Set up logging
Well-behaved scripts send logging data to
splunkd.log. This logging data is useful for tracking and troubleshooting.
Any data you write to
stderr is written to
splunkd.log. You can specify a log level when writing to
stderr. If unspecified, the log level defaults to
ERROR. The following example shows how to write
ERROR logging entries:
INFO Connecting to the endpoint ERROR Unable to connect to the endpoint
Here are the recognized log levels from lowest to highest severity.
Log entries are written to
splunkd.log based on the log level. By default, entries with a log level of
INFO or higher are written to
splunkd.log. To modify the default behavior, in Splunk Web navigate to Settings > Server settings > Server logging. Then navigate to the ExecProcessor log channel. Select ExecProcessor to make any changes.
Alternatively, you can navigate to the following file.
log.cfg, set the logging level for modular inputs by editing the log level in the following line.
For more information on logging, refer to What Splunk logs about itself in the Troubleshooting Manual.
Note: You must have Splunk Enterprise admin privileges to change logging behavior.
Example: Setting up standard Splunk logging
The following snippet from a script shows how to set up standard Splunk logging.
. . . import logging . . . # set up logging suitable for splunkd consumption logging.root logging.root.setLevel(logging.DEBUG) formatter = logging.Formatter('%(levelname)s %(message)s') handler = logging.StreamHandler(stream=sys.stderr) handler.setFormatter(formatter) logging.root.addHandler(handler) . . . # add various logging statements # for example: # # logging.info("URL %s already processed. Skipping.") # # if item_node: # logging.debug("XML: found item") # # etc.
Create modular inputs
Set up external validation
This documentation applies to the following versions of Splunk Cloud™: 7.0.13, 8.0.2006, 8.1.2009, 8.1.2011, 8.0.2007, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104, 8.2.2105, 8.2.2106