Splunk® Enterprise

Developing Views and Apps for Splunk Web

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Set up logging

Well-behaved scripts send logging data to splunkd.log. This logging data is useful for tracking and troubleshooting.

About logging

Any data you write to stderr is written to splunkd.log. You can specify a log level when writing to stderr. If you do not specify a log level, Splunk uses ERROR as the default log level. The following example shows how to write INFO and ERROR logging entries:

INFO Connecting to the endpoint
ERROR Unable to connect to the endpoint

Here are the log levels recognized by Splunk, from lowest to highest severity:

  • DEBUG
  • INFO
  • WARN
  • ERROR
  • FATAL

Splunk writes log entries to splunkd.log based on the log level. By default, Splunk writes entries with a log level of INFO or higher to splunkd.log. To modify the default behavior, in Splunk Web navigate to Manager > System settings > System logging. Then navigate to the ExecProcessor log channel. Select ExecProcessor to make any changes.

Alternatively, you can navigate to the following file:

$SPLUNK_HOME/etc/log.cfg

In log.cfg, set the logging level for modular inputs by editing the log level in the following line:

category.ExecProcessor=INFO

For more information on logging in Splunk, refer to What Splunk logs about itself in the Troubleshooting Manual.

Note: You must have Splunk admin privileges to change logging behavior in Splunk.

Example: Setting up standard Splunk logging

The following snippet from a script shows how to set up standard Splunk logging.

Standard Splunk logging snippets

. . .
import logging
. . .
# set up logging suitable for splunkd consumption
logging.root
logging.root.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(levelname)s %(message)s')
handler = logging.StreamHandler()
handler.setFormatter(formatter)
logging.root.addHandler(handler)
. . .
# add various logging statements
# for example:
#
# logging.info("URL %s already processed.  Skipping.")
#
#     if item_node:
#      logging.debug("XML: found item")
#
# etc.
PREVIOUS
Create modular inputs
  NEXT
Set up external validation

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters