Alerting

I am trying to debug a python script, but don't see any data in python.log. What can I do to get more information from python.log?

jbsplunk
Splunk Employee
Splunk Employee

I am attempting to do some debugging on a python script I've written to execute as an alert script. I've tried to edit the python logging settings in log.cfg but am unable to get any data that is useful in debugging the problem. Can I do something to alter the behavior so that I can get more information? Right now, all I see messages like this:

2014-02-04 11:22:19,552 -0400 INFO runshellscript:129 - 
1 Solution

jrodman
Splunk Employee
Splunk Employee

Generally, it probably makes sense to review what the other scripts that ship with splunk are doing. For example, sendemail.py is the most frequently used alert in the system. It arranges to log messages to python.log in the following way:

import (...) splunk.mining.dcutils as dcu
[...]
logger = dcu.getLogger()
[...]
logger.error(error_message_string)

Personally I'd do a slightly simpler

import splunk.mining.dcutils
logger = splunk.mining.dcutils.getLogger()

The way this is used within the script is to catch exceptions and then render them into log messages. eg

except Exception, e:
      logger.error("Could not get email credentials from splunk, using no credentials. Error: %s" % (str(e)))

If you need more context, such as the full exception, you can use normal python methods to render the exception to a string, eg

logger.error(traceback.format_exc())

see https://docs.python.org/2.7/library/traceback.html for more.

View solution in original post

jrodman
Splunk Employee
Splunk Employee

Generally, it probably makes sense to review what the other scripts that ship with splunk are doing. For example, sendemail.py is the most frequently used alert in the system. It arranges to log messages to python.log in the following way:

import (...) splunk.mining.dcutils as dcu
[...]
logger = dcu.getLogger()
[...]
logger.error(error_message_string)

Personally I'd do a slightly simpler

import splunk.mining.dcutils
logger = splunk.mining.dcutils.getLogger()

The way this is used within the script is to catch exceptions and then render them into log messages. eg

except Exception, e:
      logger.error("Could not get email credentials from splunk, using no credentials. Error: %s" % (str(e)))

If you need more context, such as the full exception, you can use normal python methods to render the exception to a string, eg

logger.error(traceback.format_exc())

see https://docs.python.org/2.7/library/traceback.html for more.

awurster
Contributor

absolutely brilliant. this sort of topic has been answered so many different times.. but this response is just so elegant, accurate and fresh.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...