Maximizing the Value of Splunk with Instana

Instana - Enterprise Observability and APM for Cloud-Native Applications

Coding and logging are naturally related. Nearly everyone starts by printing ‘Hello World!’ to the console. But your code is not the only thing that writes out log messages. The entire tech stack, including the operating system and every other piece of software, also writes out log messages. There’s a mature market of tools that ship, aggregate, and index logs. Instana is proud to now fully support the market leader, Splunk.

Where Splunk fits

Instana enables automatic code observability with our AutoTrace™ technology for most language runtimes across many platforms. AutoTrace™ automatically captures log messages that are at ‘WARN’ or higher. The log messages are then indexed and easily searchable, taking you directly to the traces that contain the log message.

Word Image 108

While this capability covers several use cases, there are a few others that can be addressed. It is important to remember that every program produces logs, with many of them being written in C/C++ which makes them difficult to be automatically observable. Also, when debugging a tricky issue it can be beneficial to gather additional information from log messages even if they’re below the ‘WARN’ level.

These areas are where log aggregation technologies like Splunk show their value. With Splunk, all of your logs are in one place, fully indexed, and searchable. Instana links directly to the matching log entries. The fields from the log files are extracted and indexed making it easy to click into specific log entries based on fields such as: Docker container identifier, host name, and Kubernetes Pod identifier from the Instana UI.

Splunk integration in action

To create screenshots of this integration we used Kubernetes on GKE with Stan’s Robot Shop (a sample microservice application) deployed along with Fluentd using the Splunk HTTP Event Collector (HEC) shipper sending logs to Splunk.

Word Image 109

This Instana dashboard shows the details of a Kubernetes (K8s) Pod and, because a logging integration has been configured, there is an additional dropdown to quickly navigate to the matching log entries. Most users would only configure one logging integration, but for the purposes of these screenshots two integrations have been configured.

Word Image 110

When clicking into the logs, the logging dashboard opens in a new tab on your browser. The search term is pre populated with context and the time range that matches the Instana dashboard you were viewing when you clicked through. In this screenshot you can see that there are additional ‘INFO’ level messages that could potentially be useful to identify why your code is not doing what you think it should be.

Best of breed

Instana is the best of breed solution for monitoring cloud-native, containerized microservice applications. Instana is focused on the challenges presented by these complex, highly dynamic environments, rather than trying to be a Jack of all trades. By integrating with other best of breed solutions for log aggregation, Instana gives you the freedom to choose the solutions that best cover all of your unique use cases.

Play with Instana’s APM Observability Sandbox

Conceptual, Featured, Thought Leadership
Building scalable systems has become more accessible over the past decade thanks to immutable infrastructure, containers, and orchestration platforms such as Kubernetes. As the complexity of these applications continues to accelerate the...
Announcement, Featured, Product
CRI-O is a Cloud Native Computing Foundation incubating project. According to their website, “CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible...
Announcement, Featured, Product
Kubernetes (K8s) is an open source project that was originally created by Google. It was designed to help organizations automate the deployment and orchestration of their containerized applications. Development and Operations teams...

Start your FREE TRIAL today!

Instana, an IBM company, provides an Enterprise Observability Platform with automated application monitoring capabilities to businesses operating complex, modern, cloud-native applications no matter where they reside – on-premises or in public and private clouds, including mobile devices or IBM Z.

Control hybrid modern applications with Instana’s AI-powered discovery of deep contextual dependencies inside hybrid applications. Instana also gives visibility into development pipelines to help enable closed-loop DevOps automation.

This provides actionable feedback needed for clients as they to optimize application performance, enable innovation and mitigate risk, helping Dev+Ops add value and efficiency to software delivery pipelines while meeting their service and business level objectives.

For further information, please visit