Merge branch 'main' into patch-2

Author: mbechtold-splunk

_images/apm/spans-traces/service-map-updated-view.png

@@ -21,17 +21,6 @@ Examine logs to make sure that the operator and cert manager are working.
       * ``kubectl logs -l app=cainjector``
       * ``kubectl logs -l app=webhook``
 
-Resolve certificate manager issues
-----------------------------------------
-
-A hanging operator can indicate issues with the certificate manager.
-
-* Check the logs of your cert-manager pods.
-* Restart the cert-manager pods.
-* Ensure that your cluster has only one instance of cert-manager. This includes ``certmanager``, ``certmanager-cainjector``, and ``certmanager-webhook``.
-
-See the official cert manager troubleshooting guide for more information: :new-page:`https://cert-manager.io/docs/troubleshooting/`.
-
 Validate certificates
 ---------------------------
 

_images/apm/spans-traces/service-view-errors.png

@@ -8,7 +8,13 @@
 
 2. In the content control bar, enter a time range in the time picker if you want to see logs from a specific historical period. To select a time range, you must select :guilabel:`Unlimited` from the :guilabel:`Search Records` field in step 5 below. When you select :guilabel:`150,000`, Log Observer returns only the most recent 150,000 logs regardless of the time range you select.
 
-3. Select :guilabel:`Index` next to :guilabel:`Saved Queries`, then select the indexes you want to query. When you do not select an index, Log Observer runs your query on all indexes to which you have access. If you want to search your Splunk platform (Splunk Cloud Platform or Splunk Enterprise) data, select the integration for the appropriate Splunk platform instance first, then select which index you want to query in Log Observer. You can query indexes from only one Splunk platform instance or Splunk Observability Cloud instance at a time. You can query Splunk platform indexes only if you have the appropriate role and permissions. 
+3. Select :guilabel:`Index` next to :guilabel:`Saved Queries`. In the pop-up window, first select a Splunk platform (Splunk Cloud Platform or Splunk Enterprise) connection in the :guilabel:`Connection selection` section. Then, in the :guilabel:`Index selection` section, select which index you want to query in Log Observer Connect. 
+
+   .. image:: /_images/logs/indexSelection.png
+            :width: 90%
+            :alt: The Log Observer index selection pop-up is displayed.
+
+.. note:: You can query indexes from only one Splunk platform instance at a time. You can query Splunk platform indexes only if you have the appropriate role and permissions in Splunk platform. 
 
 4. In the content control bar next to the index picker, select :guilabel:`Add Filter`. Select the :guilabel:`Keyword` tab to search on a keyword or phrase. Select the :guilabel:`Fields` tab to search on a field. Then press Enter. To continue adding keywords or fields to the search, select :guilabel:`Add Filter` again.
 
@@ -18,9 +24,11 @@
 
 7. Select :guilabel:`Run search`.
 
-8. Review the top values for your query on the the :guilabel:`Fields` panel on right. This list includes the count of each value in the log records. To include log records with a particular value, select the field name, then select ``=``. To exclude log records with a particular value from your results, select the field name, then select ``!=``. To see the full list of values and distribution for this field, select :guilabel:`Explore all values`.
+8. [Optional] If you want to stop the current search, select :guilabel:`Cancel search`. Partial results do  not display. To continue your search, select :guilabel:`Run search` again.
+
+9. Review the top values for your query on the the :guilabel:`Fields` panel on right. This list includes the count of each value in the log records. To include log records with a particular value, select the field name, then select ``=``. To exclude log records with a particular value from your results, select the field name, then select ``!=``. To see the full list of values and distribution for this field, select :guilabel:`Explore all values`.
 
-9. Optionally, if you are viewing Splunk platform data, you can open your query results in the Splunk platform and use SPL to further query the resulting logs. You must have an account in Splunk platform. To open the log results in the Splunk platform, select the :guilabel:`Open in Splunk platform` icon at the top of the Logs table. 
+10. [Optional] If you are viewing Splunk platform data, you can open your query results in the Splunk platform and use SPL to further query the resulting logs. You must have an account in Splunk platform. To open the log results in the Splunk platform, select the :guilabel:`Open in Splunk platform` icon at the top of the Logs table. 
 
    .. image:: /_images/logs/lo-openinsplunk.png
          :width: 90%

_images/logs/indexSelection.png

@@ -1,8 +1,10 @@
 The Collector supports the following Linux distributions and versions:
 
 * Amazon Linux: 2, 2023. Log collection with Fluentd is not currently supported for Amazon Linux 2023.
-* CentOS, Red Hat, or Oracle: 7, 8, 9
-* Debian: 9, 10, 11
+* CentOS: 7, 8, 9
+* Red Hat: 7, 8, 9
+* Oracle: 8, 9
+* Debian: 11, 12
 * SUSE: 12, 15 for version 0.34.0 or higher. Log collection with Fluentd is not currently supported.
 * Ubuntu: 16.04, 18.04, 20.04, 22.04, and 24.04
 * Rocky Linux: 8, 9

_images/synthetics/auth-basic-html-steps.png

@@ -75,6 +75,26 @@ Give your login service integration a name that your users recognize. On your cu
 this name appears in the button your users select to sign in. For example, use the name "Log in with Okta"
 for an Okta login service integration.
 
+.. _default-sso-role:
+
+.. raw:: html
+
+  <embed>
+    <h2>Set up default SSO role</h2>
+  </embed>
+
+
+When you set up SSO, the default role for a user signing in to Splunk Observability Cloud through SSO is the :guilabel:`power` role. You can change the default SSO role to any of the available roles in Splunk Observability Cloud. These are :guilabel:`admin`, :guilabel:`power`, :guilabel:`usage`, and :guilabel:`read_only`. To learn more about roles, see :ref:`roles-and-capabilities`. 
+
+.. note:: Changing the default SSO role affects only new SSO users. If a user already has an existing role defined by the previous default SSO role, you must change it manually. To change a user's role, see :ref:`assign-role-existing`.
+
+To change the default SSO role, do the following:
+
+1. Go to :guilabel:`Settings` then select :guilabel:`General Settings`.
+
+2. In the :guilabel:`User Management` section, set a default role for SSO login by selecting a role from the drop-down list. The drop-down list defaults to the :guilabel:`power` role. The role you select becomes the role of any new user logging in through an SSO service. You can return to :guilabel:`General Settings` and update the default role for SSO login at any time.
+
+
 .. _multiple-integrations-sso:
 
 .. raw:: html

_images/synthetics/synthetics-browser-test-excluded-files.png

@@ -72,6 +72,9 @@ Main system limits
    * - :ref:`number-of-input-mts-per-job`
      - 250,000
 
+.. note:: In most cases, you should use the default system limits. To adjust the limit values for your org, contact Splunk Observability Cloud Support. See :ref:`support`.
+
+
 .. _charts-detectors-and-signalflow-limits:
 
 Charts, detectors, and SignalFlow limits