I have only dabbled in this area, but I am pretty sure (not going to place any bets in Las Vegas on it though) that your python code is going to determine where you write the logs. It would be aweso...
See more...
I have only dabbled in this area, but I am pretty sure (not going to place any bets in Las Vegas on it though) that your python code is going to determine where you write the logs. It would be awesome if it does write to the splunk logs area, but I am pretty sure it does not. I don't think you specified a location for where you are writing the logs, so my guess is the python script is going to try to write the logs to the same location as your .py script. Now someone could come along and tell me I am completely wrong, and that is ok, because as I said, this is something I have only done a couple times and it was years ago. If I were going to troubleshoot to find out where the logs are being written, the first thing I would do is spin up my local / dev instance of Splunk. I really encourage anyone doing development, especially on something as complicated as what you are doing, that you have a dev instance - whether that be on a spare computer or laptop or spin up a local vm, or whatever, but it is really difficult to troubleshoot on a production environment and from an app dev perspective this is also a good practice to have a test environment. On this test box, you should have access to the command line. Put your code on that test box and then look and see where the logs are being written. Sorry I don't have any silver bullet, but my guess is that the log file is "trying" to be written to the same location as your python script, and that means your inputs.conf needs to be pointed there as well or it won't be able to grab it. (I don't recommend writing your logs to your scripts folder so you probably will want to change its location in the python script)