Splunk Log Observer entitlement in Splunk Observability Cloud must transition from Log Observer to Log Observer Connect by December 2023. With Log Observer Connect, you can ingest more logs from a wider variety of data sources, enjoy a more advanced logs pipeline, and expand into security logging. See Splunk Log Observer transition to learn how.
If you do not have a Log Observer entitlement and instead use Log Observer Connect, see Introduction to Splunk Log Observer Connect.
What is Log Observer? 🔗
Troubleshoot your application and infrastructure behavior using high-context logs in these applications:
Log Observer
Log Observer Connect
In Log Observer, you can perform codeless queries on logs to detect the source of problems in your systems. You can also extract fields from logs to set up log processing rules and transform your data as it arrives or send data to Infinite Logging S3 buckets for future use. See What can I do with Log Observer? to learn more about Log Observer capabilities.
In Log Observer Connect, you can perform codeless queries on your Splunk Enterprise or Splunk Cloud Platform logs. See Introduction to Splunk Log Observer Connect to learn what you can do with the Splunk platform integration.
What can I do with Log Observer? 🔗
The following table lists features available to customers with a Log Observer entitlement. If you don’t have a Log Observer entitlement in Observability Cloud, see Introduction to Splunk Log Observer Connect to discover features available to customers of the Splunk platform integration.
Do this |
With this tool |
Link to documentation |
|---|---|---|
View your incoming logs grouped by severity over time and zoom in or out to the time period of your choice. |
Timeline |
|
Create a chart to see trends in your logs. |
Log metricization rules |
|
Find out which path in your API has the slowest response time. |
Log aggregations |
|
Filter your logs to see only logs that contain the field error. |
Logs table |
|
Redact data to mask personally identifiable information in your logs. |
Field redaction processors |
|
Confirm that a recent fix stopped a problem. |
Live Tail |
|
Apply processing rules across historical data to find a problem in the past. |
Search-time rules |
|
Transform your data or a subset of your data as it arrives in Observability Cloud. |
Log processing rules |
|
Minimize expense by archiving unindexed logs in Amazon S3 buckets for potential future use. |
Infinite Logging rules |
|
See the metrics, traces, and infrastructure related to a specific log. |
Related Content |
Get started with Log Observer 🔗
If you have a Log Observer entitlement and want to set up Log Observer and start performing queries on your logs, see Set up Log Observer.
If you don’t have a Log Observer entitlement in Observability Cloud, see Set up Log Observer Connect for Splunk Enterprise or Set up Log Observer Connect for Splunk Cloud Platform to learn how to set up Log Observer Connect and begin querying your Splunk platform logs.