Set up logging
Well-behaved scripts send logging data to splunkd.log
. This logging data is useful for tracking and troubleshooting.
About logging
Any data you write to stderr
is written to splunkd.log
. You can specify a log level when writing to stderr
. If unspecified, the log level defaults to ERROR
. The following example shows how to write INFO
and ERROR
logging entries:
INFO Connecting to the endpoint ERROR Unable to connect to the endpoint
Here are the recognized log levels from lowest to highest severity.
DEBUG
INFO
WARN
ERROR
FATAL
Log entries are written to splunkd.log
based on the log level. By default, entries with a log level of INFO
or higher are written to
splunkd.log
. To modify the default behavior, in Splunk Web navigate to Settings > Server settings > Server logging. Then navigate to the ExecProcessor log channel. Select ExecProcessor to make any changes.
Alternatively, you can navigate to the following file.
$SPLUNK_HOME/etc/log.cfg
In log.cfg
, set the logging level for modular inputs by editing the log level in the following line.
category.ExecProcessor=INFO
For more information on logging, refer to What Splunk logs about itself in the Troubleshooting Manual.
Note: You must have Splunk Enterprise admin privileges to change logging behavior.
Example: Setting up standard Splunk logging
The following snippet from a script shows how to set up standard Splunk logging.
Standard Splunk logging snippets
. . . import logging . . . # set up logging suitable for splunkd consumption logging.root logging.root.setLevel(logging.DEBUG) formatter = logging.Formatter('%(levelname)s %(message)s') handler = logging.StreamHandler(stream=sys.stderr) handler.setFormatter(formatter) logging.root.addHandler(handler) . . . # add various logging statements # for example: # # logging.info("URL %s already processed. Skipping.") # # if item_node: # logging.debug("XML: found item") # # etc.
Create modular inputs | Set up external validation |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2203, 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!