Set up logging
Well-behaved scripts send logging data to
splunkd.log. This logging data is useful for tracking and troubleshooting.
Any data you write to stderr is written to
splunkd.log. You can specify a log level when writing to stderr. If you do not specify a log level, Splunk uses ERROR as the default log level. The following example shows how to write INFO and ERROR logging entries:
INFO Connecting to the endpoint ERROR Unable to connect to the endpoint
Here are the log levels recognized by Splunk, from lowest to highest severity:
Splunk writes log entries to
splunkd.log based on the log level. By default, Splunk writes entries with a log level of INFO or higher to
splunkd.log. To modify the default behavior, in Splunk Web navigate to Manager > System settings > System logging. Then navigate to the ExecProcessor log channel. Select ExecProcessor to make any changes.
Alternatively, you can navigate to the following file:
log.cfg, set the logging level for modular inputs by editing the log level in the following line:
For more information on logging in Splunk, refer to What Splunk logs about itself in the Troubleshooting Manual.
Note: You must have Splunk admin privileges to change logging behavior in Splunk.
Example: Setting up standard Splunk logging
The following snippet from a script shows how to set up standard Splunk logging.
. . . import logging . . . # set up logging suitable for splunkd consumption logging.root logging.root.setLevel(logging.DEBUG) formatter = logging.Formatter('%(levelname)s %(message)s') handler = logging.StreamHandler() handler.setFormatter(formatter) logging.root.addHandler(handler) . . . # add various logging statements # for example: # # logging.info("URL %s already processed. Skipping.") # # if item_node: # logging.debug("XML: found item") # # etc.
Create modular inputs
Set up external validation
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18