Splunk Cloud Platform

Use Edge Processors

View logs for the Edge Processor solution

The Edge Processor solution generates data that is recorded into log files. You can use these log files to monitor user activity and the health of the Edge Processor solution.

Log types and locations

The following table summarizes the different types of logs that the Edge Processor solution generates and where these logs are stored.

Log types Information logged Storage locations
Audit logs User activity on Edge Processors and pipelines The _audit index of the Splunk Cloud Platform deployment that the tenant is connected to.
Edge Processor logs Events, warnings, and errors occurring in a specific Edge Processor instance
  • The following files in the <install_directory>/var/log directory on the host machine, where <install_directory> is the installation directory of the Edge Processor instance:
    • edge.log
    • supervisor.log
  • The _internal index of the Splunk Cloud Platform deployment connected to the tenant.

Check user activity with audit logs

The Edge Processor service maintains audit logs that record all of the changes that users make to an Edge Processor or pipeline. The recorded user activity includes the creation of pipelines and Edge Processors, modification of pipelines and Edge Processors, application or removal of pipelines to Edge Processors, and more. These audit logs let you answer questions such as "Who changed the name of this Edge Processor, and when?"

Audit logs are stored in the _audit index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Edge Processor solution for more information.

You can view audit logs by navigating to them through the Edge Processor service.

View audit logs for all Edge Processors and pipelines

Follow these steps to view audit logs that tell you when and by whom an Edge Processor or pipeline was created, edited, or deleted.

  1. Navigate to the Data management page.
  2. In the Monitor your system section, select View audit logs to investigate user activity. The Search page opens.
  3. Select the time range that you want to view audit logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.

View audit logs for a specific Edge Processor

Follow these steps to view audit logs for a specific Edge Processor. These logs show you when and by whom a specific Edge Processor was created, edited, or deleted.

  1. Do one of the following:
    • On the Edge Processors page, in the row that lists the Edge Processor you want to view audit logs for, select the Actions icon (Image of the Actions icon) and then select View history.
    • On the detailed view for a specific Edge Processor, select Actions > View history.
  2. Select the time range that you want to view audit logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.

View audit logs for a specific pipeline

Follow these steps to view audit logs that tell you when and by whom a pipeline was applied or removed from an Edge Processor, and when the pipeline was first created. These audit logs include the configuration of the pipeline each time that it was applied or removed, so you can use these audit logs to track changes to your pipeline over time.

  1. Navigate to the Pipelines page.
  2. Select the Actions icon (Image of the Actions icon) and select View usage history. The Search page opens.
  3. Select the time range that you want to view audit logs for, and then select the Run (This image shows an icon with a triangle pointing right.) icon.

Check system health with Edge Processor logs

You can view logs about an Edge Processor instance to gain insights into system health and activity. These logs track information at the INFO, WARN, ERROR, and FATAL logging levels. The events, warnings, and errors tracked in these logs help you troubleshoot and answer questions like "Were there any connectivity issues recently between the Edge Processor service and an Edge Processor?" or "What was going on with my system when my data stopped showing up?"

The Edge Processor logs are stored in the edge.log and supervisor.log files, which are located in the <install_directory>/var/log directory on the host machine of each Edge Processor instance. The Edge Processor solution monitors these log files and sends their contents to the _internal index of the Splunk Cloud Platform deployment that the tenant was connected to during the first-time setup process. See First-time setup instructions for the Edge Processor solution for more information.

You can view the logs for a specific Edge Processor by completing the following steps.

  1. Navigate to the Edge Processors page.
  2. In the row that lists the Edge Processor that you want to view the logs for, select the Actions icon (Image of the Actions icon) and select View debug logs. The Search page opens.
  3. Select the time range for your search.
  4. Select the Run (This image shows an icon with a triangle pointing right.) icon to run the search.
Last modified on 02 June, 2023
View data flow information about an Edge Processor   Set up alerts for Edge Processor metrics

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters