How to configure logging from a custom search comm...

johannesschilli · ‎10-21-2015

Hi,

I'm writing a search command and need to log events from it to Splunk Web. I'm using the Python SDK in the current version 1.5.0. I already looked into answer 80712 and could not find any other concerned with logging.

I'm looking for the correct configuration of the logger already included in the SearchCommand base Class, so that I can do something like this:

class MySearchCommand(GeneratingCommand):
    def generate(self):
        self.logger.info('my message')

So that 'my message' will be shown in the log after clicking Job -> Inspect Job -> search.log

Thanks a lot
Johannes

DUThibault · ‎05-03-2018

Your problem may be the default logging level, which is ERROR. In order for your self.logger.info and self.logger.debug invocations to make it to the /opt/splunk/var/run/splunk/dispatch/.../search.log of the job, you must either globally reduce the logging level, or reduce it for the appropriate channel (Settings: Server Settings: Server Logging or /opt/splunk/etc/log.cfg, if you can identify the pertinent channel---I certainly can't), or issue self.logger.logging_level = 'DEBUG' in your command's generate method (or equivalent; generate is for GeneratingCommand subclasses).

gwobben · ‎03-22-2016

Have you actually tried this? I have this line in my code and it's working fine:

def generate(self):
...
    self.logger.fatal("This is a test")
...

search.log:

[Some timestamp] ERROR ScriptRunner - stderr from 'C:\Program Files\Splunk\bin\PYTHON.EXE C:\Program Files\Splunk\etc\apps\[...]\helloworld.py __EXECUTE__ [...]:  This is a test

How to configure logging from a custom search command to the search.log Splunk Web using the Splunk Python SDK?

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!