Skip to main content
Version: 1.0.0

Logging

UTStream provides extensive logging capabilities. UTSteam writes the following logs that are available in Splunk by default:

IndexSourcetypeSourceContent
_internalutstream:command:utreadlookup$SPLUNK_HOME/var/log/splunk/utreadlookup.logLogs written by the custom command utreadlookup
_internalutstream:command:utwritelookup$SPLUNK_HOME/var/log/splunk/utwritelookup.logLogs written by the custom command utwritelookup
_internalutstream:command:utrunjob$SPLUNK_HOME/var/log/splunk/utrunjob.logLogs written by the custom command utrunjob
_internalutstream:instance$SPLUNK_HOME/var/log/splunk/CriblInstance.logLogs written by the class handling all interactions with a Cribl Stream instance
_internalutstream:job$SPLUNK_HOME/var/log/splunk/CriblJob.logLogs written by a job instance
_internalutstream:job:runner$SPLUNK_HOME/var/log/splunk/CriblJobRunner.logLogs written by class managing jobs running against Cribl Stream

Change verbosity

To change the default INFO verbosity, add a logger.conf file to the local directory of the app.

[logging]
rootLevel = <VERBOSITY>

Additionally. it is possible to change the verbosity for a logfile by defining a configuration as follow:

[logging]
utreadlookup = DEBUG
utwritelookup = DEBUG