Any data you write to stderr is written to splunkd.log. You can specify a log level when writing to stderr. If unspecified, the log level defaults to ERROR. The following example shows how to write INFO and ERROR logging entries:

INFO Connecting to the endpoint
ERROR Unable to connect to the endpoint

Here are the recognized log levels from lowest to highest severity.

• DEBUG
• INFO
• WARN
• ERROR
• FATAL

Log entries are written to splunkd.log based on the log level. By default, entries with a log level of INFO or higher are written to splunkd.log. To modify the default behavior, in Splunk Web navigate to Settings > Server settings > Server logging. Then navigate to the ExecProcessor log channel. Select ExecProcessor to make any changes.

Alternatively, you can navigate to the following file.

$SPLUNK_HOME/etc/log.cfg

In log.cfg, set the logging level for modular inputs by editing the log level in the following line.

category.ExecProcessor=INFO

For more information on logging, refer to What Splunk logs about itself in the Troubleshooting Manual.

Note: You must have Splunk Enterprise admin privileges to change logging behavior.

The following snippet from a script shows how to set up standard Splunk logging.

Standard Splunk logging snippets

. . .
import logging
. . .
# set up logging suitable for splunkd consumption
logging.root
logging.root.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(levelname)s %(message)s')
handler = logging.StreamHandler(stream=sys.stderr)
handler.setFormatter(formatter)
logging.root.addHandler(handler)
. . .
# add various logging statements
# for example:
#
# logging.info("URL %s already processed.  Skipping.")
#
#     if item_node:
#      logging.debug("XML: found item")
#
# etc.