Logging for Splunk extensions

 

Logging for Splunk extensions in an app or add-on for Splunk Enterprise

    When you are developing a scripted input, lookup, custom command, or similar extension to the Splunk platform, you should set up a custom log file for debugging. The Splunk platform writes to sys.stdout for normal processing, but you should write errors to a log file to ensure that your debugging code doesn't interfere with the the Splunk platform operations. The Splunk platform uses the Python logging module to provide a comprehensive logging system for your scripts. Logs are generated and indexed by Splunk Enterprise and Splunk Light in the following directory: $SPLUNK_HOME/var/log/splunk

    The following example shows you how to define a log object, which creates a custom log (foo.log), sets up auto-rotation, and automatically creates the correct filepath format for any operating system:

    import sys, os
    import logging, logging.handlers
    import splunk
    def setup_logging():
        logger = logging.getLogger('splunk.foo')    
        SPLUNK_HOME = os.environ['SPLUNK_HOME']
        
        LOGGING_DEFAULT_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log.cfg')
    
    ...

    the Splunk platform indexes the log files into the _internal index, so you can easily access them within the the Splunk platform as follows:

    index=_internal source="*/var/log/splunk/foo.log"

    Comments

    Popular posts from this blog

    Different Types of Reports in Scrum - Agile

    Terraform

    Scrum Master Interview help - Bootcamp