Splunk® Enterprise

Developing Views and Apps for Splunk Web

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Set up logging

Well-behaved scripts send logging data to splunkd.log. This logging data is useful for tracking and troubleshooting.

About logging

Any data you write to stderr is written to splunkd.log. You can specify a log level when writing to stderr. If you do not specify a log level, the default log level is ERROR. The following example shows how to write INFO and ERROR logging entries: 

INFO Connecting to the endpoint
ERROR Unable to connect to the endpoint

Here are the recognized log levels from lowest to highest severity:

  • DEBUG
  • INFO
  • WARN
  • ERROR
  • FATAL

Log entries are written to splunkd.log based on the log level. By default, entries with a log level of INFO or higher are written to splunkd.log. To modify the default behavior, in Splunk Web navigate to Settings > System settings > System logging. Then navigate to the ExecProcessor log channel. Select ExecProcessor to make any changes.

Alternatively, you can navigate to the following file: 

$SPLUNK_HOME/etc/log.cfg

In log.cfg, set the logging level for modular inputs by editing the log level in the following line: 

category.ExecProcessor=INFO

For more information on logging, refer to What Splunk logs about itself in the Troubleshooting Manual.

Note: You must have Splunk Enterprise admin privileges to change logging behavior.

Example: Setting up standard Splunk logging

The following snippet from a script shows how to set up standard Splunk logging.

Standard Splunk logging snippets 

. . .
import logging
. . .
# set up logging suitable for splunkd consumption
logging.root
logging.root.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(levelname)s %(message)s')
handler = logging.StreamHandler(stream=sys.stderr)
handler.setFormatter(formatter)
logging.root.addHandler(handler)
. . .
# add various logging statements
# for example:
#
# logging.info("URL %s already processed.  Skipping.")
#
#     if item_node:
#      logging.debug("XML: found item")
#
# etc.
PREVIOUS
Create modular inputs 		  NEXT
Set up external validation

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters