Query logs in Log Observer 🔗
Note
Customers with a Splunk Log Observer entitlement in Splunk Observability Cloud must transition from Log Observer to Log Observer Connect by January 2024. With Log Observer Connect, you can ingest more logs from a wider variety of data sources, enjoy a more advanced logs pipeline, and expand into security logging. See Splunk Log Observer transition to learn how.
You can search Splunk Observability Cloud logs if your Splunk Observability Cloud instance ingests logs. Many Splunk platform (Splunk Cloud Platform and Splunk Enterprise) users can access their Splunk platform logs in Splunk Observability Cloud because their organization has integrated its Splunk platform and Splunk Observability Cloud instances. If you are using the integration, you can only access Splunk platform logs in Splunk Observability Cloud if your Splunk platform role has permissions to see that log’s index in Splunk platform. Your Splunk platform admin controls your permissions to see Splunk platform logs in Splunk Observability Cloud.
Click any of the following documents to learn more about each way you can explore, query, filter, and drill down into your logs:
If your query might be useful in the future, save it, then return to it in Saved Queries to run the query again. See Save and share Log Observer queries to learn how.