splunk / ansible-role-for-splunk

Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)

Apache License 2.0

147 stars 103 forks source link

Change log level in cfg and CLI #187

Open arcsector opened 1 year ago

arcsector commented 1 year ago

Summary

Changes the log-level at the CLI level, then makes sure log-local.cfg exists, and adds or modifies the the log level in there. Requires the variables splunk_component and splunk_component_log_level provided to the task.

Modified files

Added: roles/tasks/adhoc_change_log_level.yml
Changed: README.md

arcsector commented 1 year ago

Made some changes to put the unfound items at the top of the file. Note that even if you set the file correctly, and the REST API shows you have set the log level correctly at /services/server/logger, Splunk still refuses to log at DEBUG for certain components (noticing this on an indexer with components HttpInputQueue, STMgr, TcpInputProc, and a couple other tests, but other components do work with this method like HttpInputDataHandler... Cmon Splunk!)

jewnix commented 1 year ago

@arcsector

The splunk set log-level is not persistent, and is only used to change the level on a running instance temporarily.
Can you add the option to configure multiple components to different levels in a loop?

arcsector commented 1 year ago

Yes, this is the desired functionality, change the level now, and then do it persistently so a restart isn't necessary. I can remove the restart handle to reflect this.
Done.