diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/1-workshop-goals/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/1-workshop-goals/_index.md
new file mode 100644
index 0000000000..bc4c5a4fb4
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/1-workshop-goals/_index.md
@@ -0,0 +1,34 @@
+---
+title: Workshop Overview
+linkTitle: 1. Workshop Overview
+weight: 1
+archetype: chapter
+time: 2 minutes
+description: Workshop Overview
+---
+
+**Introduction**  
+The goal of this workshop is to give you hands-on experience troubleshooting an issue using Splunk Observability Cloud to identify its root cause. We’ve provided a fully instrumented microservices-based application that actually mimic a wire transfer workflow that is running on Kubernetes, which sends metrics, traces, and logs to Splunk Observability Cloud for real-time analysis.
+
+**Who Should Attend?**  
+This workshop is ideal for anyone looking to gain practical knowledge of Splunk Observability. It's designed for individuals with little or no prior experience with the platform.
+
+**What You’ll Need**  
+All you need is your laptop and a browser with access to external websites. The workshop can be attended either in-person or via Zoom. If you don’t have the Zoom client installed, you can still join using your browser.
+
+**Workshop Overview**  
+In this 3-hour session, we’ll cover the fundamentals of Splunk Observability—the only platform offering streaming analytics and NoSample Full Fidelity distributed tracing—in an interactive, hands-on setting. Here's what you can expect:
+
+- **OpenTelemetry**  
+  Learn why OpenTelemetry is essential for modern observability and how it enhances visibility into your systems.
+
+- **Tour of the Splunk Observability User Interface**  
+  Take a guided tour of Splunk Observability Cloud’s interface, where we’ll show you how to navigate the five key components: APM, Log Observer, and Infrastructure.
+
+- **Splunk Application Performance Monitoring (APM)**  
+  Gain end-to-end visibility of your customers' request path using APM traces. You’ll explore how telemetry from various services is captured and visualized in Splunk Observability Cloud, helping you detect anomalies and errors.
+
+- **Splunk Log Observer (LO)**  
+  Learn how to leverage the "Related Content" feature to easily navigate between components. In this case, we’ll move from an APM trace to the related logs for deeper insight into issues.
+
+By the end of this session, you'll have gained practical experience with Splunk Observability Cloud and a solid understanding of how to troubleshoot and resolve issues across your application stack.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/2-opentelemetry/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/2-opentelemetry/_index.md
new file mode 100644
index 0000000000..0821c650af
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/2-opentelemetry/_index.md
@@ -0,0 +1,37 @@
+---
+title: What is OpenTelemetry & why should you care?
+linkTitle: 2. OpenTelemetry
+weight: 2
+archetype: chapter
+time: 2 minutes
+description: Learn about OpenTelemetry and why you should care about it.
+---
+
+## OpenTelemetry
+
+With the rise of cloud computing, microservices architectures, and ever-more complex business requirements, the need for Observability has never been greater. Observability is the ability to understand the internal state of a system by examining its outputs. In the context of software, this means being able to understand the internal state of a system by examining its telemetry data, which includes **metrics**, **traces**, and **logs**.
+
+To make a system observable, it must be instrumented. That is, the code must emit traces, metrics, and logs. The instrumented data must then be sent to an Observability back-end such as **Splunk Observability Cloud**.
+
+| Metrics | Traces | Logs |
+|:-------:|:------:|:----:|
+| _**Do I have a problem?**_ | _**Where is the problem?**_ | _**What is the problem?**_ |
+
+OpenTelemetry does two important things:
+
+* Allows you to **own** the data that you generate rather than be stuck with a proprietary data format or tool.
+* Allows you to learn **a single set** of APIs and conventions
+
+These two things combined enable teams and organizations the flexibility they need in today’s modern computing world.
+
+There are a lot of variables to consider when getting started with Observability, including the all-important question: _"How do I get my data into an Observability tool?"_. The industry-wide adoption of OpenTelemetry makes this question easier to answer than ever.
+
+## Why Should You Care?
+
+OpenTelemetry is completely open-source and free to use. In the past, monitoring and Observability tools relied heavily on proprietary agents meaning that the effort required to change or set up additional tooling required a large amount of changes across systems, from the infrastructure level to the application level.
+
+Since OpenTelemetry is vendor-neutral and supported by many industry leaders in the Observability space, adopters can switch between supported Observability tools at any time with minor changes to their instrumentation. This is true regardless of which distribution of OpenTelemetry is used – like with Linux, the various distributions bundle settings and add-ons but are all fundamentally based on the community-driven OpenTelemetry project.
+
+Splunk has fully committed to OpenTelemetry so that our customers can collect and use **ALL** their data, in any type, any structure, from any source, on any scale, and all in real-time. OpenTelemetry is fundamentally changing the monitoring landscape, enabling IT and DevOps teams to bring data to every question and every action. You will experience this during these workshops.
+
+![OpenTelemetry Logo](images/otel.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/2-opentelemetry/images/otel.png b/content/en/splunk4rookies/financial-services-observability-cloud/2-opentelemetry/images/otel.png
new file mode 100644
index 0000000000..69a1ca430f
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/2-opentelemetry/images/otel.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/1-home-page.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/1-home-page.md
new file mode 100644
index 0000000000..a76c124e6c
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/1-home-page.md
@@ -0,0 +1,42 @@
+---
+title: Home Page
+linkTitle: 1.1 Home Page
+weight: 2
+time: 5 minutes
+---
+
+After you have registered and logged into Splunk Observability Cloud you will be taken to the home or landing page. Here, you will find several useful features to help you get started.
+
+![home page](../images/home-screen.png)
+
+1. **Explore your data pane:** Displays which integrations are enabled and allows you to add additional integrations if you are an Administrator.
+2. **Documentation pane:** Training videos and links to documentation to get you started with Splunk Observability Cloud.
+3. **Recents pane:** Recently created/visited dashboards and/or detectors for quick access.
+4. **Main Menu pane:** Navigate the components of Splunk Observability Cloud.
+5. **Org Switcher:** Easily switch between Organizations (if you are a member of more than one Organization).
+6. **Expand/Contract Main Menu:** Expand **>>** / Collapse **<<** the main menu if space is at a premium.
+
+Let's start with our first exercise:
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Expand the Main Menu and click on **Settings**.
+* Check in the **Org Switcher** if you have access to more than one Organization.
+
+{{% /notice %}}
+
+{{% notice title="Tip" style="primary"  icon="lightbulb" %}}
+If you have used Splunk Observability before, you may be placed in an Organization you have used previously. Make sure you are in the correct workshop organization. Verify this with your instructor if you have access to multiple Organizations.
+{{% /notice %}}
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click **Onboarding Guidance** (Here you can toggle the visibility of the onboarding panes. This is useful if you know the product well enough, and can use the space to show more information).
+* Hide the Onboarding Content for the **Home Page**.
+* At the bottom of the menu, select your preferred appearance: **Light**, **Dark** or **Auto** mode.
+* Did you also notice this is where the **Sign Out** option is? Please don't 😊 !
+* Click **<** to get back to the main menu.
+
+{{% /notice %}}
+
+Next, let's check out **Splunk Real User Monitoring (RUM)**.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/99-login-faq.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/99-login-faq.md
new file mode 100644
index 0000000000..f4b1ff701b
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/99-login-faq.md
@@ -0,0 +1,41 @@
+---
+title: Log on FAQ
+weight: 99
+hidden: true
+---
+
+ This FAQ will address some of the more common issues we have encountered when logging into the Workshop.
+
+### 1. Invite email or password renewal email not arriving
+
+ The first step to take is to search for an email from **<noreply@signalfx.com>**, across all your email folders, as this is the address used to send the invite and password renewal emails. If you don't see the email, check your spam/junk folder.
+
+If you are sure the email does not exist your email, ask the Instructor to verify the email used for the workshop and have him/her resend the invite.
+
+If this fails, another solution is to provide the Instructor with a different email address (private e-mail address for example) and have him/her resend the invite.
+
+---
+
+### 2. Password not accepted
+
+The requirements for a password in Splunk Observability Cloud are:
+
+* **Must** be between 8 and 32 characters
+* **Must** contain at least one capital letter
+* **Must** have at least one number
+* **Must** have at least one symbol (e.g. !@#$%^&*()_+)
+
+---
+
+### 3. Invalid or unknown password
+
+The system does not recognize the password and username combination, please click on the reset password link to try and reset your password.
+You will be asked to provide a password. If that account exists, an email will be sent to allow you to reset your password. follow the instructions in that email.
+
+If no email arrives or your username is not recognized, reach out to your instructor for assistance.
+
+---
+
+### 4. Other options
+
+To Be Completed.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/_index.md
new file mode 100644
index 0000000000..5ac99f5a05
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/_index.md
@@ -0,0 +1,31 @@
+---
+title: Getting Started
+linkTitle: 1. Getting Started
+weight: 1
+time: 2 minutes
+description: Learn how to get started with Splunk Observability Cloud.
+---
+
+### 1. Sign in to Splunk Observability Cloud
+
+You should have received an e-mail from Splunk inviting you to the Workshop Org. This e-mail will look like the screenshot below, if you cannot find it, please check your Spam/Junk folders or inform your Instructor. You can also check for other solutions in our [**login F.A.Q.**](99-login-faq).
+
+ To proceed click the **Join Now** button or click on the link provided in the e-mail.
+
+If you have already completed the registration process you can skip the rest and proceed directly to Splunk Observability Cloud and log in:
+
+* [**https://app.eu0.signalfx.com (EMEA)**](https://app.eu0.signalfx.com)
+* [**https://app.us1.signalfx.com (APAC/AMER)**](https://app.us1.signalfx.com)
+
+![email](images/invite-email.png?width=25vw)
+
+If this is your first time using Splunk Observability Cloud, you will be presented with the registration form. Enter your full name, and desired password. Please note that the password requirements are:
+
+* **Must** be between 8 and 32 characters
+* **Must** contain at least one capital letter
+* **Must** have at least one number
+* **Must** have at least one symbol (e.g. !@#$%^&*()_+)
+
+Click the checkbox to agree to the terms and conditions and click the **SIGN IN NOW** button.
+
+![User-Setup](images/enter-password.png?width=25vw)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/enter-password.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/enter-password.png
new file mode 100644
index 0000000000..77c6035b10
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/enter-password.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/home-screen.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/home-screen.png
new file mode 100644
index 0000000000..fde3d33a2c
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/home-screen.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/invite-email.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/invite-email.png
new file mode 100644
index 0000000000..2ed3cb0ba4
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/1-homepage/images/invite-email.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/1-apm-home.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/1-apm-home.md
new file mode 100644
index 0000000000..ffd0bfa299
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/1-apm-home.md
@@ -0,0 +1,44 @@
+---
+title: Application Performance Monitoring Home page
+linkTitle: 2.1 APM Home Page 
+weight: 2
+---
+ 
+Click **APM** in the main menu, the APM Home Page is made up of 3 distinct sections:
+
+![APM page](../images/apm-main.png)
+
+1. **Onboarding Pane Pane:** Training videos and links to documentation to get you started with Splunk APM.
+2. **APM Overview Pane:** Real-time metrics for the Top Services and Top Business Workflows.
+3. **Functions Pane:** Links for deeper analysis of your services, tags, traces, database query performance and code profiling.
+
+The **APM Overview** pan provides a high-level view of the health of your application. It includes a summary of the services, latency and errors in your application. It also includes a list of the top services by error rate and the top business workflows by error rate (a business workflow is the start-to-finish journey of the collection of traces associated with a given activity or transaction and enables monitoring of end-to-end KPIs and identifying root causes and bottlenecks).
+
+{{% notice title=" About Environments" style="info" %}}
+
+To easily differentiate between multiple applications, Splunk uses **environments**. The naming convention for workshop environments is **[NAME OF WORKSHOP]-workshop**. Your instructor will provide you with the correct one to select.
+
+{{% /notice %}}
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Verify that the time window we are working with is set to the last 15 minutes (**-15m**).
+* Change the environment to the workshop one by selecting its name from the drop-down box and make sure that is the only one selected.
+{{< tabs >}}
+{{% tab title="Question" %}}
+**What can you conclude from the *Top Services by Error Rate* chart?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**The *wire-transfer-service* has a high error rate**
+{{% /tab %}}
+{{< /tabs >}}
+<!--
+* Click on the Explore Tile in the Function Pane. This will bring us to the automatically generated map of our services. This map shows how the services interact together based on the trace data being sent to Splunk Observability Cloud.
+-->
+{{% /notice %}}
+
+If you scroll down the Overview Page you will notice some services listed have **Inferred Service** next to them.
+
+Splunk APM can infer the presence of the remote service, or inferred service if the span calling the remote service has the necessary information. Examples of possible inferred services include databases, HTTP endpoints, and message queues. Inferred services are not instrumented, but they are displayed on the service map and the service list.
+
+Next, let's check out **Splunk Log Observer (LO)**.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/_index.md
new file mode 100644
index 0000000000..664b8c1fb3
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/_index.md
@@ -0,0 +1,24 @@
+---
+title: Application Performance Monitoring Overview
+linkTitle: 2. APM Overview
+weight: 3
+time: 5 minutes
+---
+
+Splunk APM provides a **NoSample** end-to-end visibility of every service and its dependency to solve problems quicker across monoliths and microservices. Teams can immediately detect problems from new deployments, confidently troubleshoot by scoping and isolating the source of an issue, and optimize service performance by understanding how back-end services impact end users and business workflows.
+
+**Real-time monitoring and alerting:** Splunk provides out-of-the-box service dashboards and automatically detects and alerts on RED metrics (rate, error and duration) when there is a sudden change. 
+
+**Dynamic telemetry maps:** Easily visualize service performance in modern production environments in real-time. End-to-end visibility of service performance from infrastructure, applications, end users, and all dependencies helps quickly scope new issues and troubleshoot more effectively.  
+
+**Intelligent tagging and analysis:** View all tags from your business, infrastructure and applications in one place to easily compare new trends in latency or errors to their specific tag values.  
+
+**AI-directed troubleshooting identifies the most impactful issues:** Instead of manually digging through individual dashboards, isolate problems more efficiently. Automatically identify anomalies and the sources of errors that impact services and customers the most.  
+
+**Complete distributed tracing analyses every transaction:** Identify problems in your cloud-native environment more effectively. Splunk distributed tracing visualizes and correlates every transaction from the back-end and front-end in context with your infrastructure, business workflows and applications.  
+
+**Full stack correlation:** Within Splunk Observability, APM links traces, metrics, logs and profiling together to easily understand the performance of every component and its dependency across your stack.  
+
+**Monitor database query performance:** Easily identify how slow and high execution queries from SQL and NoSQL databases impact your services, endpoints and business workflows — no instrumentation required.  
+
+![Architecture Overview](./images/arch-overview.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/images/apm-main.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/images/apm-main.png
new file mode 100644
index 0000000000..cb03cc342b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/images/apm-main.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/images/arch-overview.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/images/arch-overview.png
new file mode 100644
index 0000000000..caff2f4bcf
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/2-apm-home/images/arch-overview.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/1-log-observer-home.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/1-log-observer-home.md
new file mode 100644
index 0000000000..4654a5b842
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/1-log-observer-home.md
@@ -0,0 +1,53 @@
+---
+title: Log Observer Home Page
+linkTitle: 3.1 Log Observer Home Page
+weight: 2
+---
+
+Click **Log Observer** in the main menu, the Log Observer Home Page is made up of 4 distinct sections:
+
+![Lo Page](../images/log-observer-main.png)
+
+1. **Onboarding Pane:** Training videos and links to documentation to get you started with Splunk Log Observer.
+2. **Filter Bar:** Filter on time, indexes, and fields and also Save Queries.
+3. **Logs Table Pane:** List of log entries that match the current filter criteria.
+4. **Fields Pane:** List of fields available in the currently selected index.
+
+{{% notice title=" Splunk indexes" style="info" %}}
+
+Generally, in Splunk, an "index" refers to a  designated place where your data is stored. It's like a folder or container for your data. Data within a Splunk index is organized and structured in a way that makes it easy to search and analyze. Different indexes can be created to store specific types of data. For example, you might have one index for web server logs, another for application logs, and so on.
+
+{{% /notice %}}
+
+{{% notice title="Tip" style="primary" icon="lightbulb" %}}
+
+If you have used Splunk Enterprise or Splunk Cloud before, you are probably used to starting investigations with logs. As you will see in the following exercise, you can do that with Splunk Observability Cloud as well. This workshop, however, will use all the **OpenTelemetry** signals for investigations.
+
+{{% /notice %}}
+
+Let's run a little search exercise:
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Set the time frame to  **-15m**.
+* Click on {{% button style="gray" %}}Add Filter{{% /button %}} in the filter bar then click on **Fields** in the dialog.
+* Type in **cardType** and select it.
+* Under **Top values** click on **visa**, then click on **=** to add it to the filter.
+* Click {{% button style="blue" %}}Run search{{% /button %}}
+
+  ![logo search](../images/log-filter-bar.png?width=920px)
+
+* Click on one of the log entries in the Logs table to validate that the entry contains `cardType: "visa"`.
+* Let's find all the wire transfer orders that have been compelted. Click on {{% button style="gray" %}}Clear All{{% /button %}} in the filter bar to remove the previous filter.
+* Click again on {{% button style="gray" %}}Add Filter{{% /button %}} in the filter bar, then select **Keyword**. Next just type `order` in the **Enter Keyword...** box and press enter.
+* Click {{% button style="blue" %}}Run search{{% /button %}}
+* You should now only have log lines that contain the word `order`. There are still a lot of log lines -- some of which may not be our service -- so let's filter some more.
+* Add another filter, this time select the **Fields** box, then type `severity` in the **Find a field ...** search box and select it.
+  ![severity](../images/find-severity.png?width=15vw&classes=left)
+* Under **Top values** click on **error**, then click on **=** to add it to the filter.
+* Click {{% button style="blue" %}}Run search{{% /button %}}
+* You should now have a list of wire transfer orders that failed to complete for the last 15 minutes.
+
+{{% /notice %}}
+
+Next, let's check out **Splunk Synthetics**.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/_index.md
new file mode 100644
index 0000000000..d86837f814
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/_index.md
@@ -0,0 +1,16 @@
+---
+title: Log Observer Overview
+linkTitle: 3. Log Observer Overview
+weight: 4
+time: 5 minutes
+---
+
+Log Observer Connect allows you to seamlessly bring in the same log data from your Splunk Platform into an intuitive and **no-code** interface designed to help you find and fix problems quickly. You can easily perform log-based analysis and seamlessly correlate your logs with Splunk Infrastructure Monitoring’s real-time metrics and Splunk APM traces in one place.
+
+**End-to-end visibility:** By combining the powerful logging capabilities of Splunk Platform with Splunk Observability Cloud’s traces and real-time metrics for deeper insights and more context of your hybrid environment.  
+
+**Perform quick and easy log-based investigations:** By reusing logs that are already ingested in Splunk Cloud Platform or Enterprise in a simplified and intuitive interface (no need to know SPL!) with customizable and out-of-the-box dashboards  
+
+**Achieve higher economies of scale and operational efficiency:** By centralizing log management across teams, breaking down data and team silos, and getting better overall support
+
+![Logo graph](./images/logo-image-loop.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/find-severity.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/find-severity.png
new file mode 100644
index 0000000000..60703f81cf
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/find-severity.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/log-filter-bar.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/log-filter-bar.png
new file mode 100644
index 0000000000..b283d628f6
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/log-filter-bar.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/log-observer-main.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/log-observer-main.png
new file mode 100644
index 0000000000..11e50092e2
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/log-observer-main.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/logo-image-loop.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/logo-image-loop.png
new file mode 100644
index 0000000000..ca0fbca22b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/logo-image-loop.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/logo-image.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/logo-image.png
new file mode 100644
index 0000000000..f583a3b675
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/3-log-observer-home/images/logo-image.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/1-infrastructure-home.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/1-infrastructure-home.md
new file mode 100644
index 0000000000..c3d3f22b0f
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/1-infrastructure-home.md
@@ -0,0 +1,65 @@
+---
+title: Infrastructure Navigators
+linkTitle: 4.1 Infrastructure Navigators
+weight: 2
+hidden: true
+---
+
+Click on **Infrastructure** in the main menu, the Infrastructure Home Page is made up of 4 distinct sections.
+
+![Infra main](../images/infrastructure-main.png)
+
+1. **Onboarding Pane:** Training videos and links to documentation to get you started with Splunk Infrastructure Monitoring.
+2. **Time & Filter Pane:** Time window (not configurable at the top level)
+3. **Integrations Pane:** List of all the technologies that are sending metrics to Splunk Observability Cloud.
+4. **Tile Pane:** Total number of services being monitored broken down by integration.
+
+Using the Infrastructure pane, we can select the infrastructure/technology we are interested in, let's do that now.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Under the **Containers** section in the Integrations Pane (**3**), select **Kubernetes** as the technology you wish to examine.
+* This should show you two tiles, **K8s Nodes** and **K8s Workloads**.
+* The bottom part of each tile will have a history graph and the top part will show notifications for alerts that fired. Across all tiles, this additional information on each of the tiles will give you a good overview of the health of your infrastructure.
+* Click on the **K8s Nodes** tile.
+* You will be presented with one or more representations of a Kubernetes Cluster.
+* Click on the {{% button %}}Add filters{{% /button %}} button. Type in `k8s.cluster.name` and click on the search result.
+* From the list, select **[NAME OF WORKSHOP]-k3s-cluster** then click on the {{% button style="blue" %}}Apply Filter{{% /button %}} button.
+
+  ![cluster](../images/k8s-cluster.png)
+
+* The Kubernetes Navigator uses color to indicate health. As you can see there are two pods or services that are unhealthy and in a Failed state (**1**). The rest are healthy and running. This is not uncommon in shared Kubernetes environments, so we replicated that for the workshop.
+* Note the tiles to the side, under **Nodes dependencies** (**2**), specifically the MySQL and Redis tiles. These are the two databases used by our e-commerce application.
+
+{{% /notice %}}
+
+{{% notice title="Node Dependencies" style="info" %}}
+
+The UI will show services that are running on the node you have selected if they have been configured to be monitored by the OpenTelemetry Collector.
+
+{{% /notice %}}
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click on the **Redis** tile and this will take you to the **Redis instances** navigator. Under **REDIS INSTANCE** click on **redis-[NAME OF WORKSHOP]**.
+* This will bring you to the **Redis instance**. This navigator will show charts with metric data from the active Redis instance from our e-commerce site.
+  ![redis](../images/redis-2.png)
+{{< tabs >}}
+{{% tab title="Question" %}}
+**Can you name the Instance dependencies tile in this view?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**Yes, there is one for Kubernetes.**
+{{% /tab %}}
+{{< /tabs >}}
+
+* Click the tile, it will bring us back into the Kubernetes Navigator, this time at the Pod level showing the Pod that runs the Redis Service.
+* To return to the Cluster level, simply click on the link **Cluster** (**1**) at the top of the screen.
+
+![node](../images/node-link.png)
+
+{{% /notice %}}
+
+This completes the tour of **Splunk Observability Cloud**.
+
+Here, have some virtual 💶 and let's go and look at our e-commerce site, the 'Online Boutique' and do some shopping.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/_index.md
new file mode 100644
index 0000000000..c7dce99003
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/_index.md
@@ -0,0 +1,24 @@
+---
+title: Infrastructure Overview
+linkTitle: 4. Infrastructure Overview
+weight: 6
+time: 5 minutes
+---
+
+Splunk Infrastructure Monitoring (IM) is a market-leading monitoring and observability service for hybrid cloud environments. Built on a patented streaming architecture, it provides a **real-time** solution for engineering teams to visualize and analyze performance across infrastructure, services, and applications in a fraction of the time and with greater accuracy than traditional solutions.
+
+**OpenTelemetry standardization:** Gives you full control over your data — freeing you from vendor lock-in and implementing proprietary agents.  
+
+**Splunk’s OTel Collector:** Seamless installation and dynamic configuration, auto-discovers your entire stack in seconds for visibility across clouds, services, and systems.  
+
+**300+ Easy-to-use OOTB content:** Pre-built navigators and dashboards, deliver immediate visualizations of your entire environment so that you can interact with all your data in real time.  
+
+**Kubernetes navigator:** Provides an instant, comprehensive out-of-the-box hierarchical view of nodes, pods, and containers. Ramp up even the most novice Kubernetes user with easy-to-understand interactive cluster maps.  
+
+**AutoDetect alerts and detectors:** Automatically identify the most important metrics, out-of-the-box, to create alert conditions for detectors that accurately alert from the moment telemetry data is ingested and use real-time alerting capabilities for important notifications in seconds.  
+
+**Log views in dashboards:** Combine log messages and real-time metrics on one page with common filters and time controls for faster in-context troubleshooting.  
+
+**Metrics pipeline management:** Control metrics volume at the point of ingest without re-instrumentation with a set of aggregation and data-dropping rules to store and analyze only the needed data. Reduce metrics volume and optimize observability spend.  
+
+![Infrastructure Overview](./images/infrastructure-over.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/infrastructure-main.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/infrastructure-main.png
new file mode 100644
index 0000000000..b17d38b7da
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/infrastructure-main.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/infrastructure-over.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/infrastructure-over.png
new file mode 100644
index 0000000000..14d362a04d
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/infrastructure-over.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/k8s-cluster.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/k8s-cluster.png
new file mode 100644
index 0000000000..192043d123
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/k8s-cluster.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/node-link.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/node-link.png
new file mode 100644
index 0000000000..5c5fee5b6e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/node-link.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/redis-2.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/redis-2.png
new file mode 100644
index 0000000000..dcb3ab0e41
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/redis-2.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/redis.png b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/redis.png
new file mode 100644
index 0000000000..d6c10038c7
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/4-infrastructure-home/images/redis.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/_index.md
new file mode 100644
index 0000000000..b1022084cb
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/3-quick-tour/_index.md
@@ -0,0 +1,21 @@
+---
+title: UI - Quick Tour 🚌
+linkTitle: 3. UI - Quick Tour
+weight: 3
+archetype: chapter
+description: A quick tour of the Splunk Observability Cloud UI.
+---
+
+We are going to start with a short walkthrough of the various components of Splunk Observability Cloud. The aim of this is to get you familiar with the UI.
+
+1. **Signing in to Splunk Observability Cloud**
+2. **Application Performance Monitoring (APM)**
+3. **Infrastructure Monitoring**
+4. **Log Observer**
+
+{{% notice title="Tip" style="primary"  icon="lightbulb" %}}
+The easiest way to navigate through this workshop is by using:
+
+* the left/right arrows (**<** | **>**) on the top right of this page
+* the left (◀️) and right (▶️) cursor keys on your keyboard
+{{% /notice %}}
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/1-im-exercise.md b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/1-im-exercise.md
new file mode 100644
index 0000000000..62e66abf40
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/1-im-exercise.md
@@ -0,0 +1,41 @@
+---
+title: Infrastructure Exercise - Part 1
+linkTitle: Part 1
+weight: 1
+time: 5 minutes
+---
+
+This is the first section of our optimal Kubernetes Navigator exercise. Below is some high-level information regarding Kubernetes, just in case you're not familiar with it.
+
+{{% notice title=" Kubernetes Terminology" style="info" %}}
+K8s, short for Kubernetes, is an open-source container orchestration platform. It manages the deployment, scaling, and maintenance of containerized applications, and we use it in this workshop to host our e-commerce application
+
+**Some terminology:**
+
+* A Kubernetes cluster is a group of machines, called nodes, that work together to run containerized applications.
+* Nodes are individual servers or VMs in the cluster. Typically, you would have several nodes in a cluster but you may have just one node, just like in this workshop.
+* Pods are the smallest deployable units in Kubernetes, representing one or more containers that share the same network and storage, enabling efficient application scaling and management
+* Applications are a collection of one or more Pods interacting together to provide a service.
+* Namespaces help you keep your applications organized and separate within the cluster, by providing a logical separation for multiple teams or projects within a cluster.
+* Workloads are like a task list and  define how many instances of your application should run, how they should be created, and how they should respond to failures
+{{% /notice %}}
+
+Please select the **K8s nodes** tile from the Tile pane if you have not yet done so.
+(Select **Kubernetes** as your Technology). This will bring you to the Kubernetes Navigator Page.
+
+![Kubernetes](../images/im-kubernetes.png)
+
+The screenshot above shows the main part of the Kubernetes navigator. It will show all the clusters & their nodes that send metrics to Splunk Observability Cloud, and the first row of charts that show cluster-based Metrics. In the workshop, you will mostly see single-node Kubernetes clusters.
+
+Before we dive deeper, let's make sure we are looking at our cluster.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* First, use the ![k8s filter](../images/k8s-add-filter.png?classes=inline) option to pick your cluster.
+* This can be done by selecting `k8s.cluster.name` from the filter drop-down box.
+* You then can start typing the name of your cluster, (as provided by your instructor). The name should also appear in the drop-down values. Select yours and make sure just the one for your workshop is highlighted with a ![blue tick](../images/select-checkmark.png?classes=inline&width=30px).
+* Click the {{% button style="blue"  %}} Apply Filter  {{% /button %}} button to focus on our Cluster
+* We now should have a single cluster visible.
+{{% /notice %}}
+
+Let's move on to the next page of this exercise and look at your cluster in detail.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/2-im-exercise.md b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/2-im-exercise.md
new file mode 100644
index 0000000000..79fa31a490
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/2-im-exercise.md
@@ -0,0 +1,51 @@
+---
+title: Infrastructure Exercise - Part 2
+linkTitle: Part 2
+weight: 2
+time: 10 minutes
+---
+
+This is Part 2, of the Infrastructure Monitoring exercise, you should now have a single cluster visible.
+
+![Alt Cluster](../images/k8s-cluster.png)
+
+* In the Kubernetes Navigator, the cluster is represented by the square with the black line around it.
+* It will contain one or more blue squares representing the node(s) or compute engines.
+* Each of them containing one or more colored boxes that represent Pods. (this is where your services run in).
+* And as you can guess, **green** means healthy and **red** means that there is a problem.
+
+Given there are two red boxes or tiles, let's see what is going on and if this will affect our Online Boutique site.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* First, set the time window we are working with to the last 15 minutes. You do this by changing the  the Time picker in the filter pane from **-4h** to **Last 15 minutes**.
+* Hover with your mouse over the Cluster, Node and pods, both **green** and **red** ones.
+* The resulting information pane that appears will tell you the state of the object. Note, That the **red** Pods show that they are in **Pod Phase: Failed**. This means they have crashed and are not working.
+* Examine the Cluster Metric charts that provide information on your cluster. (The charts below the cluster image). They provide general information about the health of your cluster like Memory consumption and the number of pods per node.
+* Nothing flags for the **red** pods, as crashed pods do not affect the performance of Kubernetes.
+* Let's check if the Spunk Kubernetes Analyzer can tell us something more useful, so click on **K8s Analyzer**.
+{{% notice title=" Spunk Kubernetes Analyzer" style="info" %}}
+
+The Splunk Kubernetes Analyzer is a smart process that runs in the background in Splunk Observability Cloud and is designed to detect relations between anomalies.  
+
+{{% /notice %}}
+
+* The **K8s Analyzer** should have detected that the two **red** pods are similar, indicated by the 2 after each line, and running in the same Namespace.
+* In the K8s analyzer view can you find what namespace? (hint, look for `k8s.namespace.name`).
+* Next, we want to check this on the node level as well, so drill down to the node, first by hovering your mouse over the cluster until you see a blue line appear around the node with a ![blue triangle ](../images/node-blue-traingle.png?classes=inline) in the left top, inside the black Cluster Line. 
+* Click on the triangle . Your view should now show little boxes in each pod, these represent the  containers that run the actual code. The *K8s Analyzer* should confirm that this issue is also occurring on the node level.
+
+![Analyser result](../images/k8s-analyser-result.png?width=20vw)
+
+* Click on **K8s node**. This will show the node metrics, and if you examine the charts, you can see that there are only two pods in the development namespace.
+* It is easier to see if you filter on the `k8s.namespace.name=development` in the Filter Pane. The **# Total Pods** chart shows only two pods and in the **Node Workload** chart there is only the *test-job* and it has failed.
+
+{{% notice title="Spunk Kubernetes Analyzer" style="info" %}}
+
+The above scenario is common in a shared Kubernetes environment, where teams deploy applications in different stages. Kubernetes is designed to keep these environments completely separate.
+
+{{% /notice %}}
+
+{{% /notice %}}
+
+None of the Pods that make up our Online Boutique site run in the development namespace and all the other pods are green, we can safely assume these pods do not affect us, so let's move on to look at a few more things.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/3-im-exercise.md b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/3-im-exercise.md
new file mode 100644
index 0000000000..39c45f97d6
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/3-im-exercise.md
@@ -0,0 +1,49 @@
+---
+title: Infrastructure Exercise - Part 3
+linkTitle: Part 3
+weight: 3
+time: 10 minutes
+---
+
+Let's look at some other parts of the UI like the *Information Pane* on the right of the navigator or the *Related Content Pane* at the bottom.
+
+First, let's look at the *Information Pane*, this pane provides alert and detected services information and the metadata related to the object you're looking at.
+
+![info pane](../images/k8s-info-pane.png)
+
+Meta Data is sent along with the metrics and is very useful for identifying trends when looking into issues. An example could be a pod failing when deployed on a specific Operating System.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Can you identify the Operating System and Architecture of the node from the metadata?
+
+{{% /notice %}}
+
+As we have seen in the previous exercise, these fields are very useful for filtering the view in charts and Navigators down to a specific subset of metrics we are interested in.
+
+Another feature in the UI is **Related content**.
+
+{{% notice title="Related Content" style="info" %}}
+
+The Splunk Observability User Interface will attempt to show you additional information that is related to what you're actively looking at.
+A good example of this is the Kubernetes Navigator showing you related Content tiles in the information Pane for the services found running on this node.
+
+{{% /notice %}}
+
+In the **Information Pane**, you should see two tiles for services detected, the two databases used by our e-commerce application. Let's use this **Related Content**.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* First, make sure you no longer have a filter for the development namespace active. (Simply click on the **x** to remove it from the Filter Pane) as there are no databases in the Development Namespace.
+* Hoover on the **Redis** tile, and click on the {{% button style="blue" %}}Goto all my Redis instances{{% /button %}} button
+* The Navigator view should change to the overall Redis instances view.
+* Select the the instance running on your cluster. (Click on the blue link, named **redis-[the name of your workshop]**, in the Redis Instances pane).
+* We should now see just the information for your Redis Instance & there should also be an **Information Pane**.
+* Again we see Meta Data, but we also see that UI is showing in the **Related Content** tiles that this Redis Server runs in a Container running on Kubernetes.
+* Let's verify that by clicking on the **Kubernetes** Tile.
+* We should be back in the Kubernetes Navigator, at the container level.
+* Confirm that the names of our cluster and node are all visible at the top of the page and we are back looking at our K8s Cluster, where we started.
+
+{{% /notice %}}
+
+This completes the tour of Splunk Observability Cloud. Let's go and look at our e-commerce site and do some shopping.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/_index.md
new file mode 100644
index 0000000000..bea0a579aa
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/_index.md
@@ -0,0 +1,8 @@
+---
+title: Infrastructure Exercise
+linkTitle: 6.2 Optional Exercise 
+weight: 40
+hidden: true
+_build:
+  render: never
+---
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/im-gray-2.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/im-gray-2.png
new file mode 100644
index 0000000000..eabbf4ac25
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/im-gray-2.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/im-kubernetes.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/im-kubernetes.png
new file mode 100644
index 0000000000..8f99d0494d
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/im-kubernetes.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-add-filter.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-add-filter.png
new file mode 100644
index 0000000000..e5a9a92f2e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-add-filter.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-analyser-result.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-analyser-result.png
new file mode 100644
index 0000000000..f0d4e245e0
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-analyser-result.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-cluster.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-cluster.png
new file mode 100644
index 0000000000..e085c02ff0
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-cluster.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-info-pane.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-info-pane.png
new file mode 100644
index 0000000000..c681018bf2
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/k8s-info-pane.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/node-blue-traingle.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/node-blue-traingle.png
new file mode 100644
index 0000000000..2bc4070a14
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/node-blue-traingle.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/select-checkmark.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/select-checkmark.png
new file mode 100644
index 0000000000..b13f078d88
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/select-checkmark.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/selected-node.png b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/selected-node.png
new file mode 100644
index 0000000000..81eee48d71
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/30-im-exercise/images/selected-node.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/1-apm-explore.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/1-apm-explore.md
new file mode 100644
index 0000000000..44a70b0b97
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/1-apm-explore.md
@@ -0,0 +1,28 @@
+---
+title: 1. APM Explore
+weight: 1
+---
+
+When you click into the APM section of Splunk Observability Cloud you are greated with an overview of your APM data including top services by error rates, and R.E.D. metrics for services and workflows.
+
+The APM Service Map displays the dependencies and connections among your instrumented and inferred services in APM. The map is dynamically generated based on your selections in the time range, environment, workflow, service, and tag filters.
+
+You can see the services involved in any of your APM user workflows by clicking into the **Service Map**. When you select a service in the **Service Map**, the charts in the **Business Workflow** sidepane are updated to show metrics for the selected service. The **Service Map** and any indicators are syncronized with the time picker and chart data displayed. 
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click on the **wire-transfer-service** in the Service Map.
+
+{{% /notice %}}
+
+![APM Explore](../images/apm-business-workflow.png)
+
+Splunk APM also provides built-in **Service Centric Views** to help you see problems occurring in real time and quickly determine whether the problem is associated with a service, a specific endpoint, or the underlying infrastructure. Let's have a closer look.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* In the right hand pane, click on **wire-transfer-service** in blue.
+
+{{% /notice %}}
+
+![APM Service](../images/apm-service.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/2-apm-service-view.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/2-apm-service-view.md
new file mode 100644
index 0000000000..a9a7d60c62
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/2-apm-service-view.md
@@ -0,0 +1,39 @@
+---
+title: 2. APM Service View
+weight: 2
+---
+{{% notice title="Service View" style="info" %}}
+
+As a service owners you can use the service view in Splunk APM to get a complete view of your service health in a single pane of glass. The service view includes a service-level indicator (SLI) for availability, dependencies, request, error, and duration (RED) metrics, runtime metrics, infrastructure metrics, Tag Spotlight, endpoints, and logs for a selected service. You can also quickly navigate to code profiling and memory profiling for your service from the service view.
+
+{{% /notice %}}
+
+![Service Dashboard](../images/apm-service-dashboard.png)
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* In the **Time** box change the timeframe to **-1h**. Note how the charts update.
+* These charts are very useful to quickly identify performance issues. You can use this dashboard to keep an eye on the health of your service.
+* Scroll down the page and expand **Infrastructure Metrics**. Here you will see the metrics for the Host and Pod.
+* **Runtime Metrics** are not available as profiling data is not available for services written in Node.js.
+* Now let's go back to the explore view, you can hit the back button in your Browser
+
+{{% /notice %}}
+
+![APM Explore](../images/apm-business-workflow.png)
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+{{< tabs >}}
+{{% tab title="Question" %}}
+**In the Service Map hover over the **wire-transfer-service**. What can you conclude from the popup service chart?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**The error percentage is very high.**
+{{% /tab %}}
+{{< /tabs >}}
+{{% /notice %}}
+
+![APM Service Chart](../images/apm-service-popup-chart.png)
+
+We need to understand if there is a pattern to this error rate. We have a handy tool for that, **Tag Spotlight**.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/3-apm-tag-spotlight.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/3-apm-tag-spotlight.md
new file mode 100644
index 0000000000..964594bcd0
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/3-apm-tag-spotlight.md
@@ -0,0 +1,42 @@
+---
+title: 3. APM Tag Spotlight
+weight: 3
+---
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* To view the tags for the **wire-transfer-service** click on the **wire-transfer-service** and then click on **Tag Spotlight** in the right-hand side functions pane (you may need to scroll down depending upon your screen resolution).* Once in **Tag Spotlight** ensure the toggle **Show tags with no values** is off.
+
+{{% /notice %}}
+
+![APM Tag Spotlight](../images/apm-tag-spotlight.png)
+
+The views in **Tag Spotlight** are configurable for both the chart and cards. The view defaults to **Requests & Errors**.
+
+It is also possible to configure which tag metrics are displayed in the cards. It is possible to select any combinations of:
+
+* Requests
+* Errors
+* Root cause errors
+* P50 Latency
+* P90 Latency
+* P99 Latency
+
+Also ensure that the **Show tags with no values** toggle is unchecked.
+
+Scroll through the cards and get familiar with the tags provided by the wire-transfer-service's telemetry.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+{{< tabs >}}
+{{% tab title="Question" %}}
+**Which card exposes the tag that identifies what the problem is?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**The *version* card. The number of requests against `v350.10` matches the number of errors i.e. 100%**
+{{% /tab %}}
+{{< /tabs >}}
+
+{{% /notice %}}
+
+Now that we have identified the version of the **wire-transfer-service** that is causing the issue, let's see if we can find out more information about the error. Press the back button on your browser to get back to the Service Map.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/4-apm-service-breakdown.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/4-apm-service-breakdown.md
new file mode 100644
index 0000000000..92e6e6e176
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/4-apm-service-breakdown.md
@@ -0,0 +1,33 @@
+---
+title: 4. APM Service Breakdown
+weight: 4
+---
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Select the **wire-transfer-service** in the Service Map.
+* In the right-hand pane click on the {{% button style="grey"  %}}Breakdown{{% /button %}}.
+* Select `tenant.level` in the list.
+* Back in the Service Map click on **gold** (our most valuable user tier).
+* Click on {{% button style="grey"  %}}Breakdown{{% /button %}} and select `version`, this is the tag that exposes the service version.
+* Repeat this for **silver** and **bronze**.
+{{< tabs >}}
+{{% tab title="Question" %}}
+**What can you conclude from what you are seeing?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**Every `tenant.level` is being impacted by `v350.10`**
+{{% /tab %}}
+{{< /tabs >}}
+
+{{% /notice %}}
+
+You will now see the **wire-transfer-service** broken down into three services, **gold**, **silver** and **bronze**. Each tenant is broken down into two services, one for each version (`v350.10` and `v350.9`).
+
+![APM Service Breakdown](../images/apm-service-breakdown.png)
+
+{{% notice title="Span Tags" style="info" %}}
+Using span tags to break down services is a very powerful feature. It allows you to see how your services are performing for different customers, different versions, different regions, etc. In this exercise, we have determined that `v350.10` of the **wire-transfer-service** is causing problems for all our customers.
+{{% /notice %}}
+
+Next, we need to drill down into a trace to see what is going on.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/5-apm-trace-analyzer.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/5-apm-trace-analyzer.md
new file mode 100644
index 0000000000..9ddb35801f
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/5-apm-trace-analyzer.md
@@ -0,0 +1,63 @@
+---
+title: 5. APM Trace Analyzer
+weight: 5
+---
+
+As Splunk APM provides a **NoSample** end-to-end visibility of every service Splunk APM captures every trace. For this workshop, the wire transfer **orderId** is available as a tag. This means that we can use this to search for the exact trace of the poor user experience encountered by users.
+
+{{% notice title="Trace Analyzer" style="info" %}}
+
+Splunk Observability Cloud provides several tools for exploring application monitoring data. **Trace Analyzer** is suited to scenarios where you have high-cardinality, high-granularity searches and explorations to research unknown or new issues.
+{{% /notice %}}
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* With the outer box of the **wire-transfer-service** selected, in the right-hand pane, click on **Traces**.
+* Set **Time Range** to **Last 15 minutes**.
+* Ensure the **Sample Ratio** is set to `1:1` and **not** `1:10`.
+
+{{% /notice %}}
+
+![APM Trace Analyzer](../images/apm-trace-analyzer.png)
+
+The **Trace & error count** view shows the total traces and traces with errors in a stacked bar chart. You can use your mouse to select a specific period within the available time frame.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click on the dropdown menu that says **Trace & error count**, and change it to **Trace duration** 
+
+{{% /notice %}}
+
+![APM Trace Analyzer Heat Map](../images/apm-trace-analyzer-heat-map.png)
+
+The **Trace Duration** view shows a heatmap of traces by duration.  The heatmap represents 3 dimensions of data:
+
+* Time on the x-axis
+* Trace duration on the y-axis
+* The traces (or requests) per second are represented by the heatmap shades
+
+You can use your mouse to select an area on the heatmap, to focus on a specific time period and trace duration range.  
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Switch from **Trace duration** back to **Trace & Error count**.
+* In the time picker select **Last 1 hour**.
+* Note, that most of our traces have errors (red) and there are only a limited amount of traces that are error-free (blue).
+* Make sure the **Sample Ratio** is set to `1:1` and **not** `1:10`.
+* Click on **Add filters**, type in `orderId` and select **orderId** from the list.
+* Find and select the **orderId** provided by your workshop leader and hit enter.
+  ![Traces by Duration](../images/apm-trace-by-id.png)
+
+{{% /notice %}}
+
+We have now filtered down to the exact trace where users reported a poor experience with a very long processing wait.
+
+A secondary benefit to viewing this trace is that the trace will be accessible for up to 13 months. This will allow developers to come back to this issue at a later stage and still view this trace for example.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click on the trace in the list.
+
+{{% /notice %}}
+
+Next, we will walk through the trace waterfall.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/6-apm-waterfall.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/6-apm-waterfall.md
new file mode 100644
index 0000000000..f6d0562c5d
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/6-apm-waterfall.md
@@ -0,0 +1,45 @@
+---
+title: 6. APM Waterfall
+weight: 6
+---
+
+We have arrived at the **Trace Waterfall** from the **Trace Analyzer**. A trace is a collection of spans that share the same trace ID, representing a unique transaction handled by your application and its constituent services.
+
+Each span in Splunk APM captures a single operation. Splunk APM considers a span to be an error span if the operation that the span captures results in an error.
+
+![Trace Waterfall](../images/apm-trace-waterfall.png)
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click on the {{% button style="red"  %}}!{{% /button %}} next to any of the `wire-transfer-service` spans in the waterfall.
+
+{{< tabs >}}
+{{% tab title="Question" %}}
+**What is the error message and version being reported in the Span Details?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**`Invalid request` and `v350.10`**.
+{{% /tab %}}
+{{< /tabs >}}
+
+{{% /notice %}}
+Now that we have identified the version of the **wire-transfer-service** that is causing the issue, let's see if we can find out more information about the error. This is where **Related Logs** come in.
+
+Related Content relies on specific metadata that allow APM, Infrastructure Monitoring, and Log Observer to pass filters around Observability Cloud. For related logs to work, you need to have the following metadata in your logs:
+
+* `service.name`
+* `deployment.environment`
+* `host.name`
+* `trace_id`
+* `span_id`
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* At the very bottom of the **Trace Waterfall** click on **Logs (1)**. This highlights that there are **Related Logs** for this trace.
+* Click on the **Logs for trace xxx** entry in the pop-up, this will open the logs for the complete trace in **Log Observer**.
+
+{{% /notice %}}
+
+![Related Logs](../images/apm-related-logs.png)
+
+Next, let's find out more about the error in the logs.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/_index.md
new file mode 100644
index 0000000000..dfae644adb
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/_index.md
@@ -0,0 +1,16 @@
+---
+title: Splunk APM
+linkTitle: 4. Splunk APM
+weight: 4
+archetype: chapter
+time: 20 minutes
+description: In this section, we will use APM to drill down and identify where the problem is.
+---
+
+{{% notice icon="user" style="orange" title="Persona" %}}
+
+You are a **back-end developer** and you have been called in to help investigate an issue found by the SRE. The SRE has identified a poor user experience and has asked you to investigate the issue.
+
+{{% /notice %}}
+
+Getting to the root cause of a problem in cloud-native environments requires engineers to navigate through immense complexity within a distributed system. Oftentimes, you didn’t write the code and you lack the background and context to quickly understand what’s going on when a problem occurs. That is where Splunk APM comes in. 
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-business-workflow.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-business-workflow.png
new file mode 100644
index 0000000000..9f3668c774
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-business-workflow.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-related-logs.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-related-logs.png
new file mode 100644
index 0000000000..727eec8e22
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-related-logs.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-breakdown.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-breakdown.png
new file mode 100644
index 0000000000..e2a2c52f78
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-breakdown.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-dashboard.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-dashboard.png
new file mode 100644
index 0000000000..24c269808e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-dashboard.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-popup-chart.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-popup-chart.png
new file mode 100644
index 0000000000..de9bd0c605
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service-popup-chart.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service.png
new file mode 100644
index 0000000000..67b4bd4e7b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-service.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-tag-spotlight.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-tag-spotlight.png
new file mode 100644
index 0000000000..c30f67776a
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-tag-spotlight.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-analyzer-heat-map.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-analyzer-heat-map.png
new file mode 100644
index 0000000000..e7ac41b420
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-analyzer-heat-map.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-analyzer.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-analyzer.png
new file mode 100644
index 0000000000..01b9de6121
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-analyzer.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-by-duration.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-by-duration.png
new file mode 100644
index 0000000000..ee92a713cf
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-by-duration.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-by-id.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-by-id.png
new file mode 100644
index 0000000000..baeebc5f7c
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-by-id.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-waterfall.png b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-waterfall.png
new file mode 100644
index 0000000000..4ce7ad817e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/4-apm/images/apm-trace-waterfall.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/1-log-filtering.md b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/1-log-filtering.md
new file mode 100644
index 0000000000..1335f609cd
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/1-log-filtering.md
@@ -0,0 +1,29 @@
+---
+title: 1. Log Filtering
+weight: 1
+---
+
+**Log Observer (LO)**, can be used in multiple ways. In the quick tour, you used the LO **no-code interface** to search for specific entries in the logs. This section, however, assumes you have arrived in LO from a trace in APM using the **Related Content** link.
+
+The advantage of this is, as it was with the link between RUM & APM, that you are looking at your logs within the context of your previous actions.  In this case, the context is the time frame (**1**),  which matches that of the trace and the filter (**2**) which is set to the **trace_id**.
+
+![Trace Logs](../images/log-observer-trace-logs.png)
+
+This view will include **all** the log lines from **all** applications or services that participated in the back-end transaction started by the end-user interaction with the Online Boutique.
+
+Even in a small application, the sheer amount of logs found can make it hard to see the specific log lines that matter to the actual incident we are investigating.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+We need to focus on just the Error messages in the logs:
+
+* Click on the **Group By** drop-down box and use the filter to find **Severity**.
+* Once selected click the {{% button style="blue" %}}Apply{{% /button %}} button (notice that the chart legend changes to show debug, error and info).
+  ![legend](../images/severity-logs.png)
+* Selecting just the error logs can be done by either clicking on the word error (**1**) in the legend, followed by selecting **Add to filter**. Then click {{% button style="blue" %}}Run Search{{% /button %}}
+* You could also add the service name, `sf_service=wire-transfer-service`, to the filter if there are error lines for multiple services, but in our case, this is not necessary.
+  ![Error Logs](../images/log-observer-errors.png)
+
+{{% /notice %}}
+
+Next, we will look at log entries in detail.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/2-log-entry.md b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/2-log-entry.md
new file mode 100644
index 0000000000..0b43c73417
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/2-log-entry.md
@@ -0,0 +1,44 @@
+---
+title: 2. Viewing Log Entries
+weight: 2
+---
+
+Before we look at a specific log line, let's quickly recap what we have done so far and why we are here based on the 3 pillars of Observability:
+
+| Metrics | Traces | Logs |
+|:-------:|:------:|:----:|
+| _**Do I have a problem?**_ | _**Where is the problem?**_ | _**What is the problem?**_ |
+
+* Using metrics we identified **we have a problem** with our application. This was obvious from the error rate in the Service Dashboards as it was higher than it should be.
+* Using traces and span tags we found **where the problem is**. The **wire-transfer-service** comprises of two versions, `v350.9` and `v350.10`, and the error rate was **100%** for `v350.10`.
+* We did see that this error from the **wire-transfer-service** `v350.10` caused multiple retries and a long delay in the response back from the compliance check service.
+* From the trace, using the power of **Related Content**, we arrived at the log entries for the failing **wire-transfer-service** version. Now, we can determine **what the problem is**.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Click on an error entry in the log table (make sure it says `hostname: "wire-transfer-service-xxxx"` in case there is a rare error from a different service in the list too.
+{{< tabs >}}
+{{% tab title="Question" %}}
+**Based on the message, what would you tell the development team to do to resolve the issue?**
+{{% /tab %}}
+{{% tab title="Answer" %}}
+**The development team needs to rebuild and deploy the container with a valid API Token or rollback to `v350.9`**.
+{{% /tab %}}
+{{< /tabs >}}
+
+  ![Log Message](../images/log-observer-log-message.png)
+* Click on the **X** in the log message pane to close it.
+
+{{% /notice %}}
+
+{{% notice style="blue" title="Congratulations" icon="wine-bottle" %}}
+
+You have **successfully** used Splunk Observability Cloud to understand why users are experiencing issues while using the wire transfer service. You used Splunk APM and Splunk Log Observer to understand what happened in your service landscape and subsequently, found the underlying cause, all based on the 3 pillars of Observability, **metrics**, **traces** and **logs** 
+
+You also learned how to use Splunk's **intelligent tagging and analysis** with **Tag Spotlight** to detect patterns in your applications' behavior and to use the **full stack correlation** power of **Related Content** to quickly move between the different components and telemetry while keeping in context of the issue.
+
+{{% /notice %}}
+
+In the next part of the workshop, we will move from **problem-finding mode** into **mitigation**, **prevention** and **process improvement mode**.
+
+Next up, creating log charts in a custom dashboard.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/3-log-timeline-chart.md b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/3-log-timeline-chart.md
new file mode 100644
index 0000000000..1fd0f31849
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/3-log-timeline-chart.md
@@ -0,0 +1,31 @@
+---
+title: 3. Log Timeline Chart
+weight: 3
+---
+
+Once you have a specific view in Log Observer, it is very useful to be able to use that view in a dashboard, to help in the future with reducing the time to detect or resolve issues. As part of the workshop, we will create an example custom dashboard that will use these charts.
+
+Let's look at creating a **Log Timeline** chart. The Log Timeline chart is used for visualizing log messages over time. It is a great way to see the frequency of log messages and to identify patterns. It is also a great way to see the distribution of log messages across your environment. These charts can be saved to a custom dashboard.
+
+{{% notice title="Info" style="green" title="Exercise" icon="running" %}}
+
+First, we will reduce the amount of information to only the columns we are interested in:
+
+* Click on the Configure Table {{% icon icon="cog" %}} icon above the **Logs table** to open the **Table Settings**, untick `_raw` and ensure the following fields are selected `k8s.pod.name`, `message` and `version`.
+  ![Log Table Settings](../images/log-observer-table.png)
+* Remove the fixed time from the time picker, and set it to the **Last 15 minutes**.
+* To make this work for all traces, remove the `trace_id` from the filter and add the fields `sf_service=wire-transfer-service` and `sf_environment=[WORKSHOPNAME]`.
+* Click **Save** and select **Save to Dashboard**.
+  ![save it](../images/save-query.png)
+* In the chart creation dialog box that appears, for the **Chart name** use `Log Timeline`.
+* Click {{% button style="blue" %}}Select Dashboard{{% /button %}} and then click {{% button style="blue" %}}New dashboard{{% /button %}} in the Dashboard Selection dialog box.
+* In the **New dashboard** dialog box, enter a name for the new dashboard (no need to enter a description). Use the following format: `Initials - Service Health Dashboard` and click {{% button style="blue" %}}Save{{% /button %}}
+* Ensure the new dashboard is highlighted in the list (**1**) and click {{% button style="blue" %}}OK{{% /button %}} (**2**).
+  ![Save dashboard](../images/dashboard-save.png)
+* Ensure that **Log Timeline** is selected as the **Chart Type**.
+  ![log timeline](../images/log-timeline.png?classes=left&width=25vw)
+* Click the {{% button %}}Save{{% /button %}} button (**do not** click **Save and goto dashboard** at this time).
+
+{{% /notice %}}
+
+Next, we will create a **Log View** chart.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/4-log-view-chart.md b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/4-log-view-chart.md
new file mode 100644
index 0000000000..6233c13e0a
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/4-log-view-chart.md
@@ -0,0 +1,34 @@
+---
+title: 4. Log View Chart
+weight: 4
+---
+
+The next chart type that can be used with logs is the **Log View** chart type. This chart will allow us to see log messages based on predefined filters.
+
+As with the previous Log Timeline chart, we will add a version of this chart to our Customer Health Service Dashboard:
+
+{{% notice title="Info" style="green" title="Exercise" icon="running" %}}
+
+* After the previous exercise make sure you are still in **Log Observer**.
+* The filters should be the same as the previous exercise, with the time picker set to the **Last 15 minutes** and filtering on severity=error, `sf_service=wire-transfer-service` and `sf_environment=[WORKSHOPNAME]`.
+* Make sure we have the header with just the fields we wanted.
+* Click again on **Save** and then **Save to Dashboard**.
+* This will again provide you with the Chart creation dialog.
+* For the **Chart name** use **Log View**.
+* This time Click {{% button style="blue" %}}Select Dashboard{{% /button %}} and search for the Dashboard you created in the previous exercise. You can start by typing your initials in the search box (**1**).
+  ![search dashboard](../images/search-dashboard.png)
+* Click on your dashboard name to highlight it (**2**) and click {{% button style="blue" %}}OK{{% /button %}} (**3**).
+* This will return you to the create chart dialog.
+* Ensure **Log View** is selected as the **Chart Type**.
+  ![log view](../images/log-view.png?classes=left&width=30vw)
+* To see your dashboard click {{% button style="blue" %}}Save and go to dashboard{{% /button %}}.
+* The result should be similar to the dashboard below:
+  ![Custom Dashboard](../images/log-observer-custom-dashboard.png)
+* As the last step in this exercise, let us add your dashboard to your workshop team page, this will make it easy to find later in the workshop.
+* At the top of the page, click on the ***...*** to the left of your dashboard name.
+  ![linking](../images/linking.png)
+* Select **Link to teams** from the drop-down.
+* In the following **Link to teams** dialog box, find the Workshop team that your instructor will have provided for you and click {{% button style="blue" %}}Done{{% /button %}}.
+
+{{% /notice %}}
+
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/_index.md
new file mode 100644
index 0000000000..6634aac46b
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/_index.md
@@ -0,0 +1,18 @@
+---
+title: Splunk Log Observer
+linkTitle: 5. Splunk Log Observer
+weight: 5
+archetype: chapter
+time: 20 minutes
+description: In this section, we will use Log Observer to drill down and identify what the problem is.
+---
+
+{{% notice icon="user" style="orange" title="Persona" %}}
+
+Remaining in your **back-end developer** role, you need to inspect the logs from your application to determine the root cause of the issue.
+
+{{% /notice %}}
+
+Using the content related to the APM trace (logs) we will now use Splunk Log Observer to drill down further to understand exactly what the problem is.
+
+Related Content is a powerful feature that allows you to jump from one component to another and is available for **metrics**, **traces** and **logs**.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/dashboard-save.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/dashboard-save.png
new file mode 100644
index 0000000000..6f461467ea
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/dashboard-save.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/linking.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/linking.png
new file mode 100644
index 0000000000..acd2691285
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/linking.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-custom-dashboard.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-custom-dashboard.png
new file mode 100644
index 0000000000..8d080b58e4
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-custom-dashboard.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-errors.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-errors.png
new file mode 100644
index 0000000000..789a40f55a
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-errors.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-log-message.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-log-message.png
new file mode 100644
index 0000000000..721b72b652
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-log-message.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-table.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-table.png
new file mode 100644
index 0000000000..8009f10ee3
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-table.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-trace-logs.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-trace-logs.png
new file mode 100644
index 0000000000..94657206c4
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-observer-trace-logs.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-timeline.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-timeline.png
new file mode 100644
index 0000000000..b9fa9dfa90
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-timeline.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-view.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-view.png
new file mode 100644
index 0000000000..777a785a55
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/log-view.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/save-query.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/save-query.png
new file mode 100644
index 0000000000..efd19f7d3e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/save-query.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/search-dashboard.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/search-dashboard.png
new file mode 100644
index 0000000000..75788b741e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/search-dashboard.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/severity-logs.png b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/severity-logs.png
new file mode 100644
index 0000000000..c32ee0e878
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/5-log-observer/images/severity-logs.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/1-custom-dashboard.md b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/1-custom-dashboard.md
new file mode 100644
index 0000000000..33d172da4d
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/1-custom-dashboard.md
@@ -0,0 +1,39 @@
+---
+title: Enhancing the Dashboard
+linkTitle: 1. Enhancing the Dashboard
+weight: 1
+---
+
+As we already saved some useful log charts in a dashboard in the Log Observer exercise, we are going to extend that dashboard.
+
+ ![Wall mounted](../images/wall-mount.png)
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* To get back to your dashboard with the two log charts, click on **Dashboards** from the main menu and you will be taken to your Team Dashboard view. Under **Dashboards** click in **Search dashboards** to search for your Service Health Dashboard group.
+* Click on the name and this will bring up your previously saved dashboard.
+  ![log list](../images/log-observer-custom-dashboard.png)
+* Even if the log information is useful, it will need more information to have it make sense for our team so let's add a bit more information
+* The first step is adding a description chart to the dashboard. Click on the {{% button style="grey" %}}New text note{{% /button %}} and replace the text in the note with the following text and then click the {{% button style="blue" %}}Save and close{{% /button %}} button and name the chart **Instructions**
+{{% notice title=" Information to use with text note" style="grey" %}}
+
+```text
+
+This is a Custom Health Dashboard for the **wire-transfer-service**,  
+Please pay attention to any errors in the logs.
+For more detail visit [link](https://https://www.splunk.com/en_us/products/observability.html)
+
+```
+
+{{% /notice %}}
+
+* The charts are not in a nice order, let's correct that and rearrange the charts so that they are useful.
+* Move your mouse over the top edge of the **Instructions** chart, your mouse pointer will change to a **☩**. This will allow you to drag the chart in the dashboard. Drag the **Instructions** chart to the top left location and resize it to a 1/3rd of the page by dragging the right-hand edge.
+* Drag and add the **Log Timeline view** chart next to the **Instruction** chart, resize it so it fills the other 2/3rd of the page to be the error rate chart next to the two the chart and resize it so it fills the page
+* Next, resize the **Log lines** chart to be the width of the page and resize it the make it at least twice as long.
+* You should have something similar to the dashboard below:
+  ![Initial Dashboard](../images/initial-dashboard.png)
+
+{{% /notice %}}
+
+This looks great, let's continue and add more meaningful charts.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/2-add-chart.md b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/2-add-chart.md
new file mode 100644
index 0000000000..2aafe15943
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/2-add-chart.md
@@ -0,0 +1,27 @@
+---
+title: Adding Copied Charts
+linkTitle: 2. Adding Copied Charts
+weight: 2
+hidden: true
+---
+
+In this section, we are going to use the **Copy and Paste** functionality to extend our dashboard. Remember we copied some charts during the APM Service Dashboard section, we will now add those charts to our dashboard.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* Select the **2+** at the top of the page and select **Paste charts**, this will create the charts in your custom dashboard.
+* The chart currently shows data for all **Environments** and **Services**, so let's add a filter for our environment and the **paymentservice**.
+* Click on the 3 dots **...** at the top right side of the **Request Rate** single value chart. This will open the chart in edit mode.
+* In the new screen, click on the **x** in the {{% button style="blue" %}}sf_environment:* x{{% /button %}} button (**1**) in the middle of the screen to close it.
+* Click on the {{% button style="blue" %}}**+**{{% /button %}}  to add a new filter and select **sf_environment** then pick the [WORKSHOPNAME] from the drop-down and hit **Apply**. The button will change to **sf_environment:[WORKSHOPNAME]**
+* Do the same with for the {{% button style="blue" %}}sf_service.{{% /button %}} button (**2**), close it and create a new filter for **sf_service**. Only this time change it to `paymentservice`.
+  ![edit chart](../images/edit-chart.png)
+* Click the {{% button style="blue" %}}Save and close {{% /button %}} button (**3**).
+* Repeat the previous 4 steps for the **Request Rate** text chart
+* Click {{% button style="blue" %}}Save{{% /button %}} after you  have update the two charts.
+* As the new pasted charts appeared at the bottom of our dashboard, we need to re-organize our dashboard again.
+* Using the drag and drop and resizing skills you learned earlier, make your dashboard look like the image below.
+  ![New dashboard look](../images/copyandpastedcharts.png)
+{{% /notice %}}
+
+Next, we are going to create a custom chart based on our Synthetic test that is running.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/3-custom-chart.md b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/3-custom-chart.md
new file mode 100644
index 0000000000..2f35e2dc65
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/3-custom-chart.md
@@ -0,0 +1,34 @@
+---
+title: Adding a Custom Chart
+linkTitle: 2. Adding a Custom Chart
+weight: 3
+---
+
+In this part of the workshop we are going to create a chart that we will add to our dashboard, we will also link it to the detector we previously built. This will allow us to see the behavior of our test and get alerted if one or more of our test runs breach its SLA.
+
+{{% notice title="Exercise" style="green" icon="running" %}}
+
+* At the top of the dashboard click on the **+** and select **Chart**.
+  ![new chart screen](../images/new-chart.png)
+* First, use the {{% button style="grey" %}}Untitled chart{{% /button %}} input field and name the chart **Requests by version & error**.
+* For this exercise we want a bar or column chart, so click on the 3rd icon {{% icon icon="chart-bar" %}} in the chart option box.
+* In the **Plot editor** enter `spans.count` (this is runtime in duration for our test) in the **Signal** box and hit enter.
+* Click {{% button style="blue" %}}Add filter{{% /button %}} and choose `sf_service:wire-transfer-service`
+* Right now we see different colored bars, a different color for each region the test runs from. As this is not needed we can change that behavior by adding some analytics.
+* Click the {{% button style="blue" %}}Add analytics{{% /button %}} button.
+* From the drop-down choose the **Sum** option, then pick `sum:aggregation` and click `version` and then click `sf_error` to group by both of these dimensions. Notice how the chart changes as the metrics are now aggregated.
+![new chart screen](../images/spans-sum-version-error.png)
+* Click the {{% button style="blue" %}}Save and close{{% /button %}} button.
+* In the dashboard, move the charts so they look like the screenshot below:
+  ![Service Health Dashboard](../images/service-health-dashboard.png)
+* For the final task, click three dots **...** at the top of the page (next to **Event Overlay**) and click on **View fullscreen**. This will be the view you would use on the TV monitor on the wall (press Esc to go back).
+
+{{% /notice %}}
+
+{{% notice title="Tip" style="primary" icon="lightbulb" %}}
+
+In your spare time have a try at adding another custom chart to the dashboard using APM or Infrastructure metrics. You could copy a chart from the out-of-the-box **Kubernetes** dashboard group. Or you could use the APM metric `traces.count` to create a chart that shows the number of errors on a specific endpoint.
+
+{{% /notice %}}
+
+ Finally, we will run through a workshop wrap-up.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/_index.md
new file mode 100644
index 0000000000..8eb41184c8
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/_index.md
@@ -0,0 +1,18 @@
+---
+title: Custom Service Health Dashboard 🏥
+linkTitle: 6. Service Health Dashboard
+weight: 6
+archetype: chapter
+time: 15 minutes
+description: In this section, you will learn how to build a custom Service Health Dashboard to monitor the health of your services.
+---
+
+{{% notice icon="user" style="orange" title="Persona" %}}
+
+As the **SRE** hat suits you let's keep it on as you have been asked to build a custom Service Health Dashboard for the **wire-transfer-service**. The requirement is to display RED metrics, logs and Synthetic test duration results.
+
+{{% /notice %}}
+
+It is common for development and SRE teams to require a summary of the health of their applications and/or services. More often or not these are displayed on wall-mounted TVs. Splunk Observability Cloud has the perfect solution for this by creating custom dashboards.
+
+In this section we are going to build a **Service Health Dashboard** we can use to display on teams' monitors or TVs.
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/add-filter.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/add-filter.png
new file mode 100644
index 0000000000..9fc3d5eef3
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/add-filter.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/chart-setup.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/chart-setup.png
new file mode 100644
index 0000000000..88fa68414f
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/chart-setup.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/copyandpastedcharts.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/copyandpastedcharts.png
new file mode 100644
index 0000000000..6507f21582
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/copyandpastedcharts.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/detector-added.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/detector-added.png
new file mode 100644
index 0000000000..1c2bc40b90
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/detector-added.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/edit-chart.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/edit-chart.png
new file mode 100644
index 0000000000..a47482b608
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/edit-chart.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/initial-dashboard.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/initial-dashboard.png
new file mode 100644
index 0000000000..79e2203d78
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/initial-dashboard.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/list-dashboard-team.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/list-dashboard-team.png
new file mode 100644
index 0000000000..d39bd1ba90
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/list-dashboard-team.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/log-charts.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/log-charts.png
new file mode 100644
index 0000000000..5674127a4c
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/log-charts.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/log-observer-custom-dashboard.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/log-observer-custom-dashboard.png
new file mode 100644
index 0000000000..d199351c16
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/log-observer-custom-dashboard.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/new-chart.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/new-chart.png
new file mode 100644
index 0000000000..1f3daffb2b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/new-chart.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/service-health-dashboard.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/service-health-dashboard.png
new file mode 100644
index 0000000000..1faaeba43b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/service-health-dashboard.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/signal-setup.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/signal-setup.png
new file mode 100644
index 0000000000..7f34b4967b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/signal-setup.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/spans-sum-version-error.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/spans-sum-version-error.png
new file mode 100644
index 0000000000..6da61b7f8e
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/spans-sum-version-error.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/wall-mount.png b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/wall-mount.png
new file mode 100644
index 0000000000..f095fb9567
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/6-custom-dashboard/images/wall-mount.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/_index.md
new file mode 100644
index 0000000000..28a39fd4fd
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/_index.md
@@ -0,0 +1,16 @@
+---
+title: Workshop Wrap-up 🎁
+linkTitle: 7. Workshop Wrap-up
+weight: 7
+archetype: chapter
+time: 10 minutes
+description: Congratulations, you have completed the Splunk4Rookies - Observability Cloud Workshop. Today, you have become familiar with how to use Splunk Observability Cloud to monitor your applications and infrastructure.
+---
+
+Congratulations, you have completed the **Splunk4Rookies - Observability Cloud Workshop**. Today, you have become familiar with how to use Splunk Observability Cloud to monitor your applications and infrastructure.
+
+Celebrate your achievement by adding this certificate to your {{< badge style="blue" icon="fab fa-fw fa-linkedin-in" >}}{{< linkedin >}}{{< /badge >}}  profile.
+
+Let's recap what we have learned and what you can do next.
+
+![Champagne](images/champagne.png?width=45vw)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/apm.png b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/apm.png
new file mode 100644
index 0000000000..95c5cd752f
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/apm.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/champagne.png b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/champagne.png
new file mode 100644
index 0000000000..98c0014827
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/champagne.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/infra-k8s.png b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/infra-k8s.png
new file mode 100644
index 0000000000..0814a665b1
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/infra-k8s.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/log.png b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/log.png
new file mode 100644
index 0000000000..d93e802241
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/log.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/synth-tv.png b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/synth-tv.png
new file mode 100644
index 0000000000..d80ed5d000
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/synth-tv.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/tag-spotlight-waterfall.png b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/tag-spotlight-waterfall.png
new file mode 100644
index 0000000000..3288f75ec5
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/images/tag-spotlight-waterfall.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/key-takeaways.md b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/key-takeaways.md
new file mode 100644
index 0000000000..15472870ab
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/7-wrap-up/key-takeaways.md
@@ -0,0 +1,29 @@
+---
+title: Key Takeaways
+linkTitle: 1. Key Takeaways
+weight: 1
+---
+
+During the workshop, we have seen how the Splunk Observability Cloud in combination with the OpenTelemetry signals (**metrics**, **traces** and **logs**) can help you to reduce mean time to detect (**MTTD**) and also reduce mean time to resolution (**MTTR**).
+
+* We have a better understanding of the Main User interface and its components, the *Landing, Infrastructure, APM, Log Observer, Dashboard* pages, and a quick peek at the *Settings* page.
+* Depending on time, we did an *Infrastructure* exercise and looked at *Metrics* used in the  Kubernetes Navigators and saw related services found on our Kubernetes cluster:
+
+![Kubernetes](../images/infra-k8s.png)
+
+* Understood what users were experiencing and used APM to Troubleshoot a particularly long load time and error, by following its trace across the front and back end and right to the log entries.
+We used tools like the APM *Dependency map* with Breakdown to discover what is causing our issue:
+
+![apm](../images/apm.png)
+
+* Used *Tag Spotlight*, in APM, to understand blast radius, detect trends and context for our performance issues and errors. We drilled down in *Span's* in the APM *Trace waterfall* to  see how services interacted and find errors:
+
+![tag and waterfall](../images/tag-spotlight-waterfall.png)
+
+* We used the *Related content* feature to follow the link between our *Trace* directly to the *Logs* related to our *Trace* and used filters to drill down to the exact cause of our issue.
+
+![logs](../images/log.png)
+
+* In the final exercise, we created a health dashboard to keep that running for our Developers and SREs on a TV screen:
+
+![synth and TV](../images/synth-tv.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/_index.md b/content/en/splunk4rookies/financial-services-observability-cloud/_index.md
new file mode 100644
index 0000000000..86ecc323a5
--- /dev/null
+++ b/content/en/splunk4rookies/financial-services-observability-cloud/_index.md
@@ -0,0 +1,28 @@
+---
+title: Financial Services Observability Cloud
+weight: 2
+authors: ["Robert Castley", "Pieter Hagen", "Jeremy Hicks", "Deepti Bhutani"]
+time: 30 minutes
+aliases:
+  - /en/s4r/
+description: This workshop, tailored for the Financial Services sector, will demonstrate how Splunk Observability Cloud delivers real-time insights into user experience, spanning from front-end applications to back-end services. You'll explore key product features and unique advantages that set Splunk Observability Cloud apart.
+---
+
+In this workshop, we’ll demonstrate how Splunk Observability Cloud delivers value to our financial services customers due to its ability to provide real-time, full-fidelity, AI-powered monitoring across your entire digital ecosystem from infrastructure to applications to user experiences. It’s purpose-built for modern, cloud-native, microservices-based environments. You’ll have the opportunity to explore some of the platform’s most powerful features, which set it apart from other observability solutions: 
+
+- **Infrastructure Monitoring**
+- **Complete end-to-end trace visibility with NoSample Full-fidelity Application Performance Monitoring (APM)** 
+- **No-code log querying** 
+- **Root cause analysis with tag analytics and error stacks** 
+- **Related Content for seamless navigation between components**
+
+One of the core strengths of Splunk Observability Cloud is its ability to unify telemetry data, creating a comprehensive picture of both the end-user experience and your entire application stack.  
+
+The workshop will focus on a microservices-based Wire transfer application deployed on Kubernetes. Users can initiate a wire transfer and all of the appropriate checks for user, balance, and compliance will be handled. This application is fully instrumented with OpenTelemetry to capture detailed performance data. 
+
+**What is OpenTelemetry?**  
+OpenTelemetry is an open-source collection of tools, APIs, and software development kits (SDKs) designed to help you instrument, generate, collect, and export telemetry data—such as metrics, traces, and logs. This data enables in-depth analysis of your software’s performance and behavior.
+
+The OpenTelemetry community is growing rapidly, supported by leading companies like Splunk, Google, Microsoft, and Amazon. It currently has the second-largest number of contributors within the Cloud Native Computing Foundation, following only Kubernetes.
+
+![Full Stack](images/splunk-full-stack.png)
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/images/certificate.png b/content/en/splunk4rookies/financial-services-observability-cloud/images/certificate.png
new file mode 100644
index 0000000000..1c3697661b
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/images/certificate.png differ
diff --git a/content/en/splunk4rookies/financial-services-observability-cloud/images/splunk-full-stack.png b/content/en/splunk4rookies/financial-services-observability-cloud/images/splunk-full-stack.png
new file mode 100644
index 0000000000..71b16299d2
Binary files /dev/null and b/content/en/splunk4rookies/financial-services-observability-cloud/images/splunk-full-stack.png differ