Skip to main content
Splunk Lantern

Prescriptive Adoption Motion - Using the Splunk platform for Observability use cases


As teams modernize, there are a lot more things they have to monitor and react to - hybrid environments, more frequent software changes, more telemetry data emitted across fragmented tools, and more alerts. Troubleshooting these software systems has never been harder, and the way monitoring has traditionally been done isn't effective anymore.

Observability can be viewed as a modern approach to monitoring that provides complete visibility across the full stack of infrastructure, applications, and the digital customer experience. Observability provides the insights needed to ensure the continuous health, reliability and performance of the business and the applications and infrastructure that it runs on.

Splunk Observability Cloud provides a seamless and streamlined workflow that can be used during the whole observability life cycle for monitoring, troubleshooting, investigation and resolution. But many customers also use the Splunk platform for observability needs, since the Splunk platform serves as the exclusive log ingestion mechanism for Splunk Observability Cloud while also adeptly managing metrics. However, it's worth noting that the Splunk platform lacks the capacity to handle traces, a pivotal component of Splunk Observability Cloud.

This guide shows you how you can build a foundational observability program using only the Splunk platform and Splunkbase apps, but if you want to learn how to use Splunk Observability Cloud for a single, consistent user experience across all metric, trace and log data, check the Use Case Explorer for Observability.

Aim and strategy

The Splunk platform enables customers to tackle data sprawl driven by digital transformation initiatives and is uniquely suited to meeting comprehensive visibility needs at scale. This provides business resilience, innovation, and enterprise grade scalability that helps modern enterprises thrive. In today’s complex landscape, data is created and analyzed across multiple silos, creating challenges around data access and security. The Splunk platform can help normalize data across sources, but more importantly, it can enable stakeholders to add context to data as it relates to business value. All of this is provided in a hybrid environment and using machine learning to move beyond the feasibility of human scale.

Common use cases

With only the Splunk platform, you can implement a variety of fundamental and effective observability use cases. Use the Splunk IT Essentials Learn and IT Essentials Work apps to discover those use cases, or browse the ones linked in this section, available in the Splunk Lantern Platform Use Case Explorer.

User roles

Role Responsibilities

Tech Leaders

Manage teams that build and deliver software and services that impact revenue

DevOps Engineers, SREs

Deploy and manage apps and cloud infrastructure, and ensure reliability

Engineering Teams

Provide self-service tooling for developers to improve their productivity and create consistency across teams

ITOps Practitioners

Manage hybrid environment and services and resolve incidents

Developers and Software Engineers

Design, build, deploy, and debug application code


1. Prerequisites

The Splunk platform provides comprehensive visibility across modern enterprise environments by combining log analytics, metrics, and tracing data. In order to effectively ingest the initial logging data at scale, a properly implemented Splunk Enterprise or Splunk Cloud Platform environment must be in place. Resources such as the Splunk Success Framework can help to ensure any deployment is aligned with proven best practices.

Choosing the appropriate core data platform comes down to six primary considerations. All of these are important if you want to be able to work with any data in your organization; regardless of source, format, or time scale, you want to be able to ask any question and get actionable insight.

  1. On-premises, cloud or hybrid. Multiple factors determine whether you manage your data on site, through a cloud provider, or a combination of both. Those factors include:
    • Security and compliance requirements
    • Costs of different software licensing models
    • Which skills/functions you want to maintain in your in-house IT team, and which you acquire through your vendors
  2. Scalability. A data platform must be able to perform at today’s scale and be adaptable to the inevitable growth of your data stores. The need for scalability is one of the main forces behind the increased adoption of cloud-based data platforms.
  3. Flexibility. Flexibility is essential. Can the platform currently serve multiple groups and use cases? Is it relatively straightforward to add new functions and use cases to the platform? Is there a robust ecosystem of applications and add-ons that can support new functions?
  4. Usability and breadth. Is the platform you’re considering simple to deploy and configure for users of varying skill levels? What’s the learning curve? Applying data to every decision requires that anyone in your organization, from IT wizards to non-technical employees, are able to work with that data.
  5. Security and compliance. Organizations need to ensure that their data is protected to prevent data breaches that dominate headlines and put companies, customers and even nations at risk. That means ensuring that your data platform has robust security features built in, or tools that integrate with your existing security solutions. The same is true for compliance - a data management platform that adheres to the frameworks and guidelines established by a country or region’s regulatory bodies is essential if your organization does business in that country or region.
  6. Intelligence and automation. Vast quantities of data - for which a data platform is a requirement - exceed the capabilities of even the most dedicated analysts. Innovations in technology, particularly around machine learning (ML) and artificial intelligence (AI), have created new opportunities for organizations of every size to benefit from data-driven insights.

Implementation guide

To start getting data into your Splunk deployment, configure an input. There are several ways to do this. For the most straightforward option, use Splunk Web or Splunk Edge Processor. With a Splunk platform deployment, you might need to configure a universal forwarder to send the data to your Splunk Cloud Platform instance. Alternatively, you can download and enable apps and add-ons, such as the Splunk Add-on for Unix and Linux. See Use apps and add-ons to get data in for more information.

After you configure the inputs or enable an app, your Splunk deployment stores and processes the specified data. You can go to either the Search & Reporting app or the main app page and begin exploring the data that you collected. Apps like Splunk IT Service Intelligence provide enhanced data exploration, monitoring, and alerting features.

For more information see Getting Data In.

Success measurement

When implementing the guidance in this adoption guide, you should see improvements in the following: 

  • Helps ITOps teams prioritize actionable events so they can quickly find root cause and resolve critical incidents, resulting in quicker mean time to detect/repair (MTTD/MTTR)
  • Improved event management
  • Greater customer satisfaction
  • Improved IT Operations posture