View logs for the Ingest Processor solution
The Ingest Processor solution generates data that is recorded into log files. You can use these log files to monitor user activity and the health of the Ingest Processor solution.
Log types and locations
The following table summarizes the different types of logs that the Ingest Processor solution generates and where these logs are stored.
Log types | Information logged | Storage locations |
---|---|---|
Audit logs | User activity on Ingest Processor pipelines | The _audit index of the Splunk Cloud Platform deployment that the tenant is connected to. |
Debug logs | User activity on Ingest Processor pipelines | The _internal index of the Splunk Cloud Platform deployment that the tenant is connected to. |
Check user activity with audit logs
The Ingest Processor solution maintains audit logs that record all of the changes that users make to an Ingest Processor pipeline. The recorded user activity includes the creation of pipelines, modification of pipelines, application or removal of pipelines, and more. These audit logs let you answer questions such as "Who changed the name of this Ingest Processor pipeline, and when?"
Audit logs are stored in the _audit index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Ingest Processor solution for more information.
You can view audit logs by navigating to them through the Ingest Processor service.
View audit logs for all Ingest Processor pipelines
Follow these steps to view audit logs that tell you when and by whom an Ingest Processor or pipeline was created, edited, or deleted.
- Navigate to the Data management page.
- In the Monitor your system section, select View audit logs to investigate user activity. The Search page opens.
- Select the time range that you want to view audit logs for, and then select the Run () icon.
View audit logs for a specific pipeline
Follow these steps to view audit logs that tell you when and by whom a pipeline was applied or removed, and when the pipeline was first created. These audit logs include the configuration of the pipeline each time that it was applied or removed, so you can use these audit logs to track changes to your pipeline over time.
- Navigate to the Pipelines page.
- Select the Actions icon () and select View usage history. The Search page opens.
- Select the time range that you want to view audit logs for, and then select the Run () icon.
Check user activity with debug logs
The Ingest Processor solution maintains debug logs that can be used to identify and resolve issues with your Ingest Processor pipeline. The recorded user activity includes information the creation of pipelines, modification of pipelines, application or removal of pipelines, and more. These debug logs let you answer questions such as "What happened to this Ingest Processor pipeline, and when?"
Debug logs are stored in the _internal index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Ingest Processor solution for more information.
You can view debug logs by navigating to them through the Ingest Processor service, or by searching the _internal
index on your Paired Splunk Cloud Platform instance.
View debug logs for all Ingest Processor pipelines
Follow these steps to view debug logs for all of your Ingest Processor pipelines.
- Navigate to the Data management page, and select Ingest Processor.
- On the Ingest Processor page, select the View debug logs button. The Search page opens.
- Select the time range that you want to view debug logs for, and then select the Run () icon.
View debug logs for a specific pipeline
Follow these steps to view debug logs for all of your Ingest Processor pipelines.
View data flow information about an Ingest Processor pipeline | Troubleshoot the Ingest Processor solution |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!