diff --git a/_images/infrastructure/rate-limiting-mua.png b/_images/infrastructure/rate-limiting-mua.png new file mode 100644 index 000000000..918736e9b Binary files /dev/null and b/_images/infrastructure/rate-limiting-mua.png differ diff --git a/_images/synthetics/auth-multifactor-totp-add-variable.png b/_images/synthetics/auth-multifactor-totp-add-variable.png new file mode 100644 index 000000000..b70247cdd Binary files /dev/null and b/_images/synthetics/auth-multifactor-totp-add-variable.png differ diff --git a/_images/synthetics/auth-multifactor-totp-fillinfield.png b/_images/synthetics/auth-multifactor-totp-fillinfield.png new file mode 100644 index 000000000..7906e1190 Binary files /dev/null and b/_images/synthetics/auth-multifactor-totp-fillinfield.png differ diff --git a/_images/synthetics/auth-multifactor-totp-trynow.png b/_images/synthetics/auth-multifactor-totp-trynow.png new file mode 100644 index 000000000..71ab2ef08 Binary files /dev/null and b/_images/synthetics/auth-multifactor-totp-trynow.png differ diff --git a/_includes/chart-mts-count.rst b/_includes/chart-mts-count.rst index 3ef40e5e0..8cfba8ff9 100644 --- a/_includes/chart-mts-count.rst +++ b/_includes/chart-mts-count.rst @@ -7,22 +7,21 @@ Maximum number of metric time series processed in a signal ***************************************************************** -To maximize responsiveness when processing incoming metric data, Splunk Observability Cloud limits the number of :term:`metric time series` (MTS) processed in a signal -(single plot line) on a chart or detector. If the total number of time series for the metric specified in your signal exceeds this limit, Splunk Observability Cloud displays -an orange border around the MTS number. This border notifies you that the processed data reflects only a subset of the time series in the data. +To maximize responsiveness when processing incoming metric data, Splunk Observability Cloud limits the number of :term:`metric time series` (MTS) processed in a signal (single plot line) on a chart, detector, or navigator. If the total number of time series for the metric specified in your signal exceeds this limit, Splunk Observability Cloud displays a message at the top of the chart, detector, or navigator. This message notifies you that the processed data reflects only a subset of the time series in the data. -To ensure that your charts and detectors are processing all the time series in the data, apply as many filters as necessary to make the MTS number less than the maximum. -You'll know you've succeeded when the orange outline around the MTS number and the message at the top of the chart or detector no longer appear. +To ensure that your charts, detectors, and navigators are processing all the time series in the data, apply as many filters as necessary to make the MTS number less than the maximum. You'll know you've succeeded when the message at the top of the chart, detector, or navigator no longer appears. -For example, suppose you want to display the sum of available disk capacity per availability zone. You might use ``df.complex.free`` as your signal, -then apply the Sum analytics function, grouped by availability zone. If you have a large number of disks, the number of MTS returned by this signal might +For example, suppose you want to display the sum of available disk capacity per availability zone. You might use ``df.complex.free`` as your signal, then apply the Sum analytics function, grouped by availability zone. If you have a large number of disks, the number of MTS returned by this signal might exceed the limit. To reduce the number of MTS, use filters and multiple plots instead of the group-by option in the Sum analytics function. +Use filters and multiple plots on charts and detectors +======================================================== + To use filters and multiple plots instead of the group-by option, follow these steps: #. Apply a filter for the plot that selects a single availability zone, then use the Sum analytic function without the group-by option. #. At the end of the plot row, select :guilabel:`Configure plot` to open :guilabel:`Visualization Options`, then select a color from :guilabel:`Plot Color`. -#. Clone the plot. To do this, open the :guilabel:`plot actions` menu at the end of the plot row in the :guilabel:`Plot Editor`, +#. Clone the plot. To do this, open the :guilabel:`Plot actions` menu at the end of the plot row in the :guilabel:`Plot Editor`, then select :menuselection:`Clone`. #. In the cloned plot, change the availability zone filter to select another availability zone, and change the :guilabel:`Plot Color` to give the cloned plot a color that's different from the original plot. @@ -31,3 +30,8 @@ To use filters and multiple plots instead of the group-by option, follow these s The result is one chart with a separate plot line for each availability zone. Each plot line has a distinct color. For more information on filtering, see :ref:`filter-signal`. + +Use filters on navigators +============================= + +To use filters on navigators, see :ref:`add-filter`. \ No newline at end of file diff --git a/admin/authentication/authentication-tokens/manage-usage.rst b/admin/authentication/authentication-tokens/manage-usage.rst index 46efa03da..ea1b5a988 100644 --- a/admin/authentication/authentication-tokens/manage-usage.rst +++ b/admin/authentication/authentication-tokens/manage-usage.rst @@ -24,8 +24,8 @@ send data to Infrastructure Monitoring. When a host uses the token to send data, Infrastructure Monitoring compares the token limits to all hosts' cumulative resource usage that use the token. When cumulative -resource usage exceeds the limit, Infrastructure Monitoring issues an alert and -stops ingesting data sent by hosts using the token. +resource usage exceeds the limit, Infrastructure Monitoring issues an alert but continues +ingesting data for some time. If this continued ingestion causes a system overage, contact Support. See :ref:`support`. Because the limits for one access token don't affect limits for other access tokens, you can set different limits for different types of hosts. For example, set high diff --git a/gdi/get-data-in/application/nodejs/get-started.rst b/gdi/get-data-in/application/nodejs/get-started.rst index 89c119cd1..7738fc566 100644 --- a/gdi/get-data-in/application/nodejs/get-started.rst +++ b/gdi/get-data-in/application/nodejs/get-started.rst @@ -17,7 +17,7 @@ Instrument Node.js applications for Splunk Observability Cloud Manual instrumentation Configure the Node.js agent Performance overhead - Version 2.X + Version 2.X (deprecated) Splunk OTel JS 3.0 breaking changes Troubleshoot the Node.js agent About Splunk OTel JS diff --git a/gdi/get-data-in/application/nodejs/version-2x/get-started.rst b/gdi/get-data-in/application/nodejs/version-2x/get-started.rst index 19c00695e..c23b72e4b 100644 --- a/gdi/get-data-in/application/nodejs/version-2x/get-started.rst +++ b/gdi/get-data-in/application/nodejs/version-2x/get-started.rst @@ -21,7 +21,11 @@ Instrument Node.js applications for Splunk Observability Cloud About Splunk OTel JS Migrate from the SFx Tracing Library -.. note:: The Splunk OpenTelemetry JS version 3.0 contains a set of breaking changes. To view these changes and learn how to update to version 3.0, see :ref:`nodejs-3x-breaking-changes`. +.. caution:: + + The Splunk Distribution of OpenTelemetry JS version 2.X is deprecated as of February 28, 2025 and will reach end of support on February 28, 2026. Until then, only critical security fixes and bug fixes will be provided. + + New customers should use the Splunk OpenTelemetry JS agent version 3.0. Existing customers should consider migrating to Splunk OpenTelemetry JS 3.0 or higher. See :ref:`nodejs-3x-breaking-changes`. The Splunk Distribution of OpenTelemetry JS provides a Node.js SDK that automatically adds APM instrumentation to your Node.js application. The instrumentation captures traces, runtime metrics, and CPU and memory profiles and sends them to Splunk Observability Cloud. diff --git a/gdi/get-data-in/application/python/instrumentation/instrument-python-application.rst b/gdi/get-data-in/application/python/instrumentation/instrument-python-application.rst index 4041f018f..21b776662 100644 --- a/gdi/get-data-in/application/python/instrumentation/instrument-python-application.rst +++ b/gdi/get-data-in/application/python/instrumentation/instrument-python-application.rst @@ -74,7 +74,7 @@ Follow these steps to automatically instrument your application using the Python .. code-block:: bash - opentelemetry-bootstrap + opentelemetry-bootstrap -a install To print the instrumentation packages to the console instead of installing them, run ``opentelemetry-bootstrap --action=requirements``. You can then add the output to your requirements or Pipfile. diff --git a/gdi/get-data-in/application/python/migration-guide.rst b/gdi/get-data-in/application/python/migration-guide.rst index 28a1d970b..87b9b50e6 100644 --- a/gdi/get-data-in/application/python/migration-guide.rst +++ b/gdi/get-data-in/application/python/migration-guide.rst @@ -60,7 +60,7 @@ See the following table for a list of changes: - Activates the Splunk OpenTelemetry Python agent and sends traces and metrics to Splunk Observability Cloud. * - ``splunk-py-trace-bootstrap``, ``splk-py-trace-bootstrap`` - ``opentelemetry-bootstrap`` - - Installs instrumentation libraries and dependencies for Splunk OpenTelemetry Python. + - Lists instrumentation libraries and dependencies for Splunk OpenTelemetry Python. To install the libraries and dependencies, use ``opentelemetry-bootstrap -a install``. .. _python-2.x-new-functions: diff --git a/gdi/get-data-in/application/python/version1x/get-started-1x.rst b/gdi/get-data-in/application/python/version1x/get-started-1x.rst index e86429c4e..35c8d2915 100644 --- a/gdi/get-data-in/application/python/version1x/get-started-1x.rst +++ b/gdi/get-data-in/application/python/version1x/get-started-1x.rst @@ -15,6 +15,12 @@ Instrument Python applications for Splunk Observability Cloud Configure the Python agent Metrics and attributes +.. note:: + + The Splunk Distribution of OpenTelemetry Python version 1.X is deprecated as of February 28, 2025 and will reach end of support on February 28, 2026. Until then, only critical security fixes and bug fixes will be provided. + + New customers should use the Splunk OpenTelemetry Python agent version 2.0. Existing customers should consider migrating to Splunk OpenTelemetry Python 2.0 or higher. See :ref:`python-migration-guide`. + The Splunk Distribution of OpenTelemetry Python provides a Python agent that automatically adds APM instrumentation to your Python application. The instrumentation captures distributed traces and metrics and sends them to Splunk Observability Cloud. To instrument your Python application, follow these steps: diff --git a/get-started/o11y-ai.rst b/get-started/o11y-ai.rst index 454df9e59..95478e949 100644 --- a/get-started/o11y-ai.rst +++ b/get-started/o11y-ai.rst @@ -102,11 +102,7 @@ Chatid is the unique identifier for each conversation in AI Assistant in Observa

Data sharing and use

-When you interact with AI Assistant in Observability Cloud, Splunk collects and might use inputs, outputs, grounding data, feedback, and usage data to provide and maintain the the AI Assistant, comply with applicable law, enforce our policies, and develop and improve the AI Assistant in Observability, including to train AI models. - -If you do not want your data used for these purposes, do not click on the button and do not install, download, access, or otherwise use AI Assistant in Observability. - -The following table explains the categories of data the AI Assistant collects: +The following table explains the categories of data that the AI Assistant uses, collects, or generates: .. list-table:: :header-rows: 1 @@ -125,13 +121,21 @@ The following table explains the categories of data the AI Assistant collects: * - Usage data - Usage data is more fully described in the Splunk Privacy Statement. Examples include “thumbs up”, “thumbs down”, “chat id”, “copy”, “tokens used”, and “response length”. -You can activate and deactivate data sharing by going to :guilabel:`Settings`. On the General Organization Settings page, go to the AI Assistant Management section. Select or deselect :guilabel:`AI Assistant in Observability` to activate or deactivate the AI Assistant for your organization. +When you use the AI Assistant, Splunk relies on certain essential types of data to provide the service and to enforce compliance with Splunk policy and applicable law; this includes user inputs, outputs, grounding observability data, and usage data (“essential purposes”). If you use the AI Assistant in Observability Cloud, you are agreeing to the essential purposes. + +In addition to the essential purposes, you also have the option of allowing Splunk to use the data collected by the AI Assistant for the additional purpose of conducting research and development on the AI Assistant and generative AI in general. This use of your data is optional, and you can choose to allow or disallow it by updating your settings. To manage your AI Assistant settings, follow these steps: -If you do not want to share your data, deselect :guilabel:`Allow my AI service data to be used for research and development purposes`. +1. Go to :guilabel:`Settings` in Splunk Observability Cloud. + +2. On the :guilabel:`General Organization Settings` page, go to the :guilabel:`AI Assistant Management` section and select or deselect :guilabel:`AI Assistant in Observability` to activate or deactivate the AI Assistant in Observability Cloud for your organization. Note that any use of the AI Assisstant in Observability Cloud requires Splunk's use of your data for the essential purposes. If you do not wish to allow Splunk to use your data for the essential purposes, do not activate the AI Assistant or otherwise use the AI Assistant in Observability Cloud. + +3. If you do not want to allow usage of your data for research and development, deselect :guilabel:`Allow my AI service data to be used for research and development purposes`. .. image:: /_images/get-started/activate-assistant.png :width: 70% - :alt: This screenshot shows how Splunk Observability Cloud products serve the different layers and processes in an organization's environment. + :alt: This screenshot shows how to activate or deactivate the AI Assistant in Observability Cloud, as well as how to control whether your data is used for training the Assistant. + +For detailed data usage information, see :new-page:`Splunk Offerings Usage Data `. .. raw:: html diff --git a/logs/severity-key.rst b/logs/severity-key.rst index 029cd5e11..52e82b1a0 100644 --- a/logs/severity-key.rst +++ b/logs/severity-key.rst @@ -9,4 +9,13 @@ Ensure the correct mapping of your severity key The Log Observer Connect timeline displays a histogram of logged events over time, grouped by values of the message field :guilabel:`severity`. The severity key is a field that all logs contain. It has the values :guilabel:`DEBUG`, :guilabel:`ERROR`, :guilabel:`INFO`, :guilabel:`UNKNOWN`, and :guilabel:`WARNING`. Your logs might use a different field name for the severity key. Because the severity key in many logs is called :guilabel:`level`, Log Observer Connect automatically remaps the log field :guilabel:`level` to :guilabel:`severity`. -If your logs call the severity key by a different name, that's okay. To ensure that Log Observer Connect can read your field, transform your field name to :guilabel:`severity` or add a :guilabel:`severity` alias to your field name. To transform your field name, see :new-page:`Extract fields from event data using Ingest Processor `. To add an alias to your field name, see :ref:`logs-alias`. \ No newline at end of file +If your logs call the severity key by a different name, that's okay. To ensure that Log Observer Connect can read your field, transform your field name to :guilabel:`severity` or add a :guilabel:`severity` alias to your field name. To transform your field name, see :new-page:`Extract fields from event data using Ingest Processor `. To add an alias to your field name, see :ref:`logs-alias`. + +The mapping of your severity key and its values is case sensitive. The key and its values must appear exactly as follows: + +* severity +* DEBUG +* ERROR +* INFO +* UNKNOWN +* WARNING \ No newline at end of file diff --git a/metrics-and-metadata/metrics-usage-analytics.rst b/metrics-and-metadata/metrics-usage-analytics.rst index c2265504d..8f8183b5a 100644 --- a/metrics-and-metadata/metrics-usage-analytics.rst +++ b/metrics-and-metadata/metrics-usage-analytics.rst @@ -44,6 +44,12 @@ To access usage analytics in Splunk Observability Cloud, follow these steps: #. Under :guilabel:`Data Configuration`, select :guilabel:`Metrics Management`. #. Select the :guilabel:`Usage analytics` tab. +.. caution:: The following message displays if you've sent too many queries in a short time period. If you see this message, reload the page after 2 minutes. + + .. image:: /_images/infrastructure/rate-limiting-mua.png + :width: 80% + :alt: The rate limiting message in Splunk Observability Cloud. + The usage analytics home page contains the following visualizations: * A card displaying the average number of metric time series (MTS) per hour for your selected time frame. diff --git a/release-notes/2025-2-rn.rst b/release-notes/2025-2-rn.rst index 6b65d98ba..10d461ba7 100644 --- a/release-notes/2025-2-rn.rst +++ b/release-notes/2025-2-rn.rst @@ -86,4 +86,4 @@ When Splunk removes support for a feature, platform, or browser it means that th * :ref:`manual-android-instrumentation` * :ref:`configure-ios-instrumentation` * :ref:`rum-ios-data` - * :ref:`manual-rum-react-instrumentation` \ No newline at end of file + * :ref:`manual-rum-react-instrumentation` diff --git a/release-notes/2025-3-rn.rst b/release-notes/2025-3-rn.rst new file mode 100644 index 000000000..247b2cf70 --- /dev/null +++ b/release-notes/2025-3-rn.rst @@ -0,0 +1,26 @@ +.. _2025-3-rn: + +********************* +March 2025 +********************* + +Splunk Observability Cloud released the following new features and enhancements in March 2025. This is not an exhaustive list of changes in the observability ecosystem. For a detailed breakdown of changes in versioned components, see the :ref:`list of changelogs `. + +.. _2025-3-4-rn: + +March 4, 2025 release +======================= + +.. list-table:: + :header-rows: 1 + :widths: 1 2 + :width: 100% + + * - New feature or enhancement + - Description + * - Splunk Observability Cloud AI assistant in Splunk Cloud Related Content + - Splunk Cloud Platform users can speed up root cause analysis and IT investigations in the Search app with a new :guilabel:`AI Assistant` tab in the :guilabel:`Related Content` panel. Now the :guilabel:`Related Content` panel shows you not only the context of your issues with observability data, but also provides troubleshooting steps and additional information about the health of your services on the :guilabel:`AI Assistant` tab. Available for customers who have AI Assistant in Observability Cloud and Unified Identity enabled. + * - Synthetics Downtime Configurations + - Splunk Synthetic Monitoring now supports recurring downtime configurations. Recurring downtimes allow you to sync with your scheduled maintenance windows or planned/unplanned downtimes and keep them from impacting your monitoring metrics or SLAs. + * - Synthetics multi-factor authentication (MFA) + - Splunk Synthetic Monitoring now supports tests that need to send a time-based one-time passcode (TOTP) to their test target. \ No newline at end of file diff --git a/release-notes/release-notes-overview.rst b/release-notes/release-notes-overview.rst index 48189dbc6..99c05dc84 100644 --- a/release-notes/release-notes-overview.rst +++ b/release-notes/release-notes-overview.rst @@ -10,6 +10,7 @@ Release notes overview .. toctree:: :hidden: + 2025-3-rn 2025-2-rn 2024-11-rn 2024-10-rn @@ -29,6 +30,8 @@ Each release date includes new features and enhancements for SaaS and versioned * - Release month - Release date + * - :ref:`2025-3-rn` + - * :ref:`2025-3-4-rn` * - :ref:`2025-2-rn` - * :ref:`2025-2-4-rn` * - :ref:`2024-11-rn` @@ -76,4 +79,4 @@ For a detailed breakdown of changes in versioned components, see the following t * - Splunk OpenTelemetry iOS instrumentation - :new-page:`https://github.com/signalfx/splunk-otel-ios/blob/main/CHANGELOG.md` * - Splunk OpenTelemetry React Native instrumentation - - :new-page:`https://github.com/signalfx/splunk-otel-react-native/blob/main/CHANGELOG.md` \ No newline at end of file + - :new-page:`https://github.com/signalfx/splunk-otel-react-native/blob/main/CHANGELOG.md` diff --git a/sp-oncall/spoc-integrations/rest-endpoint-integration-guide.rst b/sp-oncall/spoc-integrations/rest-endpoint-integration-guide.rst index 5eff06259..bd669172b 100644 --- a/sp-oncall/spoc-integrations/rest-endpoint-integration-guide.rst +++ b/sp-oncall/spoc-integrations/rest-endpoint-integration-guide.rst @@ -141,7 +141,7 @@ You can also call the endpoint using cURL commands. For example: curl -X POST -d ‘{“entity_id”:“ID of the incident”,“message_type”:“critical”,“state_message”:“hi, this is some state message.”}' - https://alert.Splunk On-Call.com/integrations/generic/20131114/alert/[YOUR_REST_ENDPOINT_KEY]/[ROUTING_KEY_HERE] + https://alert.victorops.com/integrations/generic/20131114/alert/[YOUR_REST_ENDPOINT_KEY]/[ROUTING_KEY_HERE] Annotations =========== diff --git a/synthetics/test-config/auth.rst b/synthetics/test-config/auth.rst index 1a4eb438e..3dbb3571a 100644 --- a/synthetics/test-config/auth.rst +++ b/synthetics/test-config/auth.rst @@ -26,7 +26,9 @@ The following authentication methods are available for you to configure in your :ref:`auth-multifactor-email` - :ref:`auth-multifactor-sso` + :ref:`auth-multifactor-sso` + + :ref:`auth-multifactor-totp` * - Uptime - None @@ -52,7 +54,7 @@ If your test target provides an HTML form for entering username and password, co .. image:: /_images/synthetics/auth-basic-html-steps.png :width: 90% - :alt: Screenshot showing how to set up a synthetic test with basic authentication through an API request header. + :alt: Screenshot showing how to set up a synthetic test with basic authentication through an HTML form. #. Create global variables for this test target's username and password. Best practice is to conceal the global variable you create for the password. For more information, see :ref:`global-variables`. @@ -378,7 +380,7 @@ Multifactor authentication through SSO and Active Directory :description: Multifactor authentication allows your test to authenticate to a target page by logging in through an SSO or Active Directory service. -Authentication through Single Sign-On (SSO) is similar to :ref:`basic authentication `. To create a test of that uses SSO or Active Directory (AD) login, you must configure a series of steps that include opening the webpage, selecting the SSO authentication link, and entering the required information for SSO authentication. Additional webpages may load during this process, so it's crucial that you include steps to confirm that all the components of each webpage have fully loaded before proceeding. +Authentication through Single Sign-On (SSO) is similar to :ref:`basic authentication `. To create a test that uses SSO or Active Directory (AD), you must configure a series of steps that include opening the webpage, selecting the SSO authentication link, and entering the required information for SSO authentication. Additional webpages may load during this process, so it's crucial that you include steps to confirm that all of the components of each webpage have fully loaded before proceeding. SSO authentication frequently involves additional authentication factors. If the identity provider (such as Google, Microsoft, Okta, Duo, and so on) does not mandate an extra login factor, your test might only need the authentication steps that are illustrated in the example below: @@ -394,3 +396,95 @@ Identity providers often require various additional factors for login, such as v +.. _auth-multifactor-totp: + +Multifactor authentication through TOTP +================================================================== + +.. note:: + This authentication method applies to browser tests only. + + +If your test needs to send a time-based one-time passcode (TOTP) to its test target, configure your test as follows. + + +Get the secret key for generating a TOTP +------------------------------------------------------------------ + +The secret key is a shared value which both your test target and your test's authenticator app (such as Okta) will use to generate the same unique TOTP. You can get this secret key from: + +* The test target's QR code (an image). + +* The plain-text secret key, which is visible as an embedded string in the test target's QR code when you view the QR code as a URL string. For example, if the QR code is ``otpauth://totp/Slack:@?secret=&issuer=&algorithm=SHA1&digits=6&period=30``, the secret key is ````. + + +Save the secret key in a global variable of type TOTP +------------------------------------------------------------------ + +There are two ways to create a global variable: + +* From the Splunk Synthetic Monitoring landing page: + + #. From the Splunk Synthetic Monitoring landing page, select the settings icon, and then select :guilabel:`Global variables`. + #. Select :guilabel:`Create variable`. + +* From an existing test's page: + + #. Select :guilabel:`Edit test`. + #. Expand the :guilabel:`Variables` panel on the right, scroll to :guilabel:`Global variables` and select :guilabel:`Add`. + + +In the :guilabel:`Add variable` dialog box, enter the following: + +.. image:: /_images/synthetics/auth-multifactor-totp-add-variable.png + :width: 40% + :alt: Screenshot showing how to create a global variable. + + +#. In the :guilabel:`Variable` type pull-down menu, select :guilabel:`TOTP`. +#. In the :guilabel:`Variable name` field, enter the name of the variable. You will use this name to access your variable within a test. +#. Save the secret key either by: + + * Selecting the :guilabel:`QR code` tab and dragging the QR code image to it. + * Selecting the :guilabel:`Manual input` tab and pasting the ```` you retrieved from the QR code. + +#. (Optional) In the :guilabel:`Description` field, enter a description to explain the purpose of the variable for future reference. A description is particularly helpful when you conceal the variable and cannot reveal its value. +#. (Optional) Expand :guilabel:`Advanced Settings` and specify optional settings: + + * (Optional) Set :guilabel:`digits` to the number of digits in the generated TOTP. Valid values: 4-8. Default: 6. + * (Optional) Set :guilabel:`TOTP expiration` to the the duration of the validity of the TOTP, in seconds. Valid values: 10s-90s. Default: 30s. + +#. (Optional) To validate the secret key you entered, select :guilabel:`Generate TOTP`. +#. Select :guilabel:`Add`. + + +.. note:: + Splunk Synthetic Monitoring automatically conceals the value of variables of type TOTP. + + +Set up a browser test that uses a TOTP +------------------------------------------------------------------ + +#. On the browser test's configuration page, select the :guilabel:`Simple` toggle. +#. Select :guilabel:`Edit steps or synthetic transactions`. +#. Add a step of type :guilabel:`Fill in field`, and in :guilabel:`Value`, scroll down to the :guilabel:`TOTP` section (or type ``totp`` into the search field) and select the name of the TOTP variable you created. You can also enter this variable name directly as ``{{totp.}}``. + + .. image:: /_images/synthetics/auth-multifactor-totp-fillinfield.png + :width: 70% + :alt: Screenshot showing the "Fill in field" step. + + +#. To verify that the login succeeded, add a step of type :guilabel:`Assert text present`, and set it up as follows: + + #. In :guilabel:`Text`, enter a string that should be visible on the test target page only when login is successful. + #. (Optional) Set :guilabel:`Wait for up to` to a large enough value, in milliseconds, to ensure that the page loads. + +#. Select :guilabel:`Submit`. + + +To verify that the login is working, select :guilabel:`Try now`. Results may take a while. The :guilabel:`Try now result` pane should display each screen that your test navigated to on the target page, plus the message :guilabel:`Success`. + + .. image:: /_images/synthetics/auth-multifactor-totp-trynow.png + :width: 70% + :alt: Screenshot showing the "Try now" step. + diff --git a/synthetics/test-config/syn-downtimes.rst b/synthetics/test-config/syn-downtimes.rst index b9e10d419..28f20d272 100644 --- a/synthetics/test-config/syn-downtimes.rst +++ b/synthetics/test-config/syn-downtimes.rst @@ -5,7 +5,7 @@ Downtime ************************************************************ -When you are working on your site, consider using a downtime configuration to account for maintenance and other planned irregularities in your monitoring. Here is some guidance on how to choose the downtime configuration rule you want to use for your for your situation. +When you're working on your site, consider using a downtime configuration to account for maintenance and other planned irregularities in your monitoring. This page provides guidance on how to choose the downtime configuration rule you want to use for your for your situation. .. list-table:: :header-rows: 1 @@ -20,28 +20,56 @@ When you are working on your site, consider using a downtime configuration to ac Schedule a downtime configuration -==================================== +============================================================ -It's a best practice to schedule maintenance windows with a 15 to 30 minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of Splunk Synthetic Monitoring generating false positives during maintenance operations. +Schedule a downtime configuration to pause synthetic monitoring or augment test metrics ahead of site maintenance or anomalous behavior so that you don't skew your test data. + +The best practice is to schedule a downtime configuration with a 15 to 30 minute buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of Splunk Synthetic Monitoring generating false positives during maintenance operations. Schedule requirements: -* at least fifteen minutes long -* up to one year in advance and one year in duration +* Downtimes configurations must be at least fifteen minutes long. +* Downtimes configurations can be a maximum of one year in advance and one year in duration. How to schedule a downtime configuration: -1. In Splunk Synthetic Monitoring, go to settings, then :strong:`Downtime configurations`. -2. Select :strong:`Create downtime configuration`. -3. Enter a name, choose a rule, and select the test you want to include. -4. Set up the schedule and select :strong:`Create`. +#. In Splunk Synthetic Monitoring, go to settings, then :guilabel:`Downtime configurations`. +#. Select :guilabel:`Create downtime configuration`. +#. Enter a unique name, select a downtime rule, and select the tests that you want this downtime rule to apply to. +#. In the :guilabel:`Schedule` section, set a start and end date and time. +#. Select from the options in :guilabel:`Recurrence`. +#. Select :guilabel:`Create`. + + +When a recurring downtime configuration is active, you can't edit, delete, or extend it, but you can end it immediately. When a non-recurring downtime configuration is active, you can't edit or delete it, but you can extend its duration or end it immediately. + + +Preview the downtime schedule +---------------------------------------- + +If you selected a value other than :guilabel:`Does not repeat` in the :guilabel:`Recurrence` menu, the :guilabel:`Create a downtime configuration` form displays a preview of the first ten downtime configurations. + + +Mute alerts during downtime +============================================================ To mute any alerts associated with a test included in a downtime configuration window, see :ref:`mute-notifications`. -When a downtime configuration is active, you can't edit, or delete it. You can extend the duration, or cancel while it is active. + +View the downtime configurations that apply to a given test +============================================================ + +To see downtime configurations that apply to any test and time range: + +#. Select that test. +#. Zoom in on the time span of either of the test's charts as needed. + + The start and end time of any applicable downtime configurations are marked on the x-axis of the chart as triangles. + + Records -====================== +============================================================ The downtime configuration record shows when the window started and finished. The records are kept for thirteen months.