All Apps and Add-ons

Splunk Addon builder logs

new
Loves-to-Learn

Hi 
I have Created a Splunk Addon builder using Splunk Enterprise version 9.
And i installed in Splunk Cloud now i am facing some issues with addon , how can i check the logs of this addon in splunk cloud?Pls assist.

Labels (1)
0 Karma

new
Loves-to-Learn

i tried with above but it is not showing anything

0 Karma

Meett
Splunk Employee
Splunk Employee

Hello @new ,

Can you please share the exact issue you are seeing? l.e., what part of add-on is not working ? are you seeing any ERRORs to check ? 

0 Karma

new
Loves-to-Learn

@Meett Thanks for responding.
I have created a Addon builder called TA-splunk-webhook-alerts and i have attached it to a alerts So, whenever that alert is triggered it will trigger the addon builder.
this addon builder contains a python script which calls some api to push the alert data.

new_0-1750160927496.png

The above picture shows the some of python script. if you see the there are some log statements in it.
like 

helper.log_info("username={}".format(username))

my question is whenever this script is executed where can i find these logs?
i have not done any specific configuration for logging.
helper.log_info is default one.

FYI: I have developed this addon builder using splunk enterprise version 9 and installed in splunk cloud.
 in splunk enterprise i am able to find the location of logs($SPLUNK_HOME/var/log/splunk) but not in splunk cloud.
Please assist to find the logs in splunk cloud.

 

0 Karma

Meett
Splunk Employee
Splunk Employee

Hello @new , 

Can you try to directly run search with log file name or an keyword around logs of that custom add-on on Splunk Cloud and check how it goes?

0 Karma

new
Loves-to-Learn

what will be the log file name?
As I mentioned i did not do any configuration for logging.
helper.log_info was already present in the default python script.

0 Karma

PrewinThomas
Motivator

@new 

You can start with  _internal index,

For eg:

index=_internal sourcetype=*addon* OR source=*ta_* OR source=*addon*

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...