Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I turn off debug in btool.

drussell88
Explorer
‎03-09-2013 12:13 PM

I am having an issue with lag time in my scheduled searches of time. I am looking for all time of issues that may slow down my machines. One this I found was debug in the btool logs. How do I turn off that debug?

Tags (1)
0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎07-07-2013 05:23 AM

I'd like to comment that unless you're searching terms that would include those entries, and later filtering them, they're not likely to impact your search performance. You might consider the job inspector for tips on where to go next.

http://docs.splunk.com/Documentation/Splunk/5.0.3/Search/Writebettersearches

0 Karma
Reply

warrenpage
Explorer
‎07-07-2013 03:28 AM

I removed all the *debug*cfg files from the splunk etc directory, restarted splunk and this seemed to do the trick for me.

0 Karma
Reply

jrodman
Splunk Employee
Splunk Employee
‎07-08-2013 02:15 PM

This just means that when the tools are run with debug, they won't know how to log. I can't recommend this generally.

Reply

mikesaia
Path Finder
‎06-03-2013 11:16 AM

I noticed the same issue. In one particular hour there were 7 billion btool.log entries logged with DEBUG in the message but it is not being extracted as the log_level. Did you find any answer to this?

0 Karma
Reply

jrodman
Splunk Employee
Splunk Employee
‎03-12-2013 02:36 AM

Generally btool only writes DEBUG to the btool.log when run with --debug. I don't think we do that out of the box.

All I can suggest is some kind of hacks monitoring who runs the btool executable and with what flags. A simplistic idea is like

# vi btool.sh
#!/bin/bash
echo "btool $$ run with args $@" >> /tmp/silly.log
# does bourne have $PPID?
echo "PPID was $PPID" >> /tmp/silly.log
ps aux |grep $PPID >> /tmp/silly.log
exec $0.bin $@
# chmod u+x btool.sh
# mv btool btool.bin
# ln -s btool.sh btool

If you do try this, please test in a safe place before dropping it in. Measure twice, cut once.
Feel free to use fancier tools if you have them.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...