All Apps and Add-ons

SA-Eventgen how to decrease log verbosity

gballanti
Explorer

I've installed SA-Eventgen and SPL Examples that work as expected. Unfortunately in few days the logs filled up my filesystem. In particulary the "/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/logs/eventgen-main.log" file is becomed 22G big in a week.
The log reports rows as follow

2019-12-18 09:15:09 eventgen DEBUG MainProcess {'event': "hourOfDayRate for sample 'noise.cpu' in app 'spl_examples' is 0.4"}
2019-12-18 09:15:09 eventgen DEBUG MainProcess {'event': "dayOfWeekRate for sample 'noise.cpu' in app 'spl_examples' is 0.5"}
2019-12-18 09:15:09 eventgen DEBUG MainProcess {'event': 'Original count: 7.5 Rated count: 2 Rate factor: 0.2038'}

So I was thinking that application could be in debug mode, checking the eventgen.conf seems it ain't

debug = false
verbosity = false

Is there any way to reduce the log verbosity ?

Thanks & regards

1 Solution

lwu_splunk
Splunk Employee
Splunk Employee
  1. Try to set DEFAULT_LOGGING_LEVEL = "ERROR" in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py; or
  2. Set 'disable_existing_loggers': True in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py;

View solution in original post

lwu_splunk
Splunk Employee
Splunk Employee
  1. Try to set DEFAULT_LOGGING_LEVEL = "ERROR" in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py; or
  2. Set 'disable_existing_loggers': True in $SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/logging_config/__init__.py;

gballanti
Explorer

option 1 works fine, thanks.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...