Merge pull request splunk#1735 from splunk/repo-sync

Pulling refs/heads/main into main

Author: aurbiztondo-splunk

admin/authentication/authentication-tokens/org-tokens.rst

@@ -201,8 +201,6 @@ To finish creating the token, select an expiration date for the token.
 
    * :menuselection:`Only admins can receive alert`: Only admins receive an alert when the token is close to its expiration date.
    * :menuselection:`Admins and users or teams with token permissions can receive alert`: Admins and any users with token permissions receive an alert when the token is close to its expiration date.
-
-#. (Optional) Set a time for when Splunk Observability Cloud sends an expiration alert. For example, a value of 7 days means Splunk Observability Cloud will send an alert 7 days before the token expires.
 #. Select :guilabel:`Create` to finish creating the new token.
 
 .. _access-token-rotate:
@@ -299,4 +297,4 @@ To change limits for your access tokens, including host and container limits, fo
 #. Select the token actions menu (|verticaldots|), and select :guilabel:`Manage limits`. 
 #. In the :guilabel:`Manage limits` menu, add the new token limits. 
 
-To learn more about token limits, see :ref:`admin-manage-usage`.
+To learn more about token limits, see :ref:`admin-manage-usage`.

gdi/get-data-in/application/java/java-otel-requirements.rst

@@ -45,15 +45,14 @@ Supported libraries and frameworks
 
 The Splunk Distribution of OpenTelemetry Java instruments numerous libraries, frameworks, and application servers.
 
+.. note:: To deactivate specific instrumentations, see :ref:`java-instrumentation-issues`.
+
 .. raw:: html
 
     <div class="instrumentation" section="instrumentations" url="https://raw.githubusercontent.com/splunk/o11y-gdi-metadata/main/apm/splunk-otel-java/metadata.yaml" data-renaming='{"keys": "Identifier", "description": "Description", "stability": "Stability", "support": "Support", "instrumented_components": "Components", "signals": "Signals", "source_href": "Source", "settings": "Settings", "dependencies": "Dependencies", "supported_versions": "Supported versions", "name": "Name", "package_href": "Package URL", "version": "Version", "instrument": "Type", "metric_name": "Metric name", "metrics": "Metrics", "env": "Environment variable", "default": "Default", "type": "Type", "category": "Category"}'></div>
 
 For a complete list of supported libraries and frameworks, see :new-page:`Supported libraries <https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/docs/supported-libraries.md>` in the OpenTelemetry documentation.
 
-.. note:: To deactivate specific instrumentations, see :ref:`java-instrumentation-issues`.
-
-
 .. _java-otel-connector-requirement:
 
 Install and configure the Splunk Distribution of OpenTelemetry Collector

gdi/get-data-in/connect/aws/aws-prereqs.rst

@@ -218,6 +218,8 @@ On top of the required permissions, you also need to include the specific permis
 
 These are these permissions to allow Splunk Observability Cloud to collect AWS tags and properties:
 
+- ``"acm:DescribeCertificate"``
+- ``"acm:ListCertificates"``
 - ``"airflow:ListEnvironments"``
 - ``"airflow:GetEnvironment"``
 - ``"apigateway:GET"``

gdi/monitors-monitoring/cadvisor.rst

@@ -8,28 +8,50 @@ cAdvisor
 
 The Splunk Distribution of OpenTelemetry Collector uses the Smart Agent receiver with the
 cAdvisor monitor type to pull metrics directly from cAdvisor. By
-default, it runs on port 4194, but it can be configured to any other
-port.
+default, it runs on port 4193, but it can be configured to any other
+port. 
+
+This integration is available on Kubernetes, Linux, and Windows.
+
+cAdvisor with Kubernetes
+------------------------
 
 If you are using Kubernetes, consider the
 :ref:`kubelet-stats-receiver` because many Kubernetes nodes do not
 expose cAdvisor on a network port, even though they are running it
 within Kubelet.
 
+If you are using Kubernetes, consider the Kubelet stats receiver 
+because many Kubernetes nodes do not expose cAdvisor on a network port, 
+even though they are running it within Kubelet. 
+
+In some managed Kubernetes environments, such as Amazon EKS, you cannot 
+directly access cAdvisor metrics due to the cluster provider's  
+security and control design. For example, in Amazon EKS, 
+the ``kubeletstats`` receiver cannot directly collect cAdvisor metrics. 
+This constraint is specific to managed environments and is not a restriction 
+of the Splunk Distribution of OpenTelemetry Collector.
+
+You can, however, indirectly collect cAdvisor metrics exposed through 
+the Kubernetes proxy metric server using a receiver with the required configuration.
+We recommend using the :ref:`Prometheus receiver <prometheus_receiver>` 
+to scrape metrics from the proxy metric server. 
+
+
+cAdvisor with Docker
+---------------------
+
 If you are running containers with Docker, retrieved metrics might
-overlap with ``docker-container-stats``\ '. Consider not enabling the
+overlap with ``docker-container-stats``. Consider not enabling the
 Docker monitor in a Kubernetes environment, or else use filtering to
 allow only certain metrics. This will cause the built-in Docker
 dashboards to be blank, but container metrics will be available on the
 Kubernetes dashboards instead.
 
-This integration is available on Kubernetes, Linux, and Windows.
 
 Benefits
 --------
 
-
-
 .. raw:: html
 
    <div class="include-start" id="benefits.rst"></div>
@@ -41,13 +63,9 @@ Benefits
    <div class="include-stop" id="benefits.rst"></div>
 
 
-
-
 Installation
 ------------
 
-
-
 .. raw:: html
 
    <div class="include-start" id="collector-installation-linux.rst"></div>
@@ -59,13 +77,9 @@ Installation
    <div class="include-stop" id="collector-installation-linux.rst"></div>
 
 
-
-
 Configuration
 -------------
 
-
-
 .. raw:: html
 
    <div class="include-start" id="configuration.rst"></div>
@@ -77,10 +91,11 @@ Configuration
    <div class="include-stop" id="configuration.rst"></div>
 
 
+Examples
+^^^^^^^^
 
-
-Example
-~~~~~~~
+Activate integration
+####################
 
 To activate this integration, add the following to your Collector
 configuration:
@@ -102,8 +117,60 @@ section of your configuration file:
        metrics:
          receivers: [smartagent/cadvisor]
 
+.. _prometheus_receiver:
+
+Prometheus receiver
+###################
+
+The following example shows how to configure a Prometheus receiver 
+to scrape cAdvisor metrics securely from Kubernetes nodes using TLS and authorization 
+credentials.
+
+.. code:: yaml
+
+   agent:
+     config:
+       receivers:
+         prometheus/cadvisor:
+           config:
+             scrape_configs:
+               - job_name: cadvisor
+                 tls_config:
+                   ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+                 authorization:
+                   credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+                 scheme: https
+                 kubernetes_sd_configs:
+                   - role: node
+                 relabel_configs:
+                   - replacement: 'kubernetes.default.svc.cluster.local:443'
+                     target_label: __address__
+                   - regex: (.+)
+                     replacement: '/api/v1/nodes/$${1}/proxy/metrics/cadvisor'
+                     source_labels:
+                       - __meta_kubernetes_node_name
+                     target_label: __metrics_path__
+       service:
+         pipelines:
+           metrics:
+             exporters:
+               - signalfx
+             processors:
+               - memory_limiter
+               - batch
+               - resourcedetection
+               - resource
+             receivers:
+               - hostmetrics
+               - kubeletstats
+               - otlp
+               - prometheus/cadvisor
+               - receiver_creator
+               - signalfx
+   
+
 Configuration settings
-~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^
 
 The following table shows the configuration options for this receiver:
 
@@ -135,9 +202,7 @@ The following metrics are available for this integration:
       <div class="metrics-yaml" url="https://raw.githubusercontent.com/signalfx/splunk-otel-collector/main/internal/signalfx-agent/pkg/monitors/cadvisor/metadata.yaml"></div>
 
 Notes
-~~~~~
-
-
+^^^^^
 
 .. raw:: html
 
@@ -155,8 +220,6 @@ Notes
 Troubleshooting
 ---------------
 
-
-
 .. raw:: html
 
    <div class="include-start" id="troubleshooting-components.rst"></div>

gdi/opentelemetry/components/http-forwarder-extension.rst

@@ -9,3 +9,5 @@ HTTP forwarder extension
 
 The Splunk Distribution of the OpenTelemetry Collector supports the HTTP forwarder extension. Documentation is planned for a future release.
 
+Splunk Observability Cloud uses OpenTelemetry to correlate telemetry types. To do this, your telemetry field names or metadata key names must exactly match the metadata key names used by both OpenTelemetry and Splunk Observability Cloud. To ensure your metadata key names are correctly named, see :ref:`relatedcontent-collector`.
+

release-notes/2025-4-rn.rst

@@ -20,7 +20,7 @@ April 22, 2025 release
    * - New feature or enhancement
      - Description
    * - Splunk Synthetic Monitoring audit logs
-     - Use the Synthetics API to retrieve audit logs. These logs provide a detailed history of any changes made to Synthetics resources, such as tests, downtime configurations, TOTP tokens, private locations, and more. Audit logs enable you to track every change within your environment for regulatory and compliance needs, and to identify the root cause of performance issues or failures.
+     - Use the Synthetics API to retrieve audit logs. These logs provide a detailed history of any changes made to Synthetics resources, such as tests, downtime configurations, TOTP tokens, private locations, and more. Audit logs enable you to track every change within your environment for regulatory and compliance needs, and to identify the root cause of performance issues or failures. See :new-page:`Synthetics audit API <https://dev.splunk.com/observability/reference/api/synthetics_audits/latest>` to learn more.
    * - Curated APM teams landing page updates
      - View your Splunk APM services, dashboards, top alerts, and the team members of every team you are part of from the teams landing page. Preview potential teams by selecting :guilabel:`View all teams` to join teams you're not yet a member of. See :ref:`admin-configure-page` to learn more.
    * - Guided setup updates for getting GCP data in

rum/rum-session-replay.rst

@@ -40,8 +40,8 @@ This example shows the order in which to initialize the scripts:
 
 .. code-block:: html
 
-    <script src="https://cdn.signalfx.com/o11y-gdi-rum/latest/splunk-otel-web.js" crossorigin="anonymous"></script>
-    <script src="https://cdn.signalfx.com/o11y-gdi-rum/latest/splunk-otel-web-session-recorder.js" crossorigin="anonymous"></script>
+    <script src="https://cdn.signalfx.com/o11y-gdi-rum/latest/splunk-otel-web.js" crossOrigin="anonymous"></script>
+    <script src="https://cdn.signalfx.com/o11y-gdi-rum/latest/splunk-otel-web-session-recorder.js" crossOrigin="anonymous"></script>
     <script>
     SplunkRum.init({
         realm: '<realm>',
@@ -63,7 +63,7 @@ Initialize this code snippet to set up session replay through Splunk CDN.
 
 .. code-block:: html
 
-    <script src="https://cdn.signalfx.com/o11y-gdi-rum/latest/splunk-otel-web-session-recorder.js" crossorigin="anonymous"></script>
+    <script src="https://cdn.signalfx.com/o11y-gdi-rum/latest/splunk-otel-web-session-recorder.js" crossOrigin="anonymous"></script>
     <script>
     SplunkSessionRecorder.init({
         realm: '<realm>',
@@ -82,7 +82,7 @@ Self-hosted
 
    .. code-block:: html
 
-      <script src="<your-self-hosted-path>/splunk-otel-web-session-recorder.js" crossorigin="anonymous"></script>
+      <script src="<your-self-hosted-path>/splunk-otel-web-session-recorder.js" crossOrigin="anonymous"></script>
 
 
 To avoid gaps in your data, load and initialize the Splunk JavaScript Agent asynchronously and as early as possible.

splunkplatform/centralized-rbac.rst

@@ -9,7 +9,7 @@ Centralized user and role management
 .. meta::
    :description: This page describes how Splunk Cloud Platform admins can manage Splunk Observability Cloud roles from Splunk Cloud Platform.
 
-Administrators can now centrally manage users and roles for both Splunk Cloud Platform and Splunk Observability Cloud in Splunk Cloud Platform. Splunk Cloud Platform becomes the role based access control (RBAC) store for Splunk Observability Cloud. 
+Administrators can centrally manage users and roles for both Splunk Cloud Platform and Splunk Observability Cloud in Splunk Cloud Platform. Splunk Cloud Platform becomes the role based access control (RBAC) store for Splunk Observability Cloud. 
 
 Who can access centralized user and role management?
 =================================================================================================

splunkplatform/unified-id/unified-identity.rst

@@ -222,6 +222,14 @@ To add a new user to Splunk Observability Cloud after the integration is complet
 
 The user can now log in to Splunk Observability Cloud with their Splunk Cloud Platform permissions.
 
+.. uid-central-rbac:
+
+Centralized user and role management
+------------------------------------------------------------------------------------------
+Administrators of organizations that have Splunk Cloud Platform and Splunk Observability Cloud can centrally manage users and roles for both in Splunk Cloud Platform. Splunk Cloud Platform becomes the role based access control (RBAC) store for Splunk Observability Cloud. 
+
+All customers who have Unified Identity can access centralized user and role management in Splunk Cloud Platform. For more information, see :ref:`centralized-rbac`.
+
 
 After initial user provisioning
 -------------------------------------------------------------------------------------------
@@ -260,6 +268,8 @@ Contact your Splunk Cloud Platform administrator if you receive the following :s
 
 Users receive this error message if their Splunk Cloud Platform administrator did not give them the custom role ``o11y_access``. The ``o11y_access`` role is required to access Splunk Observability Cloud.
 
+If you set up centralized user and role access, make sure to assign the ``o11y_access`` role to all roles that should access Splunk Observability Cloud, not just the user role.
+
 
 Working in Splunk Observability Cloud after the integration
 ==========================================================================================

synthetics/set-up-synthetics/set-up-synthetics.rst

@@ -111,7 +111,7 @@ After you choose which type of test you want to use, follow these steps to set u
 Get audit logs
 ============================================================
 
-Use the Synthetics API to retrieve audit logs. These logs provide a detailed history of any changes made to Synthetics resources, such as tests, downtime configurations, TOTP tokens, private locations, and more. Audit logs enable you to track every change within your environment for regulatory and compliance needs and to identify the root cause of performance issues or failures. 
+Use the :new-page:`Synthetics audit API <https://dev.splunk.com/observability/reference/api/synthetics_audits/latest>` to retrieve audit logs. These logs provide a detailed history of any changes made to Synthetics resources, such as tests, downtime configurations, TOTP tokens, private locations, and more. Audit logs enable you to track every change within your environment for regulatory and compliance needs and to identify the root cause of performance issues or failures.