View logs for the Edge Processor solution
The Edge Processor solution generates data that is recorded into log files. You can use these log files to monitor user activity and the health of the Edge Processor solution.
Log types and locations
The following table summarizes the different types of logs that the Edge Processor solution generates and where these logs are stored.
Log types | Information logged | Storage locations |
---|---|---|
Audit logs | User activity on Edge Processors and pipelines | The _audit index of the Splunk Cloud Platform deployment that the tenant is connected to. |
Edge Processor logs | Events, warnings, and errors occurring in a specific Edge Processor instance |
|
Check user activity with audit logs
The Edge Processor service maintains audit logs that record all of the changes that users make to an Edge Processor or pipeline. The recorded user activity includes the creation of pipelines and Edge Processors, modification of pipelines and Edge Processors, application or removal of pipelines to Edge Processors, and more. These audit logs let you answer questions such as "Who changed the name of this Edge Processor, and when?"
Audit logs are stored in the _audit index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Edge Processor solution for more information.
You can view audit logs by navigating to them through the Edge Processor service.
View audit logs for all Edge Processors and pipelines
Follow these steps to view audit logs that tell you when and by whom an Edge Processor or pipeline was created, edited, or deleted.
- Navigate to the Data management page.
- In the Monitor your system section, select View audit logs to investigate user activity. The Search page opens.
- Select the time range that you want to view audit logs for, and then select the Run () icon.
View audit logs for a specific Edge Processor
Follow these steps to view audit logs for a specific Edge Processor. These logs show you when and by whom a specific Edge Processor was created, edited, or deleted.
- Do one of the following:
- Select the time range that you want to view audit logs for, and then select the Run () icon.
View audit logs for a specific pipeline
Follow these steps to view audit logs that tell you when and by whom a pipeline was applied or removed from an Edge Processor, and when the pipeline was first created. These audit logs include the configuration of the pipeline each time that it was applied or removed, so you can use these audit logs to track changes to your pipeline over time.
- Navigate to the Pipelines page.
- Select the Actions icon () and select View usage history. The Search page opens.
- Select the time range that you want to view audit logs for, and then select the Run () icon.
Check system health with Edge Processor logs
You can view logs about an Edge Processor instance to gain insights into system health and activity. These logs track information at the INFO
, WARN
, ERROR
, and FATAL
logging levels. The events, warnings, and errors tracked in these logs help you troubleshoot and answer questions like "Were there any connectivity issues recently between the Edge Processor service and an Edge Processor?" or "What was going on with my system when my data stopped showing up?"
The Edge Processor logs are stored in the edge.log and supervisor.log files, which are located in the <install_directory>/var/log directory on the host machine of each Edge Processor instance. The Edge Processor solution monitors these log files and sends their contents to the _internal index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Edge Processor solution for more information.
You can view the logs for a specific Edge Processor by completing the following steps.
View data flow information about an Edge Processor | Set up alerts for Edge Processor metrics |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!