diff --git a/_images/images-detectors-alerts/custom-detector-view.png b/_images/images-detectors-alerts/custom-detector-view.png new file mode 100644 index 000000000..407e39860 Binary files /dev/null and b/_images/images-detectors-alerts/custom-detector-view.png differ diff --git a/_images/images-detectors-alerts/detectors-list-view.png b/_images/images-detectors-alerts/detectors-list-view.png new file mode 100644 index 000000000..d404fd25d Binary files /dev/null and b/_images/images-detectors-alerts/detectors-list-view.png differ diff --git a/_images/images-detectors-alerts/detectors-related.png b/_images/images-detectors-alerts/detectors-related.png index 47b7d45ee..89333f52b 100644 Binary files a/_images/images-detectors-alerts/detectors-related.png and b/_images/images-detectors-alerts/detectors-related.png differ diff --git a/_images/logs/CreateUser.png b/_images/logs/CreateUser.png index b2c18603f..ef285465a 100644 Binary files a/_images/logs/CreateUser.png and b/_images/logs/CreateUser.png differ diff --git a/_images/synthetics/syn-filter-test.png b/_images/synthetics/syn-filter-test.png index 738e97b8b..3cae8bc4b 100644 Binary files a/_images/synthetics/syn-filter-test.png and b/_images/synthetics/syn-filter-test.png differ diff --git a/_includes/gdi/available-aws.rst b/_includes/gdi/available-aws.rst index 0102571d0..6edb57a0d 100644 --- a/_includes/gdi/available-aws.rst +++ b/_includes/gdi/available-aws.rst @@ -373,12 +373,22 @@ You can also collect data from any custom service you've created in AWS, or from * - AWS/SageMaker - Amazon SageMaker - :strong:`X` - - + - :strong:`X` * - AWS/sagemaker/Endpoints - Amazon SageMaker Endpoints - :strong:`X` - - + - :strong:`X` + + * - AWS/sagemaker/InferenceComponents + - Amazon SageMaker Inference Components + - :strong:`X` + - :strong:`X` + + * - AWS/sagemaker/InferenceRecommendationsJobs + - Amazon SageMaker Inference Recommendations Jobs + - :strong:`X` + - :strong:`X` * - AWS/sagemaker/TrainingJobs - Amazon SageMaker Training Jobs diff --git a/admin/references/system-limits/sys-limits-infra-details.rst b/admin/references/system-limits/sys-limits-infra-details.rst index 7ed7637ec..64175f468 100644 --- a/admin/references/system-limits/sys-limits-infra-details.rst +++ b/admin/references/system-limits/sys-limits-infra-details.rst @@ -244,9 +244,9 @@ Maximum SignalFlow programs per minute Maximum number of query arguments in a filter() function ================================================================================ - * :strong:`Default limit value`: 256 - * :strong:`Notes`: Limit to the number of query arguments in a SignalFlow filter - * :strong:`Customer impact`: Maximum number of derived MTS per SignalFlow program, where derived MTS are temporary MTS that a SignalFlow function or method has to maintain in memory. For example, if there are 20,000 MTS for the metric ``jvm.load``, and each MTS comes from a unique host , then ``"data('jvm.load').sum(by=['host']).publish()"`` tracks 40,000 derived MTS. The ``data()`` function uses 20,000, and the ``sum()`` uses another 20,000. The number of input MTS is still 20,000. + * :strong:`Default limit value`: 1024 + * :strong:`Notes`: Limit to the number of query arguments in a SignalFlow filter. This limit includes global filters in dashboards as well as any internal filters. + * :strong:`Customer impact`: SignalFlow programs that are violating the limit can't start. You immediately get an error message. .. _maximum-number-of-detectors-per-org: diff --git a/admin/user-management/teams/associate-services.rst b/admin/user-management/teams/associate-services.rst new file mode 100644 index 000000000..80b882d9d --- /dev/null +++ b/admin/user-management/teams/associate-services.rst @@ -0,0 +1,61 @@ +.. _admin-associate-service: + +******************************************************************************** +Link services to teams in Splunk Observability Cloud +******************************************************************************** + +.. meta:: + :description: Learn how to associate services with a team in Splunk Observability Cloud. + +You can link services to a team to make these resources accessible on the team's landing page. + +To learn more about team landing pages, see :ref:`admin-configure-page`. + + +.. _service-link-teams: + +Services linked to teams +============================================================================ + +When you link services to a team, you get the following features: + +* The team landing page displays lists of services and alerts for that service. + +* On the APM page, filter the services listed by teams to view only the services relevant to your team. + + +.. _create-link-service-teams: + +Link a service to a team +-------------------------------------------------------------------------------- + +You can link a service to a team from the team’s landing page, or the :guilabel:`Team page setup`. + +To link a service to a team from the landing page, follow these steps: + +#. From the :guilabel:`Services` section, select the :guilabel:`Edit services` button from the landing page. + +#. From the modal, select the services that you want to add to the team. + +#. (Optional) Add a service attribute filter in order to populate all services that contain the specified attribute on the team landing page. This filter groups services by a specific property or namespace. For example, adding the attribute ``service.namespace = apm`` will display all services with the APM namespace on your team landing page. + +To link a service to a team from the :guilabel:`Team page setup`, follow these steps: + +#. From the team's landing page, select the :guilabel:`Team details` button, and then select :guilabel:`Edit page`. +#. On the :guilabel:`Team page setup` page, go to the :guilabel:`Services` section. Add services from your environment to your team. +#. (Optional) Add a service attribute filter in order to populate all services that contain the specified attribute on the team landing page. This filter groups services by a specific property or namespace. For example, adding the attribute ``service.namespace = apm`` will display all services with the APM namespace on your team landing page. + +.. _remove-link-service-team: + +Remove a service from a team +-------------------------------------------------------------------------- + +To remove a link to a service from the team landing page, follow these steps: + +#. From the :guilabel:`Services` section, select :guilabel:`Edit services`. +#. Select the :guilabel:`x` to remove a service or a service attribute filter from their respective lists, then select :guilabel:`Save`. + +To remove a link to a service from the :guilabel:`Team page setup`, follow these steps: + +#. From the team's landing page, select the :guilabel:`Team details` button, and then select :guilabel:`Edit page`. +#. On the :guilabel:`Team page setup` page, go to the :guilabel:`Services` section. Select the :guilabel:`x` to remove a service or a service attribute filter from their respective lists. Your changes will be reflected on the team landing page. \ No newline at end of file diff --git a/admin/user-management/teams/associate-team.rst b/admin/user-management/teams/associate-team.rst index 764843345..91eea0ae8 100644 --- a/admin/user-management/teams/associate-team.rst +++ b/admin/user-management/teams/associate-team.rst @@ -19,13 +19,12 @@ Detectors linked to teams When you link detectors to a team, you get the following features: -* The team landing page displays lists of active alerts. +* The team landing page displays a list of recent alerts. -* On the Alerts page, users can use filters to display only those detectors linked to a specific team. +* On the :guilabel:`Detectors & SLOs` page, users can use filters to display only detectors linked to a specific team. .. note:: You can manually add a team as a notification recipient for any detector. You don't have to link the detector to the team. - .. _create-link-detector-teams: Link a detector to a team @@ -33,9 +32,18 @@ Link a detector to a team You can only link a detector to a team if you have write permission for the detector. To learn more, see :ref:`detector-manage-permissions`. -You can link a detector to a team when you are viewing the :guilabel:`Detectors` tab on the :guilabel:`Alerts` page or when you are viewing a specific detector. +To link a detector to a team from the landing page, follow these steps: + +#. From the :guilabel:`Active alerts` section, select the :guilabel:`Edit detectors` button. +#. Select the detector you want to add from the modal, and then select :guilabel:`Add`. + +To link a dashboard group to a team from the :guilabel:`Team page setup`, follow these steps: -To link a detector to a team, follow these steps: +#. From the team's landing page, select the :guilabel:`Team details` button, and then select :guilabel:`Edit page`. +#. On the :guilabel:`Team page setup` page, go to the :guilabel:`Detectors` section and select :guilabel:`Edit detectors`. Add detectors to your team from the modal. +#. Select :guilabel:`Add`. + +You can link a detector to a team when you are viewing the :guilabel:`Detectors` tab on the :guilabel:`Detectors & SLOs` page or when you are viewing a specific detector. #. From the :guilabel:`Actions` menu for the detector, select :guilabel:`Links to teams`. @@ -45,7 +53,6 @@ To link a detector to a team, follow these steps: .. note:: Sending alert notifications to a team doesn't necessarily mean that every team member is notified. The team's notification policy determines which team members receive notifications. To learn more about configuring team notification policies, see :ref:`admin-team-notifications`. - .. _remove-link-detector-team: Remove the link between a detector and a team @@ -53,14 +60,18 @@ Remove the link between a detector and a team To remove a link between a detector and a team, you need to have write permission for the detector. To learn more, see :ref:`detector-manage-permissions`. -You can remove the link between a detector and a team when you are viewing the :guilabel:`Detectors` tab on the :guilabel:`Alerts` page or when you are viewing a specific detector. +You can remove the link between a detector and a team when you are viewing the :guilabel:`Detectors` tab on the :guilabel:`Detectors & SLOs` page or when you are viewing a specific detector. -To remove the link between a detector and a team, follow these steps: +To remove the link between a detector and a team on the Detectors page, follow these steps: #. From the :guilabel:`Actions` menu for the detector, select :guilabel:`Links to teams`. #. Select the :guilabel:`x` to remove a team from the linked teams list, then select :guilabel:`Done`. #. If the team is a notification recipient for the detector, Splunk Observability Cloud asks if you want to stop sending notifications to the team. Select :guilabel:`Yes` to remove the team as a recipient from each detector rule. Select :guilabel:`No` to leave all recipients as is. +To remove a link to detector from the :guilabel:`Team page setup`, follow these steps: + +#. From the team's landing page, select the :guilabel:`Team details` button, and then select :guilabel:`Edit page`. +#. On the :guilabel:`Team page setup` page, go to the :guilabel:`Detectors` section. Select the :guilabel:`x` to remove a detector. Your changes will automatically be reflected on the landing page. .. _dashboard-groups-link-team-features: @@ -87,7 +98,6 @@ The following table provides details about which dashboard group types you can l * - User dashboard group - You can't link a user dashboard group to a team. - .. _create-link-dashboard-group-team: Link a dashboard group to a team @@ -99,11 +109,17 @@ To link a dashboard group to a team from the team landing page, follow these ste #. Access the team landing page. To learn how to access team landing pages, see :ref:`view-team-landing-page`. -#. Select :guilabel:`Add Dashboard Group`. +#. Select :guilabel:`Edit dashboard groups`. #. Select the dashboard group you want to link. -#. Select :guilabel:`OK`. +#. Select :guilabel:`Add`. + +To link a dashboard group to a team from the :guilabel:`Team page setup`, follow these steps: + +#. From the team's landing page, select the :guilabel:`Team details` button, and then select :guilabel:`Edit page`. +#. On the :guilabel:`Team page setup` page, go to the :guilabel:`Dashboards` section and select :guilabel:`Edit dashboard groups`. Add dashboard groups to your team from the modal. +#. Select :guilabel:`Add`. To link a dashboard group to a team from the dashboard group: @@ -117,7 +133,6 @@ To link a dashboard group to a team from the dashboard group: #. Select :guilabel:`Done`. - .. _remove-link-dashboard-group-team: Remove the link between a dashboard group and a team diff --git a/admin/user-management/teams/configure-page.rst b/admin/user-management/teams/configure-page.rst index 949e22b58..58617e76a 100644 --- a/admin/user-management/teams/configure-page.rst +++ b/admin/user-management/teams/configure-page.rst @@ -7,9 +7,9 @@ Manage team landing pages in Splunk Observability Cloud .. meta:: :description: Learn how to view and configure an associated landing page that contains information relevant to team members. -Every team has an associated landing page that contains information relevant to team members. A landing page brings together dashboard groups and alerts triggered by detectors that are linked to the team. The landing page has the following sections: +Every team has a landing page that contains information relevant to team members. A landing page brings together dashboard groups and alerts triggered by detectors that are linked to the team. The landing page has the following sections: -* A customizable text section to provide helpful information to team members. In this section, you can use Markdown-formatted text. +* A list of services managed by your team. * A count of active alerts from detectors linked to the team, grouped by severity. @@ -17,7 +17,6 @@ Every team has an associated landing page that contains information relevant to Anyone can view the landing page for any team. - .. _view-team-landing-page: View a team landing page @@ -29,20 +28,26 @@ To see the landing page for any team, follow these steps: #. Log in to Splunk Observability Cloud. -#. In the left navigation menu, select :menuselection:`Settings` then :menuselection:`Teams`. +#. In the left navigation menu, select :guilabel:`Settings` then :guilabel:`Teams management`. #. A table of current teams appears in the main panel. -#. Select a team name to see its landing page. +#. Select a team name to view its landing page, or select :guilabel:`Go to team page` from the :guilabel:`Actions` menu. -To see the landing page for your team, follow these steps: +#. (Optional) Select :guilabel:`Join team` to add yourself as a member of the team. -#. Log in to Splunk Observability Cloud. +Alternatively, you can view the landing page for teams you are already part of on the Splunk Observability Cloud home page. The teams you are part of display as a tab on the home page. + +Set up team landing page content +============================================================================ + +To customize the content on your team’s landing page, follow these steps: -#. In the left navigation menu, select :menuselection:`Dashboards`. +#. From a team's landing page, select the :guilabel:`Team details` button. From the side panel that appears, select :guilabel:`Edit page`. -#. In the :guilabel:`My Teams` area, select a team name to see its team landing page. +#. Add and remove specific objects from the team's landing page page, such as services and detectors, from the :guilabel:`Team page setup`. +#. Your changes will automatically populate on the team landing page. .. _use-team-landing-page: @@ -51,17 +56,36 @@ Use a team landing page Use a team landing page as your starting point for monitoring important data. -To review alerts associated with a detector linked to the team, follow these steps: +To review services linked to the team, follow these steps: + +#. To view more details about each service, select the service name. + +#. To view additional properties for each service, such as the endpoints or traces associated with each service, select the three-dot :guilabel:`Actions` menu and choose one of the options listed. The corresponding page in Splunk APM opens. To learn more about using the service view in APM, see :ref:`apm-service-view`. + +#. To see the details of an alert for one of the services associated with your team, select the alert name in the :guilabel:`Alerts` column. + +#. Select :guilabel:`View APM page` to view additional services in your environment. + +To review dashboards linked to the team, follow these steps: + +#. To view a specific dashboard, select the dashboard name. +#. To view only the dashboards you created, select :guilabel:`Created by me`. +#. Select :guilabel:`View Dashboards page` to view additional dashboards in your environment. -#. To see all active alerts, select :guilabel:`Team Alerts`. The Alerts page for the team appears. You see all active alerts for detectors linked to the team. +You can review alerts associated with a detector linked to the team in different ways: -#. To see all active alerts for a specific severity level, select the severity. The Alert page for the team appears. You see active alerts for detectors linked to the team, filtered by the severity level you selected. +#. To see all active alerts for a specific severity level, select the severity. You see active alerts for detectors linked to the team, filtered by the severity level you selected. -#. To see a list of active alerts for each detector linked to the team, select :guilabel:`Team Detectors`. The Alert page for the team appears, listing the name of the detector that issued each alert. +#. To see a list of active alerts for each detector linked to the team, select :guilabel:`All severities`. -To learn more about linking teams to detectors and dashboard groups, see :ref:`admin-associate-team`, +#. Select :guilabel:`View Detectors & SLOs page` to view additional detectors in your environment. +To learn more about linking services and other objects to your team landing page, see: +* :ref:`admin-associate-team` + +* :ref:`admin-associate-service` + .. _edit-landing-page-text: Edit the landing page text @@ -77,8 +101,8 @@ To learn about which roles can edit landing page text, see :ref:`about-team-role To edit landing page text, follow these steps: -#. Select :guilabel:`Edit Description`. +#. Select the :guilabel:`Edit` button next to the team name. -#. Enter your changes in the edit box. +#. Enter your changes in the modal. #. Select :guilabel:`Save`. diff --git a/admin/user-management/teams/enhanced-team-security.rst b/admin/user-management/teams/enhanced-team-security.rst index f89452988..f89a95f72 100644 --- a/admin/user-management/teams/enhanced-team-security.rst +++ b/admin/user-management/teams/enhanced-team-security.rst @@ -121,10 +121,11 @@ To learn more about enabling enhanced team security, see :ref:`admin-team-contro - No * - :strong:`Leave team` - - * Yes, if on a team + - * Yes, if on a team * Not applicable, if not on a team - Yes - - Yes + - * Yes, when enhanced team security is turned off + * No, when enhanced team security is turned on - Not applicable: A user must be on a team to leave a team Permission to link a detector to a team is based on the detector's permissions. For example, if the user has write permission for a detector, they can link it to a team. To learn more, see :ref:`detector-manage-permissions`. diff --git a/admin/user-management/teams/manage-membership.rst b/admin/user-management/teams/manage-membership.rst index fe3183f53..19955f555 100644 --- a/admin/user-management/teams/manage-membership.rst +++ b/admin/user-management/teams/manage-membership.rst @@ -7,8 +7,7 @@ Manage teams in Splunk Observability Cloud .. meta:: :description: Learn how to how to manage teams and team membership. -Managing teams in Splunk Observability Cloud means creating and deleting teams, as well as managing membership and team security. - +Managing teams in Splunk Observability Cloud means creating and deleting teams, as well as managing membership and team security. Some actions are only available to administrators. To see a list of team roles and permissions, see :ref:`about-team-roles`. .. _admin-create-team: @@ -19,22 +18,15 @@ To create a team, you must be a Splunk Observability Cloud administrator. To create a team, follow these steps: -#. Log in to Splunk Observability Cloud. - -#. In the left navigation menu, select :menuselection:`Settings` then :menuselection:`Teams`. - -#. Select :guilabel:`Create New Team`. - -#. In the :guilabel:`Team name` dialog box, enter a name for the team. +#. In the left navigation menu, select :guilabel:`Settings`, then :guilabel:`Teams management`. -#. (Optional) In the :guilabel:`Description` field, enter a description of the team. +#. Select :guilabel:`Create team`. -#. From the :guilabel:`Add Users` list, you can search for users with the search text box. +#. Enter a name and description for your team. -#. Continue to add users to the team. - -#. When you're finished adding users, select :guilabel:`Create`. The new team name appears in the list of teams. +#. From the :guilabel:`Add members` list, select users in your organization to add as team members. +#. When you're finished adding members, select :guilabel:`Create team`. The new team name appears in the list of teams. .. _admin-delete-team: @@ -45,21 +37,16 @@ To delete a team, you must be a Splunk Observability Cloud administrator. To delete a team, follow these steps: -#. Log in to Splunk Observability Cloud. - -#. In the left navigation menu, select :menuselection:`Settings > Teams`. +#. In the left navigation menu, select :guilabel:`Settings` then :guilabel:`Teams management`. #. A table of current teams appears in the main panel. #. Find the name of the team. -#. Select the :guilabel:`Actions` menu icon next the team name, then select :menuselection:`Delete Team`. +#. Select the :guilabel:`Actions` menu icon next the team name, then select :menuselection:`Delete team`. #. Splunk Observability Cloud displays a dialog box that asks you to confirm the deletion. Select :guilabel:`Delete`. -The team no longer appears in the list of teams. - - Change team name ============================================================================ @@ -67,9 +54,7 @@ To learn which roles can change the name of a team, see :ref:`about-team-roles`. To change the team name, follow these steps: -#. Log in to Splunk Observability Cloud. - -#. In the left navigation menu, select :menuselection:`Settings > Teams`. +#. In the left navigation menu, select :guilabel:`Settings`, then :guilabel:`Teams management`. #. A table of current teams appears in the main panel. @@ -77,12 +62,9 @@ To change the team name, follow these steps: #. Select the :guilabel:`Edit` icon next the team name. -#. When you're finished editing the name, select :guilabel:`Enter to save your changes`. - -.. note:: The Team name is case-insensitive. If you attempt to change the team name from :strong:`Team` to :strong:`team`, you will see a message that the name already exists. - -The team now appears with the name you changed it to. +#. When you're finished editing the name, save your changes. +.. note:: The Team name is case-insensitive. Add team members ============================================================================ @@ -91,19 +73,15 @@ For the roles that can add and remove team members, see :ref:`about-team-roles`. To add or remove team members, follow these steps: -#. Log in to Splunk Observability Cloud. - -#. In the left navigation menu, select :menuselection:`Settings > Teams`. +#. In the left navigation menu, select :guilabel:`Settings` then :guilabel:`Teams management`. Alternatively, you can also add members by selecting :guilabel:`Team details` from the team's landing page and select :guilabel:`Manage team`. #. A table of current teams appears in the main panel. #. Find the name of the team. -#. Select the :guilabel:`Actions` menu (|more|) next to the team name and select :menuselection:`Add users`. - -#. Use the :guilabel:`Add Users` field to search for users by name or email to add them to the team. +#. Select the :guilabel:`Actions` menu (|more|) next to the team name and select :menuselection:`Add members`. - * To add a team member, select the email address of the member. +#. Use the :guilabel:`Add members` field to search for users by name or email to add them to the team. #. Select :guilabel:`Add`. @@ -114,18 +92,15 @@ For the roles that can add and remove team members, see :ref:`about-team-roles`. To remove team members, follow these steps: -#. Log in to Splunk Observability Cloud. - -#. In the left navigation menu, select :menuselection:`Settings > Teams`. +#. In the left navigation menu, select :guilabel:`Settings`, then :guilabel:`Teams management`. Alternatively, you can also add members by selecting :guilabel:`Team details` from the team's landing page and select :guilabel:`Manage team`. #. A table of current teams appears in the main panel. #. Find the name of the team whose member list you want to edit. -#. On the Users tab, select the :guilabel:`Actions` menu (|more|) next to the name of the user you want to remove from the team. - -#. Select :guilabel:`Remove from team` +#. On the :guilabel:`Members` tab, select the :guilabel:`Actions` menu (|more|) next to the name of the user you want to remove from the team. +#. Select :guilabel:`Remove from team`. View a user's team membership ============================================================================ @@ -136,7 +111,7 @@ To view which teams a user belongs to, follow these steps: #. Log in to Splunk Observability Cloud. -#. In the left navigation menu, select :menuselection:`Settings > Teams`. +#. In the left navigation menu, select :guilabel:`Settings` then :guilabel:`Teams management`. #. A table of current teams appears in the main panel. diff --git a/admin/user-management/teams/manage-teams.rst b/admin/user-management/teams/manage-teams.rst index 3d5951eeb..aa6a215b1 100644 --- a/admin/user-management/teams/manage-teams.rst +++ b/admin/user-management/teams/manage-teams.rst @@ -14,6 +14,7 @@ Create and manage teams in Splunk Observability Cloud Manage team landing pages Manage team notifications Link detectors and dashboards to teams + Link services to teams Turn on enhanced team security Use Splunk Observability Cloud teams to coordinate teamwork. Perform the following tasks to set up your teams and provide team members with resources that can help streamline their teamwork. diff --git a/alerts-detectors-notifications/alerts-and-detectors/alert-message-variables-reference.rst b/alerts-detectors-notifications/alerts-and-detectors/alert-message-variables-reference.rst index 58b1e1ae4..f58704d71 100644 --- a/alerts-detectors-notifications/alerts-and-detectors/alert-message-variables-reference.rst +++ b/alerts-detectors-notifications/alerts-and-detectors/alert-message-variables-reference.rst @@ -42,6 +42,20 @@ Detector and rule details * - {{{detectorName}}} - The name of this detector + * - {{detectorId}} + - The ID of this detector. You can use this to programmatically reference this detector. + + * - {{detectorTags}} + - List of all tags added to this detector, in the following format: + ``[tag1, tag2, ...]`` + + * - {{detectorTeams}} + - List of all teams linked to this detector, in the following format: + ``[Team{id='E3lSp2ZAIAA', name='Team A'}, Team{id='GbsDUCCAEAI', name='Team B'}]`` + + * - {{detectorUrl}} + - The URL of this detector + * - {{{ruleName}}} - The name of the rule that triggered the alert @@ -57,11 +71,7 @@ Detector and rule details * - {{{tip}}} - Plain text suggested first course of action, such as a command line to run. - * - {{detectorId}} - - The ID of this detector. You can use this to programmatically reference this detector. - * - {{detectorUrl}} - - The URL of this detector Alert details ------------- @@ -148,18 +158,28 @@ Helper functions .. list-table:: :header-rows: 1 - :widths: 25 75 + :widths: 20 40 40 * - :strong:`Option` - :strong:`Description` + - :strong:`Example` - * - {{#if}} {{else}} {{/if}} - - Conditional, e.g. - {{#if anomalous}}Alert triggered at {{timestamp}} {{else}} Alert cleared at {{timestamp}} {{/if}} + * - {{#each}} {{/each}} + - Iterate over items in a list. Use {{this}} to refer to the element being iterated over. + - ``{{#each detectorTeams}} {{this}} {{/each}}`` + + * - {{#if}} {{else}} {{/if}} + - Conditional + - ``{{#if anomalous}} Alert triggered at {{timestamp}} {{else}} Alert cleared at {{timestamp}} {{/if}}`` * - {{#notEmpty dimensions}} {{/notEmpty}} - - If there are dimensions associated with the signal, e.g. - {{#notEmpty dimensions}} Signal details: {{{dimensions}}} {{/notEmpty}} + - Check if there are dimensions associated with the signal + - ``{{#notEmpty dimensions}} Signal details: {{{dimensions}}} {{/notEmpty}}`` + + * - {{#unless}} {{/unless}} + - Conditional, an inverse of the {{if}} function + - ``Teams: {{#each detectorTeams}} {{name}}{{#unless @last}}, {{/unless}}{{/each}}`` + .. _condition-variables: @@ -280,19 +300,14 @@ The following is an example of a default message that you can customize: .. code-block:: none {{#if anomalous}} - Rule "{{ruleName}}" in detector "{{detectorName}}" triggered at {{timestamp}}. + Rule "{{{ruleName}}}" triggered at {{dateTimeFormat timestamp format="full"}}. {{else}} - Rule "{{ruleName}}" in detector "{{detectorName}}" cleared at {{timestamp}}. - {{/if}} - - {{#if anomalous}} - Triggering condition: {{{readableRule}}} - {{/if}} - - {{#if anomalous}}Signal value: {{inputs.A.value}} - {{else}}Current signal value: {{inputs.A.value}} + Rule "{{{ruleName}}}" cleared at {{dateTimeFormat timestamp format="full"}}. {{/if}} + {{#if anomalous}}Signal value for {{dimensions.app}} in {{dimensions.sf_environment}} is out of bounds + {{else}}Current signal value for {{dimensions.app}} in {{dimensions.sf_environment}}{{/if}} + {{#notEmpty dimensions}} Signal details: {{{dimensions}}} @@ -302,3 +317,8 @@ The following is an example of a default message that you can customize: {{#if runbookUrl}}Runbook: {{{runbookUrl}}}{{/if}} {{#if tip}}Tip: {{{tip}}}{{/if}} {{/if}} + + {{#if detectorTags}}Tags: {{detectorTags}}{{/if}} + {{#if detectorTeams}} + Teams: {{#each detectorTeams}} {{name}}{{#unless @last}}, {{/unless}}{{/each}}. + {{/if}} diff --git a/alerts-detectors-notifications/alerts-and-detectors/create-detectors-for-alerts.rst b/alerts-detectors-notifications/alerts-and-detectors/create-detectors-for-alerts.rst index 228d5b58c..824ca1b8d 100644 --- a/alerts-detectors-notifications/alerts-and-detectors/create-detectors-for-alerts.rst +++ b/alerts-detectors-notifications/alerts-and-detectors/create-detectors-for-alerts.rst @@ -22,7 +22,7 @@ Create detectors The high-level steps for creating a detector are: -1. Choose :ref:`how to create the detector `. +1. Decide :ref:`how you want to create the detector `. 2. Create :ref:`alert rules ` to the detector to specify when to trigger alerts. @@ -35,8 +35,7 @@ There are several ways to create a detector. * You can clone an existing detector if you have existing detectors that you want to modify. See :ref:`clone-detector`. * You can customize AutoDetect detectors. See :ref:`autodetect-customize`. -* Start from the Detector tab to create detectors based on what you are currently viewing, such as a chart or the Infrastructure Navigator. See :ref:`create-detector-from-chart`. -* Create a detector from a dashboard chart to preselect one of the chart signals as the signal to be monitored. See :ref:`create-detector-from-chart`. +* Create a detector from one of the signals on the chart you're viewing. See :ref:`create-detector-from-chart`. * Create a detector from scratch. See :ref:`create-detector-from-scratch`. * Use the API to programmatically create detectors, instead of creating them through the user interface. See :ref:`create-via-api`. @@ -45,7 +44,7 @@ There are several ways to create a detector. Clone an existing detector ------------------------------------------------------------------- -You can see a list of existing detectors on the :guilabel:`Detectors` tab under :guilabel:`Detectors & SLOs`. +You can see a list of existing detectors on the :guilabel:`Detectors` tab of the :guilabel:`Detectors & SLOs` page. 1. Look for a detector that is similar to the detector you want to create. 2. Select the detector. @@ -62,18 +61,18 @@ If there is a chart that monitors a signal that you want to alert on, you can us Follow these steps to create the detector: -#. Select the bell icon on a chart to open the :strong:`Detector` menu. +#. Select the bell icon on a chart. #. Select :menuselection:`New detector from chart`. #. To continue, see :ref:`build-rules`. -After you create a detector from a chart, a :ref:`link to the new detector` is automatically added to the chart. +After you create a detector from a chart, the detector is automatically linked to the chart. .. _create-detector-from-scratch: Create a detector from scratch ------------------------------------------------------------------- -To create a new detector for Infrastructure or Custom Metrics from scratch, you can either select :guilabel:`New Detector` under :guilabel:`Detectors & SLOs`, or select :menuselection:`Custom Detector` from the create menu on the navigation bar. Enter a detector name and then select :guilabel:`Create Alert Rule` to proceed to the alert rule builder. For instructions on building the rule, see :ref:`build-rules`. +To create a new detector from scratch, you can either select :guilabel:`Create detector` on the :guilabel:`Detectors & SLOs` page, or select :menuselection:`Detector` from the create menu on the navigation bar. Enter a detector name and then select :guilabel:`Create alert rule` to proceed to the alert rule builder. For instructions on building the rule, see :ref:`build-rules`. .. _create-via-api: @@ -86,8 +85,7 @@ Using the API to create a detector provides a number of capabilities that are no - For information on using the UI to edit detectors created using the API, see :ref:`v2-detector-signalflow`. -.. note:: If a detector display includes a SignalFlow tab, you are viewing a detector created programmatically using the :new-page:`Splunk Observability Cloud Detectors API `. If you are familiar with that API, you can use the detector display to - view and edit the detector code and make changes to the detector rules. +.. note:: If a detector display includes a :guilabel:`SignalFlow` tab, you are viewing a detector created programmatically using the :new-page:`Splunk Observability Cloud detectors API `. If you are familiar with that API, you can use the detector display to view and edit the detector code and make changes to the detector rules. .. _build-rules: @@ -140,7 +138,7 @@ If the detector has multiple signals, select what signal you want to alert on. Select alert conditions ------------------------------------------------------------------- -On the :strong:`Alert condition` tab, select the type of condition that triggers an alert. If you want to create compound conditions using AND or OR operators on the Alert settings tab, you must use the Custom Threshold condition. This applies whether you are monitoring a single signal or multiple signals. +On the :strong:`Alert condition` tab, select the type of condition that triggers an alert. If you want to create compound conditions using ``AND`` or ``OR`` operators on the :guilabel:`Alert settings` tab, you must use the Custom Threshold condition. This applies whether you are monitoring a single signal or multiple signals. See :ref:`condition-reference` for the list of the available built-in alert conditions for Infrastructure Monitoring and Custom Metrics detectors. @@ -161,7 +159,7 @@ In the chart, use a preview of the alerts that are triggered based on the settin After you have specified settings for triggering alerts, continue to the next tab to create a message that is sent when the alert is triggered. -.. note:: If you don't see the Alert settings tab, you are viewing a detector that was created using the API; alert settings are defined in the :ref:`SignalFlow tab`. +.. note:: If you don't see the :guilabel:`Alert settings` tab, you are viewing a detector that was created using the API; alert settings are defined in the :ref:`SignalFlow tab`. .. _alert-message: @@ -267,9 +265,9 @@ The following table explains different types of email notifications: Activate ------------------------------------------------------------------- -On the :strong:`Activate` tab you see a summary of the detector settings you specified. Review the summary and make any necessary changes in the associated tabs, then name the rule; by default, the rule name is the same as the detector name. The rule name is displayed on the Alerts page and in notifications. +On the :guilabel:`Activate` tab you see a summary of the detector settings you specified. Review the summary and make any necessary changes in the associated tabs, then name the rule. By default, the rule name is the same as the detector name. The rule name is displayed on the :guilabel:`Alerts` page and in notifications. -Select :guilabel:`Activate Alert Rule` to save the detector and begin monitoring the specified signal. After you activate the detector, the :strong:`Alert Rules` tab of the detector is displayed, showing the signal you selected and a summary of the rule you built. You can edit the detector name; the text you enter here is displayed as the detector name on the :guilabel:`Detectors` tab under :guilabel:`Detectors & SLOs`. You can also provide additional descriptive text below the name, for example, to clarify the purpose of the detector for others. +Select :guilabel:`Activate Alert Rule` to save the detector and begin monitoring the specified signal. After you activate the detector, the :guilabel:`Alert Rules` tab of the detector is displayed, showing the signal you selected and a summary of the rule you built. You can edit the detector name; the text you enter here is displayed as the detector name on the :guilabel:`Detectors` tab under :guilabel:`Detectors & SLOs`. You can also provide additional descriptive text to clarify the purpose of the detector for others. .. note:: If you make any changes to the detector name or description, select the :guilabel:`Save` button. If you select the :strong:`Close` button without saving, your changes will be lost. @@ -283,9 +281,9 @@ Select :guilabel:`Activate Alert Rule` to save the detector and begin monitoring Edit detectors through the SignalFlow tab ---------------------------------------------------------------------------------- -.. note:: This section assumes you are familiar with the :new-page:`Splunk Observability Cloud Detectors API `. +.. note:: This section assumes you are familiar with the :new-page:`Splunk Observability Cloud detectors API `. -If you are modifying a detector that was created using the API, you can add and edit detector rules using the SignalFlow tab. The SignalFlow program text replaces the Alert signal, Alert condition, and Alert settings tabs that are used when creating and editing detectors using the UI. +If you are modifying a detector that was created using the API, you can add and edit detector rules using the :guilabel:`SignalFlow` tab. The SignalFlow program text replaces the :guilabel:`Alert signal`, :guilabel:`Alert condition`, and :guilabel:`Alert settings` tabs that are used when creating and editing detectors using the UI. Every ``publish`` statement in a SignalFlow ``detect`` statement corresponds to a rule on the Alert Rules tab. The label you enter inside the ``publish`` block is displayed next to the number of active alerts displayed on the Alert Rules tab. @@ -346,8 +344,8 @@ On the :guilabel:`Alert Rules` tab of a detector, you can use the actions menu ( .. _disable-enable-rules: -Activate/deactivate alert rules ---------------------------------- +Activate or deactivate alert rules +------------------------------------- If a detector has multiple rules, such as different rules for different severity levels, you can specify which ones to activate or deactivate. Deactivating a rule prevents it from generating any events or sending any notifications. Use this option to decrease or increase the number of alerts the detector is triggering. @@ -367,10 +365,36 @@ Delete alert rules Use this option to remove a rule from the detector. +.. _detector-tags: + +Tag a detector +============================================================================= + +Use tags to indicate the state of a detector, its data source, or any other property you want to label. For example, you can tag a detector with ``prod`` to indicate that it monitors a production environment. + +You can tag detectors from the list view. To see a list of detectors and add tags, do the following: + +#. To open the list view, open the :guilabel:`Detectors & SLOs` page, then select the :guilabel:`Detectors` tab. +#. Select the actions menu (|more|) for the detector you want to assign tags to. +#. Select :guilabel:`Edit tags`. +#. Enter tags for the detector. You can add no more than 20 tags per detector. +#. Select :guilabel:`Save`. + +.. _link-teams-to-a-detector: + +Link teams to a detector +============================================================================= + +Link teams to a detector to indicate which team is responsible for the maintenance and monitoring of the detector. Teams associated with a detector can see the detector and its active alerts on the team's landing page. + +To link teams to a detector, select the detector actions menu (|more|), either from the list view of the individual detector view, then select :guilabel:`Link to teams`. You can link no more than 20 teams to a detector. + +.. note:: The list of teams linked to a detector is independent of notification settings. Associated teams don't automatically get notified of new alerts. To configure notifications, see :ref:`manage-notifications`. + .. _set-detector-permissions: Set detector permissions ============================================================================= -To protect detectors from being edited or deleted by other members of your organization, you can specify which users and teams have permissions for them. -For more information, see :ref:`detector-manage-permissions`. +To protect detectors from being edited or deleted by other members of your organization, you can specify which users and teams have permissions for them. For more information, see :ref:`detector-manage-permissions`. + diff --git a/alerts-detectors-notifications/alerts-and-detectors/detector-manage-permissions.rst b/alerts-detectors-notifications/alerts-and-detectors/detector-manage-permissions.rst index d7eabb706..d294d975a 100644 --- a/alerts-detectors-notifications/alerts-and-detectors/detector-manage-permissions.rst +++ b/alerts-detectors-notifications/alerts-and-detectors/detector-manage-permissions.rst @@ -20,7 +20,7 @@ To learn more about write permissions, see :ref:`about-write-permissions`. If you want to get write permission for a detector, or if you want to modify permissions, first determine who already has permissions by displaying the :strong:`Permissions` list. -You can then ask a user who has permission to add you to the permissions list. +You need a user who has write permission to add you to the permissions list. .. _display-write-permissions-detectors: @@ -45,10 +45,10 @@ for users or teams. To grant or revoke permissions for a detector, you need writ .. _procedure-grant-write-permissions: -Grant write permissions for detectors +Grant write permission for detectors --------------------------------------------------------- -To grant write permissions for a detector, follow these steps: +To grant write permission for a detector, follow these steps: #. Display the permissions for the item by selecting the detector's actions menu (|more|) and selecting :guilabel:`Permissions`. #. To start using specific write permissions for a detector, @@ -71,11 +71,8 @@ To revoke write permissions for a detector, follow these steps: .. note:: Important - You can remove your own write permission from a detector. - If you do this deliberately or by accident, and you're not an administrator, - you can't grant yourself write permission again. - Instead, you have to find someone else with write permission to grant you - write permission. + You can remove your own write permission from a detector. However, if you're not an administrator, you can't grant yourself write permission again. + Instead, you have to find someone else with write permission to grant you write permission. .. _detector-action-table: diff --git a/alerts-detectors-notifications/alerts-and-detectors/detector-options.rst b/alerts-detectors-notifications/alerts-and-detectors/detector-options.rst index 47f2f7374..26a069333 100644 --- a/alerts-detectors-notifications/alerts-and-detectors/detector-options.rst +++ b/alerts-detectors-notifications/alerts-and-detectors/detector-options.rst @@ -9,7 +9,7 @@ Detector options .. meta:: :description: How to set detector options in the Options tab. -The Options tab lets you specify some of the same settings that are available in the :ref:`Chart Options tab` of a chart. +The :guilabel:`Options` tab lets you specify some of the same settings that are available in the :ref:`Chart Options tab` of a chart. Show events as lines diff --git a/alerts-detectors-notifications/alerts-and-detectors/view-detectors.rst b/alerts-detectors-notifications/alerts-and-detectors/view-detectors.rst index 6f867990d..ec21ba90d 100644 --- a/alerts-detectors-notifications/alerts-and-detectors/view-detectors.rst +++ b/alerts-detectors-notifications/alerts-and-detectors/view-detectors.rst @@ -7,58 +7,101 @@ View detectors .. meta:: - :description: How to view detectors in Splunk Observability Cloud. + :description: How to view detector list and individual detectors in Splunk Observability Cloud. You can view detectors as line items in a list, or individually. When you open an individual detector, you can see also see its rules and settings. View a list of all detectors ================================ -You can see a list of existing detectors in the :guilabel:`Detectors` tab on the :guilabel:`Detectors & SLOs` page. If a detector is currently :ref:`muted` or scheduled to be muted, a red or grey indicator (respectively) appears next to the detector. For more information, see :ref:`view-muting-rules`. +To see a list of existing detectors, open :guilabel:`Detectors & SLOs` page and select the :guilabel:`Detectors` tab. + +.. image:: /_images/images-detectors-alerts/detectors-list-view.png + :width: 100% + :alt: List view of existing detectors + +* By default, detectors are sorted by last updated, with the most recently updated detector at the top. To reverse the sorting order or sort detectors by a different criterion, select the corresponding column header. +* Detectors with issues are indicated by a warning triangle icon. Hover over the icon to see the issue. +* Detectors show the number of associated active alerts by severity level under the :guilabel:`Active alerts` column. Select a number to see all active alerts detail for a certain detector. +* Detectors with active or scheduled muting rules directly applied to them have a muting indicator. If a detector is muted but the muting rule applies only to the detector's properties, the detector doesn't have a muting indicator. + +Filter the detectors list +-------------------------------------- + +* To filter detectors by assigned teams, select the :guilabel:`Team` menu and select or enter the team name you want to find. +* To filter detectors by origin, select the :guilabel:`Origin` menu. You can filter detector by the following origins: + + * Standard: User-created detectors, including all RUM, APM, Synthetics, and custom detectors. + * AutoDetect: Read-only detectors Splunk Observability Cloud automatically creates when you configure supported integrations. To learn more, see :ref:`autodetect-intro`. + * Customized AutoDetect: AutoDetect detectors that you copy and customize. To learn more, see :ref:`autodetect-customize`. + +* To filter detectors by issues, select the :guilabel:`Issues` menu. You can filter detectors by the following issues: + + * Archive metrics: Detectors using archive metrics might misfire alerts or stop alerting. + * MTS limit exceeded: Detectors exceeding MTS monitoring limit might not trigger or might trigger incorrectly. To learn more, see :ref:`maximum-number-of-mts-per-detector-data-function`. + +* To filter detectors by tags, enter the tags you want to find. Each entry must be an exact match. For example, searching for :strong:`abc` doesn't return results for :strong:`abcd`. + .. _view-related-detectors: -View detectors related to a chart or the Infrastructure Navigator ------------------------------------------------------------------------- +View detectors linked to a chart +==================================================================================== -When you are looking at the Detector menu for a chart, or in the Infrastructure Navigator, you might see one or more Related Detectors. Making related detectors easy to find helps ensure that everyone using Infrastructure Monitoring in your organization is using the same detectors to monitor the same data. +In dashboards and navigators, you can link detectors and view detectors linked to a chart. Linking detectors helps ensure that everyone in your organization is using the same detectors to monitor the same data. -.. - |openmenu| is defined in conf.py +To add or view linked detectors, select the bell icon in a chart. -|openmenu| The following illustration shows two related detectors for this chart. If you hover over a related detector, you see options that let you :ref:`subscribe to the detector` by adding a new notification, open the detector for viewing or editing, or view the alerts triggered by the detector. To learn more, go to :ref:`view-alerts`. +The following illustration shows two linked detectors for this chart. If you hover over a linked detector, you see options that let you view active alerts, open the detector for viewing and editing, :ref:`subscribe to the detector` by adding a new notification, or edit linked detectors for the chart. .. image:: /_images/images-detectors-alerts/detectors-related.png :width: 50% + :alt: View of list of detectors linked to a chart. View an individual detector -------------------------------------------------------------------- +================================================================ -There are two charts in the detector view. On the right side, you can see a detailed view. It shows each datapoint at the native resolution of the detector and represents exactly the datapoints that the detector sees. On the left side, you can see a summary view. It shows a summary of the data over a longer period of time. Because it is a summary, short spikes are not visible. The yellow box controls which part of the summary chart displays in the detail chart. You can see a short-term spike in the detail view by dragging the yellow box to the area where the alert fired. +Custom detectors and other standard detectors have different views. -The Alert Rules tab is open when you open a detector, showing a chart that represents values for the visible signals. The list of detector rules and the number of currently active alerts for each rule are visible. To learn more, see :ref:`view-alerts-within-detector`. For information on creating rules, see :ref:`build-rules` or :ref:`apm-alerts`, depending on which type of detector you are creating. +View custom and APM detectors +----------------------------------------- -As with charts, the resolution of data displayed is determined by the chart's time range. The detail view at right displays data at the detector's resolution, that is, the frequency at which the detector evaluates the signal. Any events that have occurred during the detector's time range are shown under the X axis. +When you open a custom or APM detector, you can see a summary chart and a detailed chart. The summary chart shows the data over a longer period of time. Short spikes are not visible in the summary chart. The detailed chart shows each data point at the native resolution of the detector and represents exactly the data points that the detector sees. The yellow box controls which part of the summary chart displays in the detail chart. You can see a short-term spike in the detail view by dragging the yellow box to the area where the alert fired. -.. note:: If a detector contains a SignalFlow tab, you are viewing a detector that created using the API. +.. image:: /_images/images-detectors-alerts/custom-detector-view.png + :width: 80% + :alt: View of a custom and APM detector. + +The resolution of data displayed is determined by the detector's time range. The detail view displays data at the detector's resolution, the frequency at which the detector evaluates the signal. Any events occurring during the detector's time range are shown under the X axis. + +The :guilabel:`Alert Rules` tab is open when you open a detector, showing a chart that represents values for the visible signals. The list of detector rules and the number of currently active alerts for each rule are visible. To learn more, see :ref:`view-alerts-within-detector`. For information on creating rules, see :ref:`build-rules` or :ref:`apm-alerts`, depending on the type of detector. + +.. note:: If a detector contains a :guilabel:`SignalFlow` tab, you are viewing a detector that created using the API. If you are familiar with the API, you can use this tab to view and edit the detector code and make changes to the detector rules. For more information, see :ref:`v2-detector-signalflow`. +View RUM and Synthetics detectors +--------------------------------------------- + +When you open a RUM or Synthetics detector, you can see alert configurations and a summary chart for the detector's data. + +To learn more about RUM detectors, see :ref:`rum-alerts`. + +To learn more about Synthetics detectors, see :ref:`synth-alerts`. + View a detector's properties -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +----------------------------------- -You can see a detector's properties, such as its description and creator, by following these steps: +To see a detector's properties, such as its description and creator, follow these steps: #. Open the detector. -#. Select the detector's actions menu (|more|), then select :menuselection:`Info`. - -This displays the detector's properties, as shown in the illustration. +#. Select the detector's actions menu (|more|), then select :guilabel:`Info`. .. image:: /_images/images-detectors-alerts/detector-info.png - :width: 90% + :width: 70% :alt: Detector info panel showing description, creator, and other properties. diff --git a/apm/span-tags/metricsets.rst b/apm/span-tags/metricsets.rst index 07ca6e8d0..76935697a 100644 --- a/apm/span-tags/metricsets.rst +++ b/apm/span-tags/metricsets.rst @@ -86,30 +86,34 @@ For each metric, there is 1 metric time series (MTS) with responses ``sf_error: :header-rows: 1 * - Description - - MMS - Histogram MMS + - MMS (deprecated) * - Request count - - ``.count`` - ```` with a ``count`` function + - ``.count`` * - Minimum request duration + - ```` with a ``min`` function - ``.duration.ns.min`` - - ```` with a ``min`` function * - Maximum request duration - - ``.duration.ns.max`` - ```` with a ``max`` function + - ``.duration.ns.max`` * - Median request duration - - ``.duration.ns.median`` - ```` with a ``median`` function + - ``.duration.ns.median`` * - Percentile request duration - - ``.duration.ns.p90`` - ```` with a ``percentile`` function and a percentile ``value`` + - ``.duration.ns.p90`` * - Percentile request duration - - ``.duration.ns.p99`` - ```` with a ``percentile`` function and a percentile ``value`` + - ``.duration.ns.p99`` Each MMS has a set of dimensions you can use to monitor and alert on service performance. +Deprecated non-histogram metrics +--------------------------------- +Histograms provide more flexibility and accuracy for your application performance data. If you are using any non-histogram metrics, use the equivalent histogram MMS. In the future, only histogram MMS will be used for monitoring in Splunk APM, including in charts and dashboards. For more information about histograms, see :ref:`histograms`. + .. _service-mms: Service dimensions diff --git a/gdi/get-data-in/connect/gcp/gcp-connect.rst b/gdi/get-data-in/connect/gcp/gcp-connect.rst index 6459d8715..981b3521f 100644 --- a/gdi/get-data-in/connect/gcp/gcp-connect.rst +++ b/gdi/get-data-in/connect/gcp/gcp-connect.rst @@ -5,7 +5,7 @@ Connect to Google Cloud Platform: Guided setup and other options ********************************************************************* .. meta:: - :description: Connect your Google Cloud Platform / GCP account to Splunk Observability Cloud. + :description: Connect your Google Cloud Platform / GCP account to Splunk Observability Cloud. You can connect your GCP account and send data to Splunk Observability Cloud with the following methods: @@ -28,7 +28,7 @@ Follow these steps to connect to GCP: .. _gcp-one: -1. Define a role for your GCP service account +1. Define a role for your GCP principal -------------------------------------------------------------------------------------- Use GCP's :strong:`Viewer` role as it comes with the permissions you need for most scenarios. @@ -37,7 +37,7 @@ To customize the permissions for your role refer to :ref:`gcp-prereqs-role-permi .. _gcp-two: -2. Configure GCP +2. Configure your GCP services -------------------------------------------------------------------------------------- To configure your GCP service: @@ -52,53 +52,91 @@ To configure your GCP service: .. _gcp-three: -3. Connect to Splunk Observability Cloud and start the integration +3. Connect your GCP services to Splunk Observability Cloud and start the integration -------------------------------------------------------------------------------------- -By default, Splunk Observability Cloud monitors all supported services, and any new services added later are also monitored. When you set integration parameters, you can choose to import metrics from a subset of the available services. +By default, Splunk Observability Cloud monitors all supported services, and any new services added later are also monitored. When you set the parameters for your integration you can choose to import metrics from a subset of the available services. -1. Log in to Splunk Observability Cloud and open the :new-page:`Google Cloud Platform guided setup `. Optionally, you can navigate to the guided setup on your own: +.. note:: Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account. + +Log in to Splunk Observability Cloud and open the :new-page:`Google Cloud Platform guided setup `. Optionally, you can navigate to the guided setup on your own: + + #. In the left navigation menu, select :menuselection:`Data Management`. + + #. Go to the :guilabel:`Available integrations` tab, or select :guilabel:`Add Integration` in the :guilabel:`Deployed integrations` tab. + + #. In the integration filter menu, select :guilabel:`By Use Case`, and select the :guilabel:`Monitor Infrastructure` use case. + + #. In the :guilabel:`Cloud Integrations` section, select the :guilabel:`Google Cloud Platform` tile to open the Google Cloud Platform guided setup. + +Authenticate with Workload Identity Federation (WIF) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +1. In the wizard, select Workload Identity Federation (WIF) as the authentication method. - #. In the left navigation menu, select :menuselection:`Data Management`. +2. Continue to define the connection with GCP: + + * Poll rate. Select the rate (in seconds) at which you want Splunk Observability Cloud to poll GCP for metric data, with 1 minute as the minimum unit, and 10 minutes as the maximum unit. For example, a value of 300 polls metrics once every 5 minutes. + + * Specify if you want to use quota from the project where metrics are stored. See more at :ref:`gcp-quota`. + + * Note that GCP metadata is automatically imported. + +3. Prepare your GCP account following the steps on the UI. - #. Go to the :guilabel:`Available integrations` tab, or select :guilabel:`Add Integration` in the :guilabel:`Deployed integrations` tab. +4. Establish the connection: - #. In the integration filter menu, select :guilabel:`By Use Case`, and select the :guilabel:`Monitor Infrastructure` use case. + * Name your integration. - #. In the :guilabel:`Cloud Integrations` section, select the :guilabel:`Google Cloud Platform` tile to open the Google Cloud Platform guided setup. + * Import your WIF configuration. Learn more at :ref:`gcp-prereqs-authenticate`. + + * Add your projects. -2. Complete the following fields: + * Select your access token. - * Name. Type in the name of the GCP integration. +5. Select the data to import: - * Project. Select :guilabel:`Add Project` to add a new project and follow the prompts to authenticate it. For more details, see :ref:`gcp-prereqs-authenticate`. + * Specify which GCP services you want to monitor. + + * Optionally you can import additional data. See more at :ref:`gcp-additional-data`. - * Services. By default the new integration syncs with all supported GCP services. Select :guilabel:`All services > Sync only selected services` to select specific services to sync with. +Your GCP integration is now complete! +Authenticate with Service Account keys +++++++++++++++++++++++++++++++++++++++++++++++++ + +1. In the wizard, select Service Account keys as the authentication method. + +2. Continue to define the connection with GCP: + * Poll rate. Select the rate (in seconds) at which you want Splunk Observability Cloud to poll GCP for metric data, with 1 minute as the minimum unit, and 10 minutes as the maximum unit. For example, a value of 300 polls metrics once every 5 minutes. - * Specify data to import: Metadata and/or metrics. + * Specify if you want to use quota from the project where metrics are stored. See more at :ref:`gcp-quota`. - * Specify if you want to use quota from the project where metrics are stored. See :ref:`gcp-quota` for more information. + * Note that GCP metadata is automatically imported. -3. Optional fields: +3. Prepare your GCP account following the steps on the UI. - * Custom Metric Type Domains. To list any additional GCP service domain names that you want to monitor, use commas to separate domain names in the :strong:`Custom Metric Type Domains` field. For example, to obtain Apigee metrics, add ``apigee.googleapis.com``. +4. Establish the connection: - - For information on the available GCP metric domains refer to the official GCP docs at :new-page:`Google Cloud metrics `. + * Name your integration. - - To learn about custom metric type domain syntax, see :new-page:`Custom metric type domain examples ` in the Splunk developer documentation. + * Project. Select :guilabel:`Import service account keys` to add a new project. Your project's ID is automatically extracted from the imported file. Follow the prompts to authenticate it. For more details, see :ref:`gcp-prereqs-authenticate`. - * Compute Metadata Included List. If you select Compute Engine as one of the services to monitor, you can enter a comma-separated list of Compute Engine Instance metadata keys to send as properties. These metadata keys are sent as properties named ``gcp_metadata_``. + * Select your access token. -Your GCP integration is now complete. +5. Select the data to import. -.. note:: Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account. + * Specify which GCP services you want to monitor. + + * Optionally you can import additional data. See more at :ref:`gcp-additional-data`. + +Your GCP integration is now complete! .. _gcp-quota: Use a single principal for your resources -++++++++++++++++++++++++++++++++++++++++++++++++ +-------------------------------------------------------------------------------------- In IAM you can grant access to your resources to one or more entities called principals, regardless of the authentication method (single Service Account or Workload Identity Federation). @@ -106,6 +144,21 @@ If you're using a single principal for multiple projects, GCP tracks all API usa For a more detailed description see :new-page:`Principals ` in GCP's docs. +.. _gcp-additional-data: + +Import additional data +-------------------------------------------------------------------------------------- + +On step 5 of the guided set-up you can configure the import of the following additional data: + +* Custom metric type domains. To list any additional GCP service domain names that you want to monitor, use commas to separate domain names in the :strong:`Custom Metric Type Domains` field. For example, to obtain Apigee metrics, add ``apigee.googleapis.com``. + + - For information on the available GCP metric domains refer to the official GCP docs at :new-page:`Google Cloud metrics `. + + - To learn about custom metric type domain syntax, see :new-page:`Custom metric type domain examples ` in the Splunk developer documentation. + +* Compute metadata included list. If you select Compute Engine as one of the services to monitor, you can enter a comma-separated list of Compute Engine Instance metadata keys to send as properties. These metadata keys are sent as properties named ``gcp_metadata_``. + Alternatives to connect to GCP ============================================ diff --git a/gdi/opentelemetry/collector-addon/collector-addon-release-notes.rst b/gdi/opentelemetry/collector-addon/collector-addon-release-notes.rst index c3b29d9de..0e43667d2 100644 --- a/gdi/opentelemetry/collector-addon/collector-addon-release-notes.rst +++ b/gdi/opentelemetry/collector-addon/collector-addon-release-notes.rst @@ -21,6 +21,11 @@ Release Notes for the Splunk Add-On for the OpenTelemetry Collector - Collector version - Details + * - 1.4.2 + - April 17, 2025 + - :new-page:`https://github.com/signalfx/splunk-otel-collector/releases/tag/v0.122.0` + - Uses v0.122.0 of the Splunk distribution of the OpenTelemetry Collector + * - 1.4.1 - April 2, 2025 - :new-page:`version 0.120 ` diff --git a/gdi/private-connectivity/aws-privatelink.rst b/gdi/private-connectivity/aws-privatelink.rst index 8ca7cfab7..9831e15f8 100644 --- a/gdi/private-connectivity/aws-privatelink.rst +++ b/gdi/private-connectivity/aws-privatelink.rst @@ -256,7 +256,7 @@ To create a VPC endpoint, follow these steps: 7. Set the IP address type to ``IPv4``. -8. Specify the security group controlling traffic for the endpoint. Set the inbound rule to HTTPS protocol and the ``443`` port. +8. Specify the security group controlling traffic for the endpoint. Set the outbound rule to HTTPS protocol and the ``443`` port. The following image shows the security options for AWS PrivateLink: diff --git a/infrastructure/metrics-pipeline/metrics-pipeline-intro.rst b/infrastructure/metrics-pipeline/metrics-pipeline-intro.rst index d1f7c2837..2c56b2970 100644 --- a/infrastructure/metrics-pipeline/metrics-pipeline-intro.rst +++ b/infrastructure/metrics-pipeline/metrics-pipeline-intro.rst @@ -68,6 +68,8 @@ Archived metrics You can scale your metric data by sending and storing low-value, infrequently accessed metrics in a cheaper archival tier. Metrics stored in archived metrics are kept, but you cannot use them in charts or detectors directly. +Archived metrics are available in realms ``us0``, ``us1``, ``us2``, ``eu0``, ``au0``, and ``jp0``. + .. note:: Archived Metrics cost one-tenth of real-time metrics. If you need to use a metric that you've sent to archived metrics you can route it back to real-time metrics and access it in charts or detectors. You can also backfill historical data from up to 8 days and restore it to the real-time tier if you need to. diff --git a/logs/scp.rst b/logs/scp.rst index c24f8ca91..03cef06a0 100644 --- a/logs/scp.rst +++ b/logs/scp.rst @@ -80,7 +80,7 @@ In Splunk Cloud Platform, follow the instructions in the guided setup for the in :width: 100% :alt: This screenshot shows how to go to Roles in Splunk Cloud Platform where you will set up a service account for Log Observer Connect. - Select the role you want to use for the Log Observer Connect service account. The service account is a user role that can access the specific Splunk Cloud Platform indexes that you want your users to search in Log Observer Connect. + Select the role from which you want the Log Observer Connect service account to inherit capabilities. The Log Observer Connect service account is a role that can access the specific Splunk Cloud Platform indexes that you want your users to search in Log Observer Connect. Typically, admins select the Splunk Cloud Platform :guilabel:`user` role as the base role for a Log Observer Connect service account. 2. On the :guilabel:`Indexes` tab in the :guilabel:`Included` column, deselect :guilabel:`*(All internal indexes)` and select the indexes that you want users to query in Log Observer Connect. diff --git a/release-notes/2025-4-rn.rst b/release-notes/2025-4-rn.rst new file mode 100644 index 000000000..03eedb9fc --- /dev/null +++ b/release-notes/2025-4-rn.rst @@ -0,0 +1,33 @@ +.. _2025-4-rn: + +********************* +April 2025 +********************* + +Splunk Observability Cloud released the following new features and enhancements in April 2025. This is not an exhaustive list of changes in the observability ecosystem. For a detailed breakdown of changes in versioned components, see the :ref:`list of changelogs `. + + +.. _2025-4-22-rn: + +April 22, 2025 release +======================= + +.. list-table:: + :header-rows: 1 + :widths: 1 2 + :width: 100% + + * - New feature or enhancement + - Description + * - Splunk Synthetic Monitoring audit logs + - Use the Synthetics API to retrieve audit logs. These logs provide a detailed history of any changes made to Synthetics resources, such as tests, downtime configurations, TOTP tokens, private locations, and more. Audit logs enable you to track every change within your environment for regulatory and compliance needs, and to identify the root cause of performance issues or failures. + * - Curated APM teams landing page updates + - View your Splunk APM services, dashboards, top alerts, and the team members of every team you are part of from the teams landing page. Preview potential teams by selecting :guilabel:`View all teams` to join teams you're not yet a member of. See :ref:`admin-configure-page` to learn more. + * - Guided setup updates for getting GCP data in + - Use a streamlined the setup for GCP integrations in Splunk Observability Cloud. It also includes an additional authentication option for Workload Identity Federation. See :ref:`gcp-connect` to learn more. + * - Detector tags and issue detection + - Use the updated detectors list view to manage detectors and quickly identify detectors using archived metrics or exceeding the MTS limit. Tag and assign teams to detectors for better organization. See :ref:`view-detectors`, :ref:`detector-tags`, and :ref:`link-teams-to-a-detector` to learn more. + * - Splunk APM Always-On Profiling for GCP + - Use Splunk APM Always-On Profiling in Google Cloud Platform (GCP) realms. + * - GCP Archived Metrics + - Use Archived Metrics for GCP deployments. Customers deployed on GCP can use Archived Metrics to route metric data into a low-cost cold storage. See :ref:`archived-metrics-intro` to learn more. \ No newline at end of file diff --git a/release-notes/release-notes-overview.rst b/release-notes/release-notes-overview.rst index e1a66bd1e..f45cbec1e 100644 --- a/release-notes/release-notes-overview.rst +++ b/release-notes/release-notes-overview.rst @@ -10,6 +10,7 @@ Release notes overview .. toctree:: :hidden: + 2025-4-rn 2025-3-rn 2025-2-rn 2024-11-rn @@ -30,6 +31,8 @@ Each release date includes new features and enhancements for SaaS and versioned * - Release month - Release date + * - :ref:`2025-4-rn` + - * :ref:`2025-4-22-rn` * - :ref:`2025-3-rn` - * :ref:`2025-3-4-rn` * :ref:`2025-3-25-rn` diff --git a/rum/rum-alerts.rst b/rum/rum-alerts.rst index ff5d7008c..41e83fd5f 100644 --- a/rum/rum-alerts.rst +++ b/rum/rum-alerts.rst @@ -156,9 +156,9 @@ You can create dashboards for both web and mobile metrics. To see a list of the To create charts and dashboard for your RUM alerts and detectors, see: -* :ref:`Link detectors to charts ` in Alerts and Detectors. +* :ref:`Link detectors to charts ` in Alerts, detectors, and SLO. -* :ref:`Dashboards in Splunk Observability Cloud ` in Dashboards and Charts. +* :ref:`Dashboards in Splunk Observability Cloud ` in Dashboards and charts. diff --git a/scenarios-tutorials/scenario.rst b/scenarios-tutorials/scenario.rst index a40d4e8be..9f987ec1a 100644 --- a/scenarios-tutorials/scenario.rst +++ b/scenarios-tutorials/scenario.rst @@ -24,7 +24,6 @@ This scenario describes how Kai, an SRE, and Deepu, a service owner, perform the
  • Look for patterns in application errors in Splunk APM
  • Examine error logs for meaningful messages and patterns using Splunk Log Observer Connect
  • Monitor a fix using Splunk Log Observer Connect
    • -
  • Take preventative action and create metrics from logs to power dashboards and alerts
    • @@ -201,20 +200,6 @@ Based on Kai's findings, Deepu, the :strong:`paymentservice` owner, looks at the 3. Deepu watches the Live Tail view and sure enough, the failed payment messages have stopped appearing in :strong:`paymentservice` logs. Reassured that the Buttercup Games site is back in a stable state, Deepu moves on to helping their team fix v350.10. -.. raw:: html - - -

    Take preventative action and create metrics from logs to power dashboards and alerts

    - - -Now that Kai knows that this particular issue can cause a problem on the Buttercup Games site, they decide to do some preventative work for their SRE team. Kai takes the query they created in Splunk Log Observer Connect and saves it as a metric. - -.. image:: /_images/get-started/save-as-metric.png - :width: 50% - :alt: This screenshot shows the Save as Metric option in the More menu in Log Observer Connect. - -Doing this defines log metricization rules that create a log-derived metric that shows aggregate counts. Kai's team can embed this log-derived metric in charts, dashboards, and alerts that can help them identify this issue faster if it comes up again in the future. - .. raw:: html diff --git a/synthetics/intro-synthetics.rst b/synthetics/intro-synthetics.rst index 78c31a512..901404ecd 100644 --- a/synthetics/intro-synthetics.rst +++ b/synthetics/intro-synthetics.rst @@ -28,7 +28,6 @@ You can use Splunk Synthetic Monitoring for the following use cases: * Proactively monitor site availability before it affects users * Report on the availability or impact of third-party services * Check how new code deployments improve or degrade performance -* Test your site performance against competitors' sites * Scan for moved or broken links on your site | To see an example of using Splunk Observability Cloud components together, see :new-page:`APM Scenarios `. diff --git a/synthetics/set-up-synthetics/set-up-synthetics.rst b/synthetics/set-up-synthetics/set-up-synthetics.rst index 758d63453..867923b0e 100644 --- a/synthetics/set-up-synthetics/set-up-synthetics.rst +++ b/synthetics/set-up-synthetics/set-up-synthetics.rst @@ -105,11 +105,20 @@ After you choose which type of test you want to use, follow these steps to set u * :ref:`api-test-metrics` + +.. _synthetics-get-audit-logs: + +Get audit logs +============================================================ + +Use the Synthetics API to retrieve audit logs. These logs provide a detailed history of any changes made to Synthetics resources, such as tests, downtime configurations, TOTP tokens, private locations, and more. Audit logs enable you to track every change within your environment for regulatory and compliance needs and to identify the root cause of performance issues or failures. + + + .. _synthetics-link-to-apm: (Optional) Link Synthetic spans to APM spans -============================================= - +============================================================ If you link Synthetic spans to APM spans, you can follow the story of your data from front-end to back-end. Splunk Synthetics uses server timing to calculate the response time between the front end and back end of your application, and to join the front-end and back-end traces for end-to-end visibility. @@ -138,7 +147,7 @@ For more examples on Java instrumentation, see :ref:`server-trace-information-ja .. _third-step-config: (Optional) Integrate with Splunk RUM ------------------------------------- +------------------------------------------------------------ Integrate with Splunk RUM so that you can automatically measure Web Vital metrics against your run results. Web vitals capture key metrics that affect user experience and assess the overall performance of your site. For more, see :ref:`rum-synth`. diff --git a/synthetics/test-config/synth-alerts.rst b/synthetics/test-config/synth-alerts.rst index f114187f2..bdc842ee5 100644 --- a/synthetics/test-config/synth-alerts.rst +++ b/synthetics/test-config/synth-alerts.rst @@ -105,6 +105,7 @@ In the detector dialog box, enter the following fields: * :guilabel:`Orientation`: Only available for uptime metric. Specify whether the metric must fall below or exceed the threshold to trigger the alert. * :guilabel:`Violates threshold`: How many times the metric must violate the threshold to trigger the alert. * :guilabel:`Split by location`: Select whether to split the detector by test location. If you don't filter by location, the detector monitors the average value across all locations. + * :guilabel:`Auto-clear alerts`: Select the check box and a time duration from the list if you want active alerts to automatically clear after the metric hasn't reported new data for the specified period. To learn more, see :ref:`auto-clearing-alerts`. #. Use the severity selector to select the severity of the alert. #. Add recipients. @@ -112,6 +113,14 @@ In the detector dialog box, enter the following fields: .. _page-level-detector: +Set up reminders for alerts +---------------------------------------------------- +To receive reminders for alerts triggered by your detectors, do the following while creating your detector: + +#. Select the alert severity that will trigger a notification and the channel used to receive the reminder notification. For example, select :guilabel:`Email` to receive email notifications. +#. Select the :guilabel:`+` button labeled :guilabel:`Scope alerts to`. +#. Under :guilabel:`Find a key`, select the ``page_position`` dimension. + Create a page-level detector for a Browser test ---------------------------------------------------- diff --git a/synthetics/test-status/test-status.rst b/synthetics/test-status/test-status.rst index 9de75e18c..95efb86e6 100644 --- a/synthetics/test-status/test-status.rst +++ b/synthetics/test-status/test-status.rst @@ -12,39 +12,60 @@ Test status test-kpis + +The Splunk Synthetics landing page is the :guilabel:`Test Overview`. This page displays a paginated table of all synthetic tests that you have access to. Each page in the table contains a maximum of 20 tests. + + +Filter tests ======================================================================================== -Test state and current status + +To filter the table, select a test type, location, key-value pair, and more. + +.. image:: /_images/synthetics/syn-filter-test.png + :width: 80% + :alt: This image shows the filter env:prod for all tests on the Synthetics homepage. + + + +View test state ======================================================================================== -You can use the play and pause buttons in the more menu (|more|) of your tests to pause or resume data collection. -The current status of a test is updated every time you load the :guilabel:`Test Overview` page in Splunk Synthetic Monitoring. The following table describes the possible status types for each test. +Splunk Synthetics updates the current state of each test every time you load the :guilabel:`Test Overview` page. The following table describes the possible values for the :guilabel:`Test state` column. + .. list-table:: :header-rows: 1 :widths: 20, 80 - * - :strong:`Current status` + * - :strong:`Test state` - :strong:`Description` - * - Pending - - Splunk Synthetic Monitoring is still retrieving the status of this test. + * - Active + - The test is running. Data is being collected at the set interval. You can view this data on the :guilabel:`Test Summary` page. - * - Available - - The test is functioning properly. If the test is active, data is being collected at the set interval and can be viewed in the :guilabel:`Test History` page. If the test is paused, it can be unpaused and will resume collecting data. + * - Paused + - The test is paused. To resume data collection, unpause it. - * - No Data - - The test isn't currently collecting data. - * - Failure - - The test encountered a failure. +Single actions +======================================================================================== +To perform an action on a single test, select the vertical dot menu (|verticaldots|) in its rightmost column. Supported actions are play and pause. + +Bulk actions ======================================================================================== -Filter tests -======================================================================================== -You can filter by test type, key-value pairs, and more. -.. image:: /_images/synthetics/syn-filter-test.png - :width: 60% - :alt: This image shows the filter env:prod for all tests on the Synthetic homepage.. +You can perform bulk actions on multiple tests simultaneously. Supported actions are play, pause, and delete. No special permissions are required for bulk actions. + +To perform a bulk action on tests: + +#. Select the tests to change. You can do this by either: + + * Selecting the check box next in the leftmost column of one or more tests. + * Selecting the check box in the table header. This check box selects all tests on the current page (a maximum of 20 tests). You can scroll through the pages to select more tests. The maximum you can select at one time is 500. + +#. At the top of the table, select the desired action: :guilabel:`Play`, :guilabel:`Pause`, or :guilabel:`Delete`. + If the entire bulk action succeeds, the :guilabel:`Test state` column displays the new state of each of the affected tests. +