You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 2, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: gdi/get-data-in/connect/aws/aws-logs.rst
+3-27Lines changed: 3 additions & 27 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,40 +5,16 @@ Collect logs from your AWS services
5
5
****************************************
6
6
7
7
.. meta::
8
-
:description: Collect logs from your AWS services in Splunk Observability Cloud.
8
+
:description: Collect logs from your AWS services in Splunk.
9
9
10
-
.. caution::
11
-
12
-
Splunk Log Observer is no longer available for new users. If you have a Log Observer entitlement, you must transition to Splunk Cloud Platform or Splunk Enterprise. Read more at :ref:`lo-transition`.
13
-
14
-
You can also use the Data Manager to send AWS logs to Splunk Platform. Learn how at :new-page:`Onboard AWS in Data Manager <https://docs.splunk.com/Documentation/DM/1.8.2/User/AWSAbout>`.
15
-
16
-
When setting up an AWS connection, you can choose to import logs from a Cloudwatch log group or an S3 bucket.
10
+
Log collection is not available in Splunk Observability Cloud. Instead, you can use the Data Manager to send AWS logs to Splunk Platform. Learn how at :new-page:`Onboard AWS in Data Manager <https://docs.splunk.com/Documentation/DM/1.8.2/User/AWSAbout>`. If you have a Log Observer entitlement, you must transition to Splunk Cloud Platform or Splunk Enterprise. Read more at :ref:`lo-transition`.
17
11
18
-
To set up log collection, follow these steps:
19
-
20
-
1. Open the link to a :ref:`CloudFormation template <aws-cloudformation>`.
21
-
2. Adjust the settings.
22
-
3. Deploy the template to create ``splunk-aws-logs-collector``, an AWS Lambda function used to transform log entries, enrich them with metadata, and send them to Splunk Observability Cloud.
12
+
To query logs, use Log Observer Connect. See more at :ref:`logs-intro-logconnect`.
23
13
24
14
.. note::
25
15
26
16
If you experience any issues getting logs from AWS, see :ref:`aws-ts-logs`.
27
17
28
-
How does log collection work?
29
-
============================================
30
-
31
-
The Splunk Observability Cloud back end runs a periodic job which goes through CloudWatch log groups and services in your account. This job adds the appropriate subscriptions and notifications to trigger the ``splunk-aws-logs-collector`` function.
32
-
33
-
Splunk Observability Cloud adds subscription filters to log groups for the selected services in the integration, or for all of the supported services when none is selected. For instance, if you select ``AWS/Lambda`` in the integration, Splunk Observability Cloud will add subscription filters to ``/aws/lambda/*`` log groups only. Splunk Observability Cloud doesn't capture logs from all CloudWatch log groups.
34
-
35
-
Managing subscriptions
36
-
-----------------------------------
37
-
38
-
Subscriptions are managed every 5 minutes, which is not configurable at the moment. If you decide to turn off the integration or a particular service, the job will attempt to remove those subscriptions.
39
-
40
-
If a new log group is created for a service in the integration, Splunk Observability Cloud adds a subscription filter to this newly created log group. Afterwards, whenever new log events are added to the log group, AWS triggers ``splunk-aws-logs-collector`` lambda automatically in near real time.
Copy file name to clipboardExpand all lines: logs/lo-transition.rst
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ Splunk Log Observer transition
9
9
:description: Discover how you can transition from Splunk Log Observer to Splunk Log Observer Connect where you can ingest more logs from a wider variety of data sources, use a more advanced logs pipeline, and expand into security logging by the January 2024 deadline.
10
10
11
11
12
-
All Splunk Log Observer customers, who are sending log data to Splunk Observability cloud today, must transition to using Splunk Cloud Platform or Splunk Enterprise as the central platform for logs by the end of December 2023. Splunk Observability Cloud will continue to support Log Observer functionality and user experience with Splunk Log Observer Connect as a bridge between Splunk Observability Cloud and Splunk Cloud Platform. Transitioning to the Splunk platform, whether it is Splunk Cloud Platform or Splunk Enterprise, as the back-end for log storage does not impact your ability to use Splunk Observability Cloud to correlate logs, metrics, and traces.
12
+
All Splunk Log Observer customers, who are sending log data to Splunk Observability cloud today, must transition to using Splunk Cloud Platform or Splunk Enterprise as the central platform for logs by the end of December 2023. Splunk Observability Cloud will continue to support Log Observer functionality and user experience with Splunk Log Observer Connect as a bridge between Splunk Observability Cloud and Splunk Cloud Platform. Transitioning to the Splunk platform, whether it is Splunk Cloud Platform or Splunk Enterprise, as the back-end for log storage does not impact your ability to use Splunk Observability Cloud to correlate logs, metrics, and traces.
13
13
14
14
Using the Splunk platform allows you to ingest more logs from a wider variety of data sources, use a more advanced logs pipeline, and use logging for security use cases.
0 commit comments