Merge pull request #1804 from splunk/urbiz-OD6094-cloud-logs

[6094]: Clean up logs in Cloud docs

Author: aurbiztondo-splunk

gdi/get-data-in/connect/aws/aws-logs.rst

@@ -8,7 +8,7 @@ Troubleshoot your AWS connection
    :description: Resolve AWS policy and permissions conflicts in Splunk Observability Cloud.
 
 
-If you experience issues when connecting Splunk Observability Cloud to your Amazon Web Services (AWS) account, they might be caused by conflicts between policies and permissions. See :ref:`aws-ts-logs` for specific log troubleshooting and :ref:`aws-ts-metric-streams` for issues specific to Metric Streams.   
+If you experience issues when connecting Splunk Observability Cloud to your Amazon Web Services (AWS) account, they might be caused by conflicts between policies and permissions. See :ref:`aws-ts-metric-streams` for issues specific to Metric Streams.   
 
 .. caution:: Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account. 
 

gdi/get-data-in/connect/aws/aws-troubleshooting.rst

@@ -11,7 +11,7 @@ See the following topics when experiencing Metric Streams issues from AWS.
 
 .. note::
 
-  See also :ref:`aws-troubleshooting` and :ref:`aws-ts-logs`.
+  See also :ref:`aws-troubleshooting`.
 
 I've enabled Metric Streams in my AWS integration but I do not see any metrics streaming in
 ==================================================================================================

gdi/get-data-in/connect/aws/aws-ts-logs.rst

@@ -17,12 +17,11 @@ Connect AWS to Splunk Observability Cloud
   Connect Metric Streams from the AWS console <aws-console-ms>  
   Connect to AWS using the Splunk API <aws-apiconfig>  
   Connect to AWS with Terraform <aws-terraformconfig>
-  Collect logs from AWS <aws-logs>
+  Send AWS logs to Splunk Platform <aws-logs>
   CloudFormation templates <aws-cloudformation>
   Next steps <aws-post-install>
   Troubleshoot your AWS connection <aws-troubleshooting>
   Troubleshoot Metric Streams <aws-ts-metric-streams>
-  Troubleshoot logs <aws-ts-logs>
   GetMetricStatistics API deprecation notice <aws-api-notice>
 
 You have several data ingestion and connection methods when it comes to monitoring your Amazon Web Services (AWS) data in Splunk Observability Cloud. 

gdi/get-data-in/connect/aws/aws-ts-metric-streams.rst

@@ -1,121 +1,16 @@
-
 .. _ingest-azure-log-data:
+.. _azure-logs:
 
 *********************************************
-Send Azure logs to Splunk Log Observer
+Send Azure logs to Splunk Platform
 *********************************************
 
 .. meta::
-   :description: Learn how to send logs from your Azure services to Splunk Observability Cloud and Splunk Log Observer using Azure Event Hub.
-
-.. caution:: 
-
-   Splunk Log Observer is no longer available for new users. If you have a Log Observer entitlement, you must transition to Splunk Cloud Platform or Splunk Enterprise. Read more at :ref:`lo-transition`.
-
-   You can also use the Data Manager to send Azure logs to Splunk Platform. Learn how at :new-page:`Onboarding for Azure data in Data Manager <https://docs.splunk.com/Documentation/DM/1.8.2/User/StartConfigurationAzureAD>`.
-
-You can send logs from Azure to Splunk Log Observer by deploying a function that prepares and sends log data to the Splunk HTTP Event Collector (HEC) endpoint. To get started, follow these instructions.
-
-Prerequisites
-=================================================
-
-To send logs from Azure to Splunk Observability Cloud, you need the following:
-
-- Access to Log Observer in Splunk Observability Cloud. See :ref:`logs-logs`.
-- An ingest token in your organization. See :ref:`admin-org-tokens`.
-- An Event Hub namespace in Azure to use for logs forwarding. See Event Hub in the Azure documentation.
-
-Create an event hub in Azure
-=================================================
-
-Azure uses diagnostic settings to send data to Event Hubs. Each resource you want to monitor must have a diagnostic setting. Follow these steps to configure an event hub for each use case:
-
-#. In Azure, go to :guilabel:`Event Hubs` and select :guilabel:`Create`.
-
-#. Select your Event Hub namespace.
-
-#. Set the name of the event hub to one of the following values depending on which logs you want to forward:
-
-   .. tabs::
-
-      .. tab:: Activity logs
-
-         Event Hub name: ``insights-activity-logs``
-
-         .. note:: If you set a different hub name, update the function application settings to use the right name.
-
-      .. tab:: Microsoft Entra ID logs (formerly Azure Active Directory)
-
-         Event Hub name: ``insights-logs-aad``
-
-         .. note:: If you set a different hub name, update the function application settings to use the right name.
-
-      .. tab:: Diagnostics logs
-
-         Event Hub name: ``insights-logs-diag``
-
-         .. note:: If you set a different hub name, update the function application settings to use the right name.
-
-      .. tab:: Metrics data
-
-         Event Hub name: ``insights-metrics-pt1m``
-
-         .. note:: If you set a different hub name, update the function application settings to use the right name.
-
-#. Set the number of partitions. Use at least 4 partitions.
-
-#. Select :guilabel:`Create`.
-
-Configure diagnostic settings to send logs
-===================================================
-
-After you've created the event hub, follow these steps to activate diagnostic settings:
-
-#. In Azure, select the resource.
-
-#. Select :guilabel:`Monitoring`, then :guilabel:` Diagnostic settings`.
-
-#. Create a new setting or edit an existing setting.
-
-#. Select the events you want to log.
-
-#. Select :guilabel:`Stream to an event hub` and select the event hub you've created.
-
-#. Select :guilabel:`Save`.
-
-Set up the forwarding function in Azure
-==================================================
-
-To deploy the Azure function, click the following button:
-
-.. raw:: html
-
-   <a href="https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fsplunk%2Fazure-functions-splunk%2Fmaster%2Fevent-hubs-hec%2Fdeploy%2FazureDeploy.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2Fsplunk%2Fazure-functions-splunk%2Fmaster%2Fevent-hubs-hec%2Fdeploy%2FazureDeploy.portal.json" target="_blank"><img src="https://aka.ms/deploytoazurebutton"/></a>
-
-In the :guilabel:`Function App Settings` section, enter the following details:
-
-.. list-table::
-   :header-rows: 1
-   :widths: 40, 60
-   :width: 100%
-
-   * - Setting
-     - Value
-   * - Event Hub Namespace
-     - The namespace that contains the event hub you've created.
-   * - Splunk HEC Endpoint
-     - ``https://ingest.<realm>.signalfx.com/v1/log`` where ``<realm>`` is your Splunk Observability Cloud realm. See :ref:`splunk-hec-exporter` for more information.
-   * - Splunk HEC Token
-     - Your Splunk Observability Cloud ingest token. See :ref:`admin-org-tokens`.
-
-.. include:: /_includes/realm-note.rst
+   :description: Learn how to send logs from your Azure services to Splunk.
 
-Security considerations
-===================================================
+Log collection is not available in Splunk Observability Cloud. 
 
-Azure encrypts settings by default. For increased security, you can transfer one or more of settings to a Key Vault. See the Key Vault documentation in the Azure docs for more information.
+Instead, you can use the Data Manager to send your Azure logs to Splunk Platform. Learn how at :new-page:`Onboarding for Azure data in Data Manager <https://docs.splunk.com/Documentation/DM/1.8.2/User/StartConfigurationAzureAD>`. To query logs, use Log Observer Connect. See more at :ref:`logs-intro-logconnect`.
 
-Additional resources
-==================================================
+If you have a Log Observer entitlement, you must transition to Splunk Cloud Platform or Splunk Enterprise. Read more at :ref:`lo-transition`.
 
-For examples and additional information, see :new-page:`https://github.com/splunk/azure-functions-splunk/tree/master/event-hubs-hec <https://github.com/splunk/azure-functions-splunk/tree/master/event-hubs-hec>` on GitHub.

gdi/get-data-in/connect/aws/get-awstoc.rst

@@ -11,7 +11,7 @@ Connect to Azure and send data to Splunk Observability Cloud
   :hidden:
 
   Azure metrics <azure-metrics>
-  Azure logs <azure-logs-ingestion>
+  Send Azure logs to Splunk Platform <azure-logs-ingestion>
 
 Splunk Observability Cloud provides an integration with Microsoft Azure, lets you travel through Azure entities, and includes built-in dashboards to help you monitor Azure services. 
 

gdi/get-data-in/connect/azure/azure-logs-ingestion.rst

@@ -2,43 +2,17 @@
 .. _ingest-gcp-log-data:
 
 ********************************************************
-Ingest Google Cloud Platform log data
+Send GCP logs to Splunk Platform
 ********************************************************
 
 .. meta::
-   :description: Send Google Could Platform / GCP logs to Splunk Observability Cloud.
+   :description: Send Google Could Platform / GCP logs to Splunk.
 
-.. toctree::
-   :hidden:
+Log collection is not available in Splunk Observability Cloud. 
 
-.. caution:: 
+Instead, you can use the Data Manager to send your GCP logs to Splunk Platform. Learn how at :new-page:`Onboard GCP in Data Manager <https://docs.splunk.com/Documentation/DM/1.8.2/User/GCPAbout>`. To query logs, use Log Observer Connect. See more at :ref:`logs-intro-logconnect`.
 
-   Splunk Log Observer is no longer available for new users. If you have a Log Observer entitlement, you must transition to Splunk Cloud Platform or Splunk Enterprise. Read more at :ref:`lo-transition`.
+If you have a Log Observer entitlement, you must transition to Splunk Cloud Platform or Splunk Enterprise. Read more at :ref:`lo-transition`.
 
-   You can also use the Data Manager to send GCP logs to Splunk Platform. Learn how at :new-page:`Onboard GCP in Data Manager <https://docs.splunk.com/Documentation/DM/1.8.2/User/GCPAbout>`.
-
-To send GCP logging data to Splunk Observability Cloud's Log Observer, create a Pub/Sub subscription and use the :new-page:`Pub/Sub to Splunk Dataflow template <https://cloud.google.com/dataflow/docs/guides/templates/provided-streaming#cloudpubsubtosplunk>` to create a Dataflow job. The Dataflow job takes messages from the Pub/Sub subscription, converts payloads into Splunk HTTP Event Collector (HEC) event format, and forwards them to Splunk Observability Cloud, where the whole event (JSON payload and its information) is ingested.    
-
-Splunk Observability Cloud only supports push-based GCP log export. To learn more, see :new-page:`Scenarios for exporting Cloud Logging data: Splunk <https://cloud.google.com/architecture/exporting-stackdriver-logging-for-splunk>`. 
-
-Ingest logs from GCP
-=================================================
-
-To send GCP logs to Splunk Observability Cloud:
-
-#. Use the example ``gcloud`` command provided in :new-page:`Option A: Stream logs using Pub/Sub to Splunk Dataflow <https://cloud.google.com/architecture/exporting-stackdriver-logging-for-splunk#deploy_splunk_dataflow_template>`.
-
-#. Apply the with the following changes:
-
-   - Change the token in the sample syntax (``token=your-splunk-hec-token``) to a Splunk Observability Cloud organization access token with ingest permission. For more information about organization access tokens, see :ref:`admin-org-tokens`.
-
-   - Change the URL in the sample syntax (``url=your-splunk-hec-url``) to point to the real-time log data ingest endpoint for Splunk Observability Cloud: ``https://ingest.{REALM}.signalfx.com/v1/log``.
-
-Manage delivery failures
-------------------------------------------------
-
-Any response code that is not 2xx, including throttling, indicates a message delivery failure. 
-
-If message delivery fails, see how to handle delivery failures of log exports to Splunk using Dataflow at :new-page:`GCP documentation <https://cloud.google.com/architecture/deploying-production-ready-log-exports-to-splunk-using-dataflow#replay_failed_messages>`.
 
 

gdi/get-data-in/connect/azure/azure.rst

@@ -11,7 +11,7 @@ Connect to Google Cloud Platform
    :hidden:
 
    GCP metrics <gcp-metrics>
-   GCP logs <gcp-logs>   
+   Send GCP logs to Splunk Platform <gcp-logs>   
 
 With a Google Cloud Platform (GCP) integration in Splunk Observability Cloud, you can track your Google Cloud Monitoring metrics and monitor your GCP services in one place. To configure a GCP integration with Splunk Infrastructure Monitoring, check the prerequisites and follow the instructions on this document. You can also :ref:`use the API <gcp-api>` to connect to GCP.