Splunk_Docker/files/splunk-etc/log-debug.cfg

#   Version 9.2.2.20240415
# log-debug.cfg
# This file contains the debugging output controls used when starting with --debug option
# Customers can change debugging levels as needed with output going to
# $SPLUNK_HOME/var/log/splunk/splunkd.log and other files as indicated
[splunkd]
# first, set all categories (even those not listed here) to DEBUG
rootCategory=DEBUG,A1
# then specify a different log level only for these categories
category.LicenseManager=INFO
category.timeinvertedIndex=INFO
category.ScopedTimer=WARN
category.FileInputTracker=WARN
category.NetUtils=INFO
category.LMHttpUtil=INFO
category.LMMasterRestHandler=INFO
category.LMTracker=INFO
category.FileTracker=INFO
category.Metrics=INFO
category.MetaData=INFO
category.loader=INFO
# for longer-running debug use, consider some of these as well
#category.DatabaseDirectoryManager=INFO
#category.BucketMover=INFO
#category.PropertiesMapConfig=INFO
#category.DispatchReaper=INFO
#category.SearchResults=INFO
#category.DispatchSearch=INFO
#category.DispatchCommand=INFO
#category.QueryLanguageParser=INFO
#category.TcpOutputProc=INFO
#category.TcpInputProc=INFO
#category.ThruputProcessor=INFO
#category.LineBreakingProcessor=INFO
#category.UTF8Processor=INFO
#category.WinEventLogAgent=INFO
#category.WinEventLogInputProcessor=INFO
#category.WinEventLogChannel=INFO
#category.WinEventLog=INFO
#category.AuditTrailManager=INFO
#category.TailingProcessor=INFO
#
# we're not sending stuff to the console anymore
# now that we're daemonized.
#
# the rest of the options in the splunkd stanza control logfile management
appender.rootAppender=ConsoleAppender
appender.rootAppender.layout=PatternLayout
appender.rootAppender.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
# splunkd.log
appender.A1=RollingFileAppender
appender.A1.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd.log
appender.A1.maxFileSize=1000000000
appender.A1.maxBackupIndex=5
appender.A1.layout=PatternLayout
appender.A1.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
###
### DO NOT USE APPENDER A3!
###
### This used to be used for splunklogger.log, which has gone away.  We don't
### want user settings for the old splunklogger to inadvertently take effect
### on whatever A3 ends up being used for...
### 
### appender.A3.fileName=${SPLUNK_HOME}/var/log/splunk/splunklogger.log
###
# license_usage.log
appender.license_usage=RollingFileAppender
appender.license_usage.fileName=${SPLUNK_HOME}/var/log/splunk/license_usage.log
appender.license_usage.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.license_usage.maxBackupIndex=5
appender.license_usage.layout=PatternLayout
appender.license_usage.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
category.LicenseUsage=INFO,license_usage
# searchhistory.log
appender.A4=RollingFileAppender
appender.A4.fileName=${SPLUNK_HOME}/var/log/splunk/searchhistory.log
appender.A4.maxFileSize=0
# Note: the searchhistory.log logfile is not used, as of Splunk 4.3 release.
# metrics.log
appender.metrics=RollingFileAppender
appender.metrics.fileName=${SPLUNK_HOME}/var/log/splunk/metrics.log
appender.metrics.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.metrics.maxBackupIndex=5
appender.metrics.layout=PatternLayout
appender.metrics.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
category.Metrics=INFO,metrics
# audit.log
appender.audittrail=RollingFileAppender
appender.audittrail.fileName=${SPLUNK_HOME}/var/log/splunk/audit.log
appender.audittrail.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.audittrail.maxBackupIndex=5
appender.audittrail.layout=PatternLayout
appender.audittrail.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
category.AuditLogger=DEBUG,audittrail
# splunkd_access.log
appender.accesslog=RollingFileAppender
appender.accesslog.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd_access.log
appender.accesslog.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.accesslog.maxBackupIndex=5
appender.accesslog.layout=PatternLayout
appender.accesslog.layout.ConversionPattern=%m%n
category.HTTPAccess=INFO,accesslog
# scheduler.log
appender.scheduler=RollingFileAppender
appender.scheduler.fileName=${SPLUNK_HOME}/var/log/splunk/scheduler.log
appender.scheduler.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.scheduler.maxBackupIndex=5
appender.scheduler.layout=PatternLayout
appender.scheduler.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
category.SavedSplunker=INFO,scheduler
# watchdog log
appender.watchdog_appender=RollingFileAppender
appender.watchdog_appender.fileName=${SPLUNK_HOME}/var/log/watchdog/watchdog.log
appender.watchdog_appender.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.watchdog_appender.maxBackupIndex=5
appender.watchdog_appender.layout=PatternLayout
appender.watchdog_appender.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n
category.Watchdog=DEBUG,watchdog_appender
category.WatchdogActions=DEBUG,watchdog_appender
category.Pstacks=DEBUG,watchdog_appender
category.PstackServerThread=DEBUG,watchdog_appender
category.PstackGeneratorThread=DEBUG,watchdog_appender
category.WatchdogStacksUtils=DEBUG,watchdog_appender
category.ThreadManager=DEBUG,watchdog_appender
# deployment server
appender.phonehome=RollingFileAppender
appender.phonehome.fileName=${SPLUNK_HOME}/var/log/client_events/phonehomes_${GUID}.log
appender.phonehome.maxFileSize=5000000 # default: 5MB (specified in bytes).
appender.phonehome.maxBackupIndex=5
appender.phonehome.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-4p %c - %m%n
appender.phonehome.layout=PatternLayout
appender.phonehome.serialization=JSON
category.DSphonehome=INFO,phonehome
appender.appevent=RollingFileAppender
appender.appevent.fileName=${SPLUNK_HOME}/var/log/client_events/appevents_${GUID}.log
appender.appevent.maxFileSize=10000000 # default: 10MB (specified in bytes).
appender.appevent.maxBackupIndex=5
appender.appevent.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-4p %c - %m%n
appender.appevent.layout=PatternLayout
appender.appevent.serialization=JSON
category.DSappevent=INFO,appevent
appender.client=RollingFileAppender
appender.client.fileName=${SPLUNK_HOME}/var/log/client_events/clients_${GUID}.log
appender.client.maxFileSize=1000000 # default: 1MB (specified in bytes).
appender.client.maxBackupIndex=5
appender.client.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-4p %c - %m%n
appender.client.layout=PatternLayout
appender.client.serialization=JSON
category.DSclient=INFO,client
#
# define splunk python logging properties for python.log
#
# logging classes are defined by a logging declaration at the log of each
# file.
#
# 	splunk
# 	splunk.appserver
# 	splunk.search
#
[python]
splunk = DEBUG
splunk.appserver = DEBUG
splunk.appserver.controllers = DEBUG
splunk.appserver.lib = DEBUG
Inital Commit 5 months ago			`# Version 9.2.2.20240415`
			`# log-debug.cfg`
			`# This file contains the debugging output controls used when starting with --debug option`
			`# Customers can change debugging levels as needed with output going to`
			`# $SPLUNK_HOME/var/log/splunk/splunkd.log and other files as indicated`
			`[splunkd]`
			`# first, set all categories (even those not listed here) to DEBUG`
			`rootCategory=DEBUG,A1`
			`# then specify a different log level only for these categories`
			`category.LicenseManager=INFO`
			`category.timeinvertedIndex=INFO`
			`category.ScopedTimer=WARN`
			`category.FileInputTracker=WARN`
			`category.NetUtils=INFO`
			`category.LMHttpUtil=INFO`
			`category.LMMasterRestHandler=INFO`
			`category.LMTracker=INFO`
			`category.FileTracker=INFO`
			`category.Metrics=INFO`
			`category.MetaData=INFO`
			`category.loader=INFO`
			`# for longer-running debug use, consider some of these as well`
			`#category.DatabaseDirectoryManager=INFO`
			`#category.BucketMover=INFO`
			`#category.PropertiesMapConfig=INFO`
			`#category.DispatchReaper=INFO`
			`#category.SearchResults=INFO`
			`#category.DispatchSearch=INFO`
			`#category.DispatchCommand=INFO`
			`#category.QueryLanguageParser=INFO`
			`#category.TcpOutputProc=INFO`
			`#category.TcpInputProc=INFO`
			`#category.ThruputProcessor=INFO`
			`#category.LineBreakingProcessor=INFO`
			`#category.UTF8Processor=INFO`
			`#category.WinEventLogAgent=INFO`
			`#category.WinEventLogInputProcessor=INFO`
			`#category.WinEventLogChannel=INFO`
			`#category.WinEventLog=INFO`
			`#category.AuditTrailManager=INFO`
			`#category.TailingProcessor=INFO`
			`#`
			`# we're not sending stuff to the console anymore`
			`# now that we're daemonized.`
			`#`
			`# the rest of the options in the splunkd stanza control logfile management`
			`appender.rootAppender=ConsoleAppender`
			`appender.rootAppender.layout=PatternLayout`
			`appender.rootAppender.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`# splunkd.log`
			`appender.A1=RollingFileAppender`
			`appender.A1.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd.log`
			`appender.A1.maxFileSize=1000000000`
			`appender.A1.maxBackupIndex=5`
			`appender.A1.layout=PatternLayout`
			`appender.A1.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`###`
			`### DO NOT USE APPENDER A3!`
			`###`
			`### This used to be used for splunklogger.log, which has gone away. We don't`
			`### want user settings for the old splunklogger to inadvertently take effect`
			`### on whatever A3 ends up being used for...`
			`###`
			`### appender.A3.fileName=${SPLUNK_HOME}/var/log/splunk/splunklogger.log`
			`###`
			`# license_usage.log`
			`appender.license_usage=RollingFileAppender`
			`appender.license_usage.fileName=${SPLUNK_HOME}/var/log/splunk/license_usage.log`
			`appender.license_usage.maxFileSize=25000000 # default: 25MB (specified in bytes).`
			`appender.license_usage.maxBackupIndex=5`
			`appender.license_usage.layout=PatternLayout`
			`appender.license_usage.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`category.LicenseUsage=INFO,license_usage`
			`# searchhistory.log`
			`appender.A4=RollingFileAppender`
			`appender.A4.fileName=${SPLUNK_HOME}/var/log/splunk/searchhistory.log`
			`appender.A4.maxFileSize=0`
			`# Note: the searchhistory.log logfile is not used, as of Splunk 4.3 release.`
			`# metrics.log`
			`appender.metrics=RollingFileAppender`
			`appender.metrics.fileName=${SPLUNK_HOME}/var/log/splunk/metrics.log`
			`appender.metrics.maxFileSize=25000000 # default: 25MB (specified in bytes).`
			`appender.metrics.maxBackupIndex=5`
			`appender.metrics.layout=PatternLayout`
			`appender.metrics.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`category.Metrics=INFO,metrics`
			`# audit.log`
			`appender.audittrail=RollingFileAppender`
			`appender.audittrail.fileName=${SPLUNK_HOME}/var/log/splunk/audit.log`
			`appender.audittrail.maxFileSize=25000000 # default: 25MB (specified in bytes).`
			`appender.audittrail.maxBackupIndex=5`
			`appender.audittrail.layout=PatternLayout`
			`appender.audittrail.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`category.AuditLogger=DEBUG,audittrail`
			`# splunkd_access.log`
			`appender.accesslog=RollingFileAppender`
			`appender.accesslog.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd_access.log`
			`appender.accesslog.maxFileSize=25000000 # default: 25MB (specified in bytes).`
			`appender.accesslog.maxBackupIndex=5`
			`appender.accesslog.layout=PatternLayout`
			`appender.accesslog.layout.ConversionPattern=%m%n`
			`category.HTTPAccess=INFO,accesslog`
			`# scheduler.log`
			`appender.scheduler=RollingFileAppender`
			`appender.scheduler.fileName=${SPLUNK_HOME}/var/log/splunk/scheduler.log`
			`appender.scheduler.maxFileSize=25000000 # default: 25MB (specified in bytes).`
			`appender.scheduler.maxBackupIndex=5`
			`appender.scheduler.layout=PatternLayout`
			`appender.scheduler.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`category.SavedSplunker=INFO,scheduler`
			`# watchdog log`
			`appender.watchdog_appender=RollingFileAppender`
			`appender.watchdog_appender.fileName=${SPLUNK_HOME}/var/log/watchdog/watchdog.log`
			`appender.watchdog_appender.maxFileSize=25000000 # default: 25MB (specified in bytes).`
			`appender.watchdog_appender.maxBackupIndex=5`
			`appender.watchdog_appender.layout=PatternLayout`
			`appender.watchdog_appender.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n`
			`category.Watchdog=DEBUG,watchdog_appender`
			`category.WatchdogActions=DEBUG,watchdog_appender`
			`category.Pstacks=DEBUG,watchdog_appender`
			`category.PstackServerThread=DEBUG,watchdog_appender`
			`category.PstackGeneratorThread=DEBUG,watchdog_appender`
			`category.WatchdogStacksUtils=DEBUG,watchdog_appender`
			`category.ThreadManager=DEBUG,watchdog_appender`
			`# deployment server`
			`appender.phonehome=RollingFileAppender`
			`appender.phonehome.fileName=${SPLUNK_HOME}/var/log/client_events/phonehomes_${GUID}.log`
			`appender.phonehome.maxFileSize=5000000 # default: 5MB (specified in bytes).`
			`appender.phonehome.maxBackupIndex=5`
			`appender.phonehome.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-4p %c - %m%n`
			`appender.phonehome.layout=PatternLayout`
			`appender.phonehome.serialization=JSON`
			`category.DSphonehome=INFO,phonehome`
			`appender.appevent=RollingFileAppender`
			`appender.appevent.fileName=${SPLUNK_HOME}/var/log/client_events/appevents_${GUID}.log`
			`appender.appevent.maxFileSize=10000000 # default: 10MB (specified in bytes).`
			`appender.appevent.maxBackupIndex=5`
			`appender.appevent.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-4p %c - %m%n`
			`appender.appevent.layout=PatternLayout`
			`appender.appevent.serialization=JSON`
			`category.DSappevent=INFO,appevent`
			`appender.client=RollingFileAppender`
			`appender.client.fileName=${SPLUNK_HOME}/var/log/client_events/clients_${GUID}.log`
			`appender.client.maxFileSize=1000000 # default: 1MB (specified in bytes).`
			`appender.client.maxBackupIndex=5`
			`appender.client.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-4p %c - %m%n`
			`appender.client.layout=PatternLayout`
			`appender.client.serialization=JSON`
			`category.DSclient=INFO,client`
			`#`
			`# define splunk python logging properties for python.log`
			`#`
			`# logging classes are defined by a logging declaration at the log of each`
			`# file.`
			`#`
			`# splunk`
			`# splunk.appserver`
			`# splunk.search`
			`#`
			`[python]`
			`splunk = DEBUG`
			`splunk.appserver = DEBUG`
			`splunk.appserver.controllers = DEBUG`
			`splunk.appserver.lib = DEBUG`