Re: How do I turn off debug in btool.

drussell88 · ‎03-09-2013

I am having an issue with lag time in my scheduled searches of time. I am looking for all time of issues that may slow down my machines. One this I found was debug in the btool logs. How do I turn off that debug?

sowings · ‎07-07-2013

I'd like to comment that unless you're searching terms that would include those entries, and later filtering them, they're not likely to impact your search performance. You might consider the job inspector for tips on where to go next.

http://docs.splunk.com/Documentation/Splunk/5.0.3/Search/Writebettersearches

warrenpage · ‎07-07-2013

I removed all the *debug*cfg files from the splunk etc directory, restarted splunk and this seemed to do the trick for me.

jrodman · ‎07-08-2013

This just means that when the tools are run with debug, they won't know how to log. I can't recommend this generally.

mikesaia · ‎06-03-2013

I noticed the same issue. In one particular hour there were 7 billion btool.log entries logged with DEBUG in the message but it is not being extracted as the log_level. Did you find any answer to this?

jrodman · ‎03-12-2013

Generally btool only writes DEBUG to the btool.log when run with --debug. I don't think we do that out of the box.

All I can suggest is some kind of hacks monitoring who runs the btool executable and with what flags. A simplistic idea is like

# vi btool.sh
#!/bin/bash
echo "btool $$ run with args $@" >> /tmp/silly.log
# does bourne have $PPID?
echo "PPID was $PPID" >> /tmp/silly.log
ps aux |grep $PPID >> /tmp/silly.log
exec $0.bin $@
# chmod u+x btool.sh
# mv btool btool.bin
# ln -s btool.sh btool

If you do try this, please test in a safe place before dropping it in. Measure twice, cut once.
Feel free to use fancier tools if you have them.

How do I turn off debug in btool.

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM