Unlock the Power of Observability with OpenTelemetry Logs Data Model

Your log records may be missing a key ingredient that unlocks the world of observability for your applications, infrastructure and services. If you're building a new application or enhancing an existing one, consider adopting the OpenTelemetry Logs Data Model's Log and Event Record Definition.

Adopting this definition enriches your logs by adding additional data, making it easier to use them to correlate them with metrics and traces, in addition to XYZ. The OpenTelemetry Logs Data Model's Log and Event Record Definition goes beyond basic timestamps and event messages and includes essential fields such as:

• Timestamp: Timestamp of when the log event occurred.
• ObservedTimestamp: Date and Time when the log event was observed.
• TraceId: The request trace ID for the trace that the logged span.
• SpanId: Request span id linking the log event to a specific trace for deeper analysis..
• TraceFlags: W3C trace flag eight bit encoded control flag to set the sampling and trace level.
• SeverityText: Human readable text representing the level of importance (ERROR, INFO, WARN, DEBUG) 
• SeverityNumber: Numerical value of the severity.
• Body: The log record body 
• Resource: Describes the source of the log such as the name of the application service.
• InstrumentationScope: Describes the scope that emitted the log.
• Attributes: Additional information about the log event. Foreign keys such as an order ID, user ID, request ID, payment ID, batch number.

Splunk natively supports OpenTelemetry and is a large contributor to the project. This enables users to instrument their entire platform retroactively or to do it incrementally as they build new applications. As you can configure where your data is sent in an OpenTelemetry collector, vendor lock-in is not an issue. By adding custom attributes that relate to your business you can add meaningful context, and enable the ability to standardize your data pipeline. Splunk makes it easy to quickly get value from your data. Standardized attributes will help your organization filter, enrich, transform, analyze and correlate data.

Benefits of the OpenTelemetry (OTel) Logs Data Model:

• Enriched logs: Capture meaningful data for better insights and correlation.
• Trace context: Connect Observability tools, infrastructure and Application log events to corresponding traces for a view.
• Standardized format: Facilitates integration with various observability tools helping one to  avoid vendor lock-in or utilize the industry standard tooling for the job.
• Improved value creation: Gain deeper understanding of your system's behavior.
• Maps easily to Splunk HEC (https://opentelemetry.io/docs/specs/otel/logs/data-model-appendix/#splunk-hec)

^{Figure 1-1. This displays images showing a preview of host, service and trace data from Splunk Observability Cloud in Splunk Enterprise in the Related Content panel.}

Take the next step:

• Review the Log and Event Record Definition for in-depth details, in context with infrastructure and application metrics.
• Explore the OTel Data Model Appendix for examples of mapping supported field types and conventions.
• Learn how to adapt your existing Splunk logs to the OpenTelemetry Logs and Records Data Model and explore examples of normalization. 
• Optimize Cloud Monitoring, unify incident management tooling with logs in context without manual troubleshooting.

By adopting the OpenTelemetry and the OpenTelemetry log and record data model, you can unlock a wealth of observability data. Adding trace context to the three pillars of observability (logs, metrics and traces) allows you to quickly filter issues, events, records and alerts with context that matters to your organization.  This empowers you to do things such as optimize performance, troubleshoot issues faster, and gain valuable insights into your applications and services. For example, using Splunk Observability Cloud and the Splunk Platform you can navigate from Infrastructure to Application Performance Monitoring and dive into a root cause in the Application Logs without any manual correlation work. 

Reduce Risk and Increase Value

• Splunk is 100% OpenTelemetry native, allowing for standardization of data collection and management; without fear of vendor lock-in.
• Reduce MTTD (mean-time-to-detect) and MTTR (mean-time-to-respond) with faster, more granular alerting in real time.
• Common context across Splunk Observability Cloud and the Splunk Platform will help you bring unified visibility across any environment and any stack by automatically correlating logs with other observability data.

Next Steps

Get your applications and services instrumented today with Splunk, OpenTelemetry. Utilize Splunk and OpenTelemetry's technical capabilities to integrate Observability into your continuous delivery, security, version/process control to promote high levels of software delivery performance. Explore how your infrastructure performs under load and find bottlenecks in production in near real time by signing up to start a free trial of Splunk Observability or the Splunk Platform today!