Merge branch 'main' into patch-4

Author: pellared

_images/logs/WorkloadMgmt.png

@@ -23,37 +23,17 @@ The automatic attempt to validate a connection that you just configured fails, s
 Cause
 ^^^^^^
 
-The connection might fail due to mismatched Identity Access Management (IAM) policies. To diagnose connection failure, check the permissions or policies you set up and compare them to the permissions that AWS requires.
+The connection might fail due to invalid Identity Access Management (IAM) policy used by your AWS integration.
 
-Verify whether your error message looks similar to this example:
-
-.. code-block:: none
-
-   Error validating AWS / Cloudwatch credentials
-   Validation failed for following region(s):
-   us-east-1
-   [ec2] software.amazon.awssdk.services.ec2.model.Ec2Exception: You are not authorized to perform this operation.
-
-If you receive a similar error message, then the IAM policy that you created to connect AWS to Splunk Observability Cloud does not match the policy already in your AWS account.
-
-Similarly, if your AWS account uses a service control policy (SCP) or administrative features such as ``PermissionsBoundary``, then there might be limits on which calls can be made in your organization, even if those calls are covered by your AWS IAM policy.
+If you use the AWS Organizations' :new-page:`Service control policies <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html>` or :new-page:`Permission boundaries for IAM entities <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html>`, they 
+might impact the AWS IAM policy you're using to connect to Splunk Observability Cloud. 
 
 Solution
 ^^^^^^^^^
 
-Splunk Observability Cloud uses the following calls to validate whether it can accept data from the AWS Compute Optimizer tool to support CloudWatch metric streams:
-
-.. code-block:: none
-
-   client.describeInstanceStatus(),
-   client.describeTags(),
-   client.describeReservedInstances(),
-   client.describeReservedInstancesModifications()
-   client.describeOrganization()
-
-To ensure that your AWS integration works as expected, revisit your configuration choices in Splunk Observability Cloud to verify that they match the permissions policy in your AWS management console. 
+Ensure all :ref:`aws-required-permissions` are included in your IAM policy.
 
-A match ensures that conflicting permissions do not cause your AWS environment to block integrations. See the "Amazon CloudWatch permissions reference" in the Amazon documentation for details about the available permissions.
+Also review the AWS Organizations' policies and boundaries you're using.
 
 .. _aws-ts-cloud:
 

gdi/get-data-in/connect/aws/aws-troubleshooting.rst

@@ -38,7 +38,7 @@ For example:
                 - key: k8s.pod.name
                   value: '^(podNameX)$'
       # Define the logs pipeline with the default values as well as your new processor component
-        service:
+      service:
         pipelines:
           logs:
             processors:

gdi/opentelemetry/collector-kubernetes/kubernetes-config-advanced.rst

@@ -84,7 +84,29 @@ To skip these steps and use configured repos on the target system that provide t
    curl -sSL https://dl.signalfx.com/splunk-otel-collector.sh > /tmp/splunk-otel-collector.sh && \
    sudo sh /tmp/splunk-otel-collector.sh --realm $SPLUNK_REALM --skip-collector-repo --skip-fluentd-repo \
     -- $SPLUNK_ACCESS_TOKEN
+
+.. _collector-linux-with-docker:
+
+Use the Collector in a host with Docker
+====================================================================
+
+If you're installing your Collector instance in a host with Docker, you need to configure a client to establish a connection with the daemon. Depending on your Docker installation and Collector deployment method, try one of these options:
+
+1. If your daemon is listening to a domain socket (for example ``/var/run/docker.sock``), your Collector service or executable needs appropriate permissions and access. Add the ``splunk-otel-collector`` user to the Docker group as configured on your system:
+
+  .. code-block:: bash
+
+    $ usermod -aG docker splunk-otel-collector
+
+2. When using the :new-page:`quay.io/signalfx/splunk-otel-collector <https://quay.io/repository/signalfx/splunk-otel-collector>` image, add the default container user to the required group as configured on your system, and the bind and mount the domain socket:
+
+  .. code-block:: bash
+
+    $ docker run -v /var/run/docker.sock:/var/run/docker.sock:ro --group-add $(stat -c '%g' /var/run/docker.sock) quay.io/signalfx/splunk-otel-collector:latest <...>
     
+    # or if specifying the user:group directly
+    $ docker run -v /var/run/docker.sock:/var/run/docker.sock:ro --user "splunk-otel-collector:$(stat -c '%g' /var/run/docker.sock)" quay.io/signalfx/splunk-otel-collector:latest <...>
+
 Collect logs for the Collector for Linux
 ====================================================================
 

gdi/opentelemetry/collector-linux/install-linux.rst

@@ -205,7 +205,26 @@ Process
      mute_process_io_error: <true|false>
      scrape_process_delay: <time>
 
-If you keep getting errors related to process reading, consider setting ``mute_process_name_error``, ``mute_process_exe_error``, or ``mute_process_io_error`` to ``true``.
+The following example demonstrates how to configure a process scraper that collects two metrics, in addition to the defaults, and uses a resource attribute to include the process owner in the collected data:
+
+.. code:: yaml
+
+   receivers:
+     hostmetrics:
+       scrapers:
+         process:
+           resource_attributes:
+             process.owner:
+               enabled: true
+           metrics:
+             process.memory.usage:
+               enabled: true
+             process.disk.io:
+               enabled: true
+
+For more information about enabling and disabling metrics and resource attributes using the process scraper, see :new-page:`hostmetricsreceiver/process <https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/hostmetricsreceiver/internal/scraper/processscraper/documentation.md>` in the OpenTelemetry documentation.
+
+If you continuously see errors related to process reading, consider setting ``mute_process_name_error``, ``mute_process_exe_error``, or ``mute_process_io_error`` to ``true``.
 
 Filtering
 ----------------------

gdi/opentelemetry/components/host-metrics-receiver.rst

@@ -101,19 +101,34 @@ In Splunk Cloud Platform, follow the instructions in the guided setup for the in
          :width: 100%
          :alt: The Create user page in Splunk Cloud Platform where you can assign a user to the service account role.
 
+
+8. Add a Workload Rule in Splunk Cloud Platform to limit Log Observer Connect searches to 5 minutes. This limit maintains a responsive experience for Log Observer users and reduces the chances that Log Observer Connect searches are queued. Follow the guidance in :new-page:`Create a Workload Rule in Splunk Web <https://docs.splunk.com/Documentation/SplunkCloud/9.2.2403/Admin/CreateWLMRules#Create_a_workload_rule_in_Splunk_Web>` and configure the rule as follows:
+
+   .. code-block:: none
+
+      Predicate: user=[your_Log_Observer_Connect_service-account_name] AND runtime>5m
+      Schedule: Always on
+      Action: Abort search
+
+   After creating the Workload Rule, it appears in Workload Management on the Workload Rules tab as follows:
+
+   .. image:: /_images/logs/WorkloadMgmt.png
+            :width: 90%
+            :alt: This screenshot shows the configuration of the Workload Rule limiting Log Observer Connect searches to 5 minutes.
+
 .. _download-certificate:
 
-8. Secure a connection to your Splunk Cloud Platform instance in Splunk Observability Cloud. See :ref:`logs-scp-prereqs` for more information on the IPs to allow.
+9. Secure a connection to your Splunk Cloud Platform instance in Splunk Observability Cloud. See :ref:`logs-scp-prereqs` for more information on the IPs to allow.
 
   * To get help from Splunk Support, :ref:`Submit a support ticket <support-ticket>`. 
 
   * To do it yourself, add your public IPv4 address to your Splunk Cloud Platform allow list by following instructions in :new-page:`Add subnets to IP allow lists <https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/ConfigureIPAllowList#Add_subnets_to_IP_allow_lists>`. 
 
-9. Go back to the Log Observer Connect guided setup and select :guilabel:`Next`. Enter your service account username, password, and Splunk platform URL ``https://<stackname>.splunkcloud.com:8089`` to complete the guided setup.
+10. Go back to the Log Observer Connect guided setup and select :guilabel:`Next`. Enter your service account username, password, and Splunk platform URL ``https://<stackname>.splunkcloud.com:8089`` to complete the guided setup.
 
-10.  Remove your IPv4 address from the IP allowlist that you added in step 8. If you are in a GCP environment, do not remove the additional GCP IP addresses that you added in step 8.
+11.  Remove your IPv4 address from the IP allowlist that you added in step 9. If you are in a GCP environment, do not remove the additional GCP IP addresses that you added in step 8.
 
-11.  Make sure to give each connection a unique name on the final page of the Log Observer Connect guided setup.
+12.  Make sure to give each connection a unique name on the final page of the Log Observer Connect guided setup.
 
    .. note:: Manage concurrent search limits using your current strategy in Splunk Cloud Platform. All searches initiated by Log Observer Connect users go through the service account you create in Splunk Cloud Platform. For each active Log Observer Connect user, four back-end searches occur when a user performs a search in Log Observer Connect. For example, if there are three users accessing Log Observer Connect at the same time, the service account for Log Observer Connect initiates approximately 12 searches in Splunk Cloud Platform.
 
@@ -122,7 +137,7 @@ In Splunk Cloud Platform, follow the instructions in the guided setup for the in
 Submit a support ticket
 ===================================================================
 
-If you were not able to independently secure a connection to your Splunk Cloud Platform instance in step 8 in the previous section, you may submit a support ticket from your Splunk Cloud Platform instance to do this on your behalf. Submit a ticket to Splunk Support to configure your Splunk Cloud Platform instance's IP allow list. Configuring your allow list properly opens your Splunk Cloud Platform instance management port to Log Observer Connect, which can then search your Splunk Cloud Platform instance log data. After Splunk Support prepares your Splunk Cloud Platform instance, you can securely create a connection to Log Observer Connect.
+If you were not able to independently secure a connection to your Splunk Cloud Platform instance in step 9 in the previous section, you may submit a support ticket from your Splunk Cloud Platform instance to do this on your behalf. Submit a ticket to Splunk Support to configure your Splunk Cloud Platform instance's IP allow list. Configuring your allow list properly opens your Splunk Cloud Platform instance management port to Log Observer Connect, which can then search your Splunk Cloud Platform instance log data. After Splunk Support prepares your Splunk Cloud Platform instance, you can securely create a connection to Log Observer Connect.
 
 To submit a support ticket, follow these steps:
 

logs/scp.rst

@@ -100,9 +100,23 @@ In your Splunk Enterprise search head, follow the instructions in the guided set
          :width: 100%
          :alt: This screenshot shows the Create user page in Splunk Enterprise where you can assign a user to the service account role.
 
-8. Obtain certificates for securing inter-Splunk communication. See :new-page:`Configure and install certificates in Splunk Enterprise for Splunk Log Observer Connect <https://quickdraw.splunk.com/redirect/?product=Observability&location=splunk.integration.third.party&version=current>` to learn how. Copy only the first certificate in the chain and paste it on the next page of the guided setup to securely connect Log Observer Connect and your Splunk Enterprise instance.
+8. Add a Workload Rule in Splunk Enterprise to limit Log Observer Connect searches to 5 minutes. This limit maintains a responsive experience for Log Observer users and reduces the chances that Log Observer Connect searches are queued. Follow the guidance in :new-page:`Create a Workload Rule in Splunk Web <https://docs.splunk.com/Documentation/SplunkCloud/9.2.2403/Admin/CreateWLMRules#Create_a_workload_rule_in_Splunk_Web>` and configure the rule as follows:
 
-9. Make sure to give each connection a unique name on the final page of the Log Observer Connect guided setup.
+   .. code-block:: none
+
+      Predicate: user=[your_Log_Observer_Connect_service-account_name] AND runtime>5m
+      Schedule: Always on
+      Action: Abort search
+
+   After creating the Workload Rule, it appears in Workload Management on the Workload Rules tab as follows:
+
+   .. image:: /_images/logs/WorkloadMgmt.png
+            :width: 90%
+            :alt: This screenshot shows the configuration of the Workload Rule limiting Log Observer Connect searches to 5 minutes.
+
+9. Obtain certificates for securing inter-Splunk communication. See :new-page:`Configure and install certificates in Splunk Enterprise for Splunk Log Observer Connect <https://quickdraw.splunk.com/redirect/?product=Observability&location=splunk.integration.third.party&version=current>` to learn how. Copy only the first certificate in the chain and paste it on the next page of the guided setup to securely connect Log Observer Connect and your Splunk Enterprise instance.
+
+10. Make sure to give each connection a unique name on the final page of the Log Observer Connect guided setup.
 
 .. note:: Manage concurrent search limits using your current strategy in Splunk Enterprise. All searches initiated by Log Observer Connect users go through the service account you create in Splunk Enterprise. For each active Log Observer Connect user, four back-end searches occur when a user performs a search in the Log Observer Connect UI. For example, if there are three concurrent users accessing the Log Observer Connect UI at the same time, the service account for Log Observer Connect initiates approximately 12 searches in Splunk Enterprise.