Splunk Cloud Platform

Use Ingest Processors

View logs for the Ingest Processor solution

The Ingest Processor solution generates data that is recorded into log files. You can use these log files to monitor user activity and the health of the Ingest Processor solution.

Log types and locations

The following table summarizes the different types of logs that the Ingest Processor solution generates and where these logs are stored.

Log types Information logged Storage locations
Audit logs User activity on Ingest Processor pipelines The _audit index of the Splunk Cloud Platform deployment that the tenant is connected to.
Debug logs User activity on Ingest Processor pipelines The _internal index of the Splunk Cloud Platform deployment that the tenant is connected to.

Check user activity with audit logs

The Ingest Processor solution maintains audit logs that record all of the changes that users make to an Ingest Processor pipeline. The recorded user activity includes the creation of pipelines, modification of pipelines, application or removal of pipelines, and more. These audit logs let you answer questions such as "Who changed the name of this Ingest Processor pipeline, and when?"

Audit logs are stored in the _audit index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Ingest Processor solution for more information.

You can view audit logs by navigating to them through the Ingest Processor service.

View audit logs for all Ingest Processor pipelines

Follow these steps to view audit logs that tell you when and by whom an Ingest Processor or pipeline was created, edited, or deleted.

  1. Navigate to the Data management page.
  2. In the Monitor your system section, select View audit logs to investigate user activity. The Search page opens.
  3. Select the time range that you want to view audit logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.

View audit logs for a specific pipeline

Follow these steps to view audit logs that tell you when and by whom a pipeline was applied or removed, and when the pipeline was first created. These audit logs include the configuration of the pipeline each time that it was applied or removed, so you can use these audit logs to track changes to your pipeline over time.

  1. Navigate to the Pipelines page.
  2. Select the Actions icon (Image of the Actions icon) and select View usage history. The Search page opens.
  3. Select the time range that you want to view audit logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.

Check user activity with debug logs

The Ingest Processor solution maintains debug logs that can be used to identify and resolve issues with your Ingest Processor pipeline. The recorded user activity includes information the creation of pipelines, modification of pipelines, application or removal of pipelines, and more. These debug logs let you answer questions such as "What happened to this Ingest Processor pipeline, and when?"

Debug logs are stored in the _internal index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Ingest Processor solution for more information.

You can view debug logs by navigating to them through the Ingest Processor service, or by searching the _internal index on your Paired Splunk Cloud Platform instance.

View debug logs for all Ingest Processor pipelines

Follow these steps to view debug logs for all of your Ingest Processor pipelines.

  1. Navigate to the Data management page, and select Ingest Processor.
  2. On the Ingest Processor page, select the View debug logs button. The Search page opens.
  3. Select the time range that you want to view debug logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.

View debug logs for a specific pipeline

Follow these steps to view debug logs for all of your Ingest Processor pipelines.

  1. Navigate to the Pipelines page.
  2. Select the Actions icon (Image of the Actions icon) and select View debug logs. The Search page opens.
  3. Select the time range that you want to view debug logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.
Last modified on 16 July, 2024
View data flow information about an Ingest Processor pipeline   Dashboards overview

This documentation applies to the following versions of Splunk Cloud Platform: 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters