Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Splunk Real User Monitoring is the browser side performance and error tracking agent of Splunk Observability Cloud (Cisco), built on OpenTelemetry Web. It captures page load timings, Core Web Vitals, JavaScript errors and user actions, then correlates them with backend traces in Splunk APM.
Splunk Real User Monitoring (RUM) is the browser side observability product of Splunk Observability Cloud, which Cisco acquired from Splunk in 2024 (and which itself grew out of SignalFx and Omnition). A small JavaScript agent based on the OpenTelemetry Web SDK loads on each page and silently measures how the site performs for real visitors. It captures navigation timings, the Core Web Vitals (LCP, INP, CLS), JavaScript errors, AJAX requests, route changes and explicit user actions. These signals are sent as OpenTelemetry spans to a Splunk Observability Cloud ingest endpoint in the chosen realm and can be linked to backend traces from Splunk APM.
By default Splunk RUM does not set HTTP cookies. The agent generates a random session ID and stores it in browser session storage under splunk.rumSessionId, so it lives only for the current tab session. Each span typically carries the page URL, referrer, user agent, screen size, language, the truncated client IP, timing metrics, error stack traces and any custom attributes the site operator chooses to add (build version, route, feature flags). Calling setGlobalAttributes with a user ID or email turns the otherwise pseudonymous telemetry into personal data and changes the legal analysis.
Splunk RUM processes data about identified or identifiable visitors as soon as IPs are kept in full, a user ID is attached, or interaction data allows singling out a person. The website operator is controller and Cisco (Splunk) is processor, under a data processing addendum signed as part of the Observability Cloud contract. The ePrivacy Directive, transposed into laws such as the German TDDDG and the French LCEN, also applies because the agent reads from and writes to session storage on the user terminal. Whether prior consent is needed depends on whether that storage is strictly necessary for the service the user requested.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
A minimal RUM configuration, with truncated IPs, no user identifiers, no marketing related custom attributes and a clear performance and security purpose, can usually be justified on legitimate interest (Art. 6(1)(f) GDPR) and treated as strictly necessary under the ePrivacy regime. As soon as Splunk RUM is enriched with logged in user IDs, custom attributes carrying personal data, session reconstruction or business A/B testing, the processing leaves the strictly necessary scope and consent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy) becomes the proper basis. CCPA and LGPD additionally require clear notice and an opt out.
Splunk Observability Cloud is offered in several realms: US (primary, AWS US regions), EU (Frankfurt), APAC and Japan. The EU realm keeps RUM telemetry within the EEA and removes most third country concerns; other realms imply transfers outside the EEA covered by Standard Contractual Clauses and, for the US, the EU US Data Privacy Framework under which Cisco is certified. Practical steps: pick the EU realm where data residency matters, configure beaconUrl accordingly, enable IP truncation, avoid sending user IDs unless required, document Splunk RUM in your record of processing, list cisco.com and signalfx.com in your privacy notice, gate the agent behind your CMP when used beyond strictly necessary monitoring, and review Cisco DPF and SCCs annually.
Websites using Splunk RUM must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for strictly anonymised performance monitoring with truncated IPs and no user identifiers. A DPIA becomes advisable when Splunk RUM is configured with user IDs, custom attributes carrying personal data, session replay style reconstructions, or when used together with Splunk APM to follow individual journeys across systems.
Sample consent text
We use Splunk Real User Monitoring (Cisco) to measure page performance, capture JavaScript errors and understand how visitors interact with this site. Splunk RUM stores a session identifier in your browser session storage and may send technical data, including a truncated IP address, to Splunk Observability Cloud in the EU or United States.
Third-party domains contacted
splunk.comcisco.comsignalfx.comcdn.signalfx.comrum-ingest.us1.signalfx.comrum-ingest.eu0.signalfx.comapp.signalfx.comsplunkcloud.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| splunk.rumSessionId | sessionStorage (Splunk RUM) | Session (until tab closed) | Random identifier used to group performance and error spans emitted from the same browser session, stored in sessionStorage rather than as an HTTP cookie. |
| splunk.rumSessionStartTime | sessionStorage (Splunk RUM) | Session (until tab closed) | Timestamp at which the current RUM session started, used to compute session duration and idle timeout for the OpenTelemetry agent. |
| splunk.rumLastActivity | sessionStorage (Splunk RUM) | Session (until tab closed) | Last user activity timestamp used by the agent to decide whether to roll over to a new session ID after a period of inactivity. |
| splunk.userToken | localStorage (optional) | Persistent (until cleared) | Optional persistent identifier written to localStorage when the site operator chooses to correlate the same visitor across sessions. Exact name depends on configuration. |
| _sf_oauth_token | First party cookie (signalfx.com, admin only) | 1 year | Authentication cookie used in the Splunk Observability Cloud admin UI on signalfx.com. Not set on visitor browsers and unrelated to the RUM beacon. |
| __cf_bm | Third party cookie (signalfx.com) | 30 minutes | Cloudflare bot management cookie that may appear on Splunk Observability Cloud ingest endpoints when accessed by the RUM agent. Strictly necessary for fraud and bot prevention. |
Splunk RUM places tracking cookies for advertising — comply with GDPR using FlowConsent.
By default no HTTP cookies. Splunk RUM stores a random session ID in browser session storage under splunk.rumSessionId, lasting only for the tab session. Custom attributes you attach (user ID, build) may add personal data.
Not for strictly necessary performance and error monitoring with truncated IPs and no user identifiers (legitimate interest). Consent is required when Splunk RUM captures user IDs, marketing attributes or supports business A/B testing.
Legitimate interest (Art. 6(1)(f) GDPR) for anonymised performance and error telemetry; consent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy) where Splunk RUM captures identifiable users, custom personal attributes or session reconstruction.
It depends on the realm. The EU realm (Frankfurt) keeps RUM data within the EEA. The US, APAC and Japan realms imply transfers covered by Standard Contractual Clauses and, for the US, the EU US Data Privacy Framework under which Cisco is certified.
Usually not for anonymised performance monitoring with truncated IPs and no user IDs. A DPIA is advisable when Splunk RUM uses user identifiers, custom personal attributes, session reconstruction or is correlated with APM to track individual journeys.
Choose the EU realm where data residency matters, enable IP truncation, avoid sending user IDs or emails unless required, document the processing, list Splunk RUM in your privacy notice, and gate the agent behind your CMP when used beyond strictly necessary monitoring.
Yes. Commercial alternatives include Dynatrace RUM, Datadog RUM, New Relic Browser, Sentry, Akamai mPulse and Raygun. Open source or self hosted options include the OpenTelemetry Web SDK combined with Grafana Faro, Honeycomb or a ClickHouse based stack.
List Splunk Real User Monitoring (Cisco) under performance and error monitoring, name cisco.com and signalfx.com as data recipients, mention the selected realm and that the agent stores a session ID in browser session storage rather than HTTP cookies.