Getting data into Log Observer
Splunk Log Observer is no longer available for sale. For new customers interested in this functionality, we recommend you look into Log Observer Connect, which is free for Splunk Enterprise or Splunk Cloud Platform customers. For existing customers, Log Observer is still supported, but you can move to Log Observer connect by following these instructions:
- If you would like to send logs from the Collector to Cloud Platform/Enterprise, refer to: Send logs from the Collector to Splunk Cloud or Enterprise
- If you don’t need to send logs from the Collector at all, refer to: Disable log data in the Collector
Splunk Log Observer is part of Splunk Observability Cloud. To get started with Splunk Observability Cloud, first follow the instructions in the Splunk Docs topic, Set up and administer Splunk Observability Cloud. New users might also be interested in the Splunk Education offerings for Splunk Log Observer.
After getting set up with Splunk Observability Cloud, you must start with getting data in.
Step 1: Collect infrastructure data with an OpenTelemetry Collector
Observability Cloud supports integrations for Kubernetes, Linux, and Windows. Integrations for these data sources help you deploy a Splunk OpenTelemetry Collector to export metrics from hosts and containers to Observability Cloud.
- Using the Splunk OpenTelemetry Collector is optional; however, you get higher-resolution data using the collector than from cloud integrations.
- See these pages for more information about sending host or container metrics to Observability Cloud:
- Additionally, here is a list of all Supported Data Sources, and how to integrate them.
Step 2: Verify successful data ingestion
Verify successful ingestion of data by filtering or aggregating the log data available. Performing these basic functions will enable you to drill deeper into the ingested log data to determine whether or not the data was ingested as expected.
You can do this by selecting the Add Filter button at the top of the search header in the Log Observer UI. Add a filter to the data that you know should be present in the ingested log data in order to verify successful data ingestion.
After you’re satisfied with how the data is ingested and is presented in Log Observer, you have completed this Getting Data In step.