topic managing log.cfg through deployment server in Getting Data In https://community.splunk.com/t5/Getting-Data-In/managing-log-cfg-through-deployment-server/m-p/180753#M36246 <P>I am trying to minimize noise level (across WAN) by splunk to greatest degree possible.. </P> <P>With review of index=_internal source=splunkd, I see that each of my universal forwarders is forwarding lines from splunkd.log. This log file is very noisy with most components logging INFO level events by default. I want to change most of the logging levels to &gt;= WARN. </P> <P>I know this can be done by manually altering logging levels in .\etc\log.cfg. Does anyone have any experience managing this configuration as a deployment-app? I imagine it would be possible with deployment of a script to execute line changes.. Is this a bad idea? </P> <P>inputs appreciated.</P> Tue, 17 Dec 2013 03:14:19 GMT dstaulcu 2013-12-17T03:14:19Z managing log.cfg through deployment server https://community.splunk.com/t5/Getting-Data-In/managing-log-cfg-through-deployment-server/m-p/180753#M36246 <P>I am trying to minimize noise level (across WAN) by splunk to greatest degree possible.. </P> <P>With review of index=_internal source=splunkd, I see that each of my universal forwarders is forwarding lines from splunkd.log. This log file is very noisy with most components logging INFO level events by default. I want to change most of the logging levels to &gt;= WARN. </P> <P>I know this can be done by manually altering logging levels in .\etc\log.cfg. Does anyone have any experience managing this configuration as a deployment-app? I imagine it would be possible with deployment of a script to execute line changes.. Is this a bad idea? </P> <P>inputs appreciated.</P> Tue, 17 Dec 2013 03:14:19 GMT https://community.splunk.com/t5/Getting-Data-In/managing-log-cfg-through-deployment-server/m-p/180753#M36246 dstaulcu 2013-12-17T03:14:19Z Re: managing log.cfg through deployment server https://community.splunk.com/t5/Getting-Data-In/managing-log-cfg-through-deployment-server/m-p/180754#M36247 <P>Here is how I plan to package that solution as an app:</P> <P>Create a new app with following files:</P> <P>.\deployment-apps\UF-LogCfgMgr\bin\<A href="http://pastebin.com/tDYiYAv0">logcfg.bat</A></P> <P>.\deployment-apps\UF-LogCfgMgr\bin\<A href="http://pastebin.com/XRy3g8Qg">logcfg.vbs</A></P> <P>.\deployment-apps\UF-LogCfgMgr\local\<A href="http://pastebin.com/2ma88cU4">inputs.conf</A></P> <P>12/28/2013 - Follow up. Method worked. Added condition to leave INFO logging levels to DEV/TEST deployment clients but to use WARN only for PROD deployment clients.</P> <P>1/19/2013 - updated logcfg.vbs to use log-local.cfg construct, to further tweak logging levels, to, and to support x86 on x64. Supports windows only</P> Sat, 21 Dec 2013 20:35:36 GMT https://community.splunk.com/t5/Getting-Data-In/managing-log-cfg-through-deployment-server/m-p/180754#M36247 dstaulcu 2013-12-21T20:35:36Z