Splunk Dev

Where do I find the python log of a custom endpoint

manuel2202
Explorer

I added a custom endpoint successfully. But where can I find the output of my print statement?
Further more I like know where to find the startup log for my endpoint. For example in case of an error in my code.

import splunk.appserver.mrsparkle.controllers as controllers
from splunk.appserver.mrsparkle.lib.decorators import expose_page

class Controller(controllers.BaseController):
    @expose_page(must_login=False)
    def my_function(self, **kwargs) :

        print "MY LOG MESSAGE"
        return "HELLO WORLD"
0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

You need to create a log for it first. Otherwise it will probably end up in splunkd.log aka index=_internal sourcetype=splunkd but only in the form of a stack trace when there's an exception... or maybe all output will end up there... not certain. If you do create a logger for it though like below, you can control where it goes:

import splunk.mining.dcutils as dcu
logger = dcu.getLogger()

logger.info("This is info")
logger.error("this is error")
logger.warn("this is warn")
logger.exception("this is exception")

The above will certainly log to python.log.

import logging
from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path

def setup_logger(name, level=logging.WARNING, maxBytes=25000000, backupCount=5):
    '''
    Set up a default logger.

    @param name: The log file name.
    @param level: The logging level.
    @param maxBytes: The maximum log file size before rollover.
    @param backupCount: The number of log files to retain.
    '''

    # Strip ".py" from the log file name if auto-generated by a script.
    if '.py' in name:
        name = name.replace(".py", "")

    logfile = make_splunkhome_path(["var", "log", "splunk", name + '.log'])

    logger = logging.getLogger(name)
    logger.propagate = False  # Prevent the log messages from being duplicated in the python.log file
    logger.level = level

    # Prevent re-adding handlers to the logger object, which can cause duplicate log lines
    handler_exists = any([True for h in logger.handlers if h.baseFilename == logfile])
    if not handler_exists:
        file_handler = logging.handlers.RotatingFileHandler(logfile, mode='a', maxBytes=maxBytes, backupCount=backupCount)
        formatter = logging.Formatter('%(asctime)s %(levelname)s pid=%(process)d tid=%(threadName)s file=%(filename)s:%(funcName)s:%(lineno)d | %(message)s')
        file_handler.setFormatter(formatter)
        logger.addHandler(file_handler)

    return logger


logger = setup_logger('yourLogName', level=logging.DEBUG)

The above will create a logs in /opt/splunk/var/log/splunk/yourLogName.log

View solution in original post

jkat54
SplunkTrust
SplunkTrust

You need to create a log for it first. Otherwise it will probably end up in splunkd.log aka index=_internal sourcetype=splunkd but only in the form of a stack trace when there's an exception... or maybe all output will end up there... not certain. If you do create a logger for it though like below, you can control where it goes:

import splunk.mining.dcutils as dcu
logger = dcu.getLogger()

logger.info("This is info")
logger.error("this is error")
logger.warn("this is warn")
logger.exception("this is exception")

The above will certainly log to python.log.

import logging
from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path

def setup_logger(name, level=logging.WARNING, maxBytes=25000000, backupCount=5):
    '''
    Set up a default logger.

    @param name: The log file name.
    @param level: The logging level.
    @param maxBytes: The maximum log file size before rollover.
    @param backupCount: The number of log files to retain.
    '''

    # Strip ".py" from the log file name if auto-generated by a script.
    if '.py' in name:
        name = name.replace(".py", "")

    logfile = make_splunkhome_path(["var", "log", "splunk", name + '.log'])

    logger = logging.getLogger(name)
    logger.propagate = False  # Prevent the log messages from being duplicated in the python.log file
    logger.level = level

    # Prevent re-adding handlers to the logger object, which can cause duplicate log lines
    handler_exists = any([True for h in logger.handlers if h.baseFilename == logfile])
    if not handler_exists:
        file_handler = logging.handlers.RotatingFileHandler(logfile, mode='a', maxBytes=maxBytes, backupCount=backupCount)
        formatter = logging.Formatter('%(asctime)s %(levelname)s pid=%(process)d tid=%(threadName)s file=%(filename)s:%(funcName)s:%(lineno)d | %(message)s')
        file_handler.setFormatter(formatter)
        logger.addHandler(file_handler)

    return logger


logger = setup_logger('yourLogName', level=logging.DEBUG)

The above will create a logs in /opt/splunk/var/log/splunk/yourLogName.log

manuel2202
Explorer

I did a spot check and it turned out that your first example is logging to var/log/splunk/python.log
Anyway thanks for the hint with the logger! It's working!

0 Karma

jkat54
SplunkTrust
SplunkTrust

Good catch, I updated my answer.

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...