All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SA-Eventgen how to decrease log verbosity

gballanti
Explorer
‎12-18-2019 12:29 AM

I've installed SA-Eventgen and SPL Examples that work as expected. Unfortunately in few days the logs filled up my filesystem. In particulary the "/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/logs/eventgen-main.log" file is becomed 22G big in a week.
The log reports rows as follow

2019-12-18 09:15:09 eventgen DEBUG MainProcess {'event': "hourOfDayRate for sample 'noise.cpu' in app 'spl_examples' is 0.4"}
2019-12-18 09:15:09 eventgen DEBUG MainProcess {'event': "dayOfWeekRate for sample 'noise.cpu' in app 'spl_examples' is 0.5"}
2019-12-18 09:15:09 eventgen DEBUG MainProcess {'event': 'Original count: 7.5 Rated count: 2 Rate factor: 0.2038'}

So I was thinking that application could be in debug mode, checking the eventgen.conf seems it ain't

debug = false
verbosity = false

Is there any way to reduce the log verbosity ?

Thanks & regards

Reply
1 Solution
Solved! Jump to solution
Solution

lwu_splunk
Splunk Employee
Splunk Employee
‎12-18-2019 05:21 PM
  1. Try to set DEFAULT_LOGGING_LEVEL = "ERROR" in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py; or
  2. Set 'disable_existing_loggers': True in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py;

View solution in original post

Reply
Solved! Jump to solution
Solution

lwu_splunk
Splunk Employee
Splunk Employee
‎12-18-2019 05:21 PM
  1. Try to set DEFAULT_LOGGING_LEVEL = "ERROR" in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py; or
  2. Set 'disable_existing_loggers': True in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py;
Reply
Solved! Jump to solution

gballanti
Explorer
‎12-18-2019 11:00 PM

option 1 works fine, thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...