Finding the Needle in the Logs
Start from logs alone to triage an incident — filter, group, and spot patterns to find the root cause.
Persona
You are an SRE on-call and have received an alert about increased error rates in the Astronomy Shop application. Your task is to investigate using logs as your primary starting point — no traces, no metrics dashboards. Just logs.
Log Observer is Splunk Observability Cloud’s no-code interface for exploring and analyzing log data. In this module, you will learn to use it as a standalone investigation tool, starting directly from logs rather than arriving from APM or RUM.
This module contains two scenarios:
- Scenario 1: Log-First Triage — A full walkthrough of investigating an incident starting from Log Observer
- Scenario 2: TBD — A second investigation scenario (under development)