Troubleshoot log collection

My source isn’t generating logs

If using Linux, run the following commands to check if the source is generating logs:

tail -f /var/log/myTestLog.log
journalctl -u my-service.service -f

If using Windows, run the following command to check if the source is generating logs:

Get-Content myTestLog.log

The Collector isn’t configured properly

Do the following to check the Collector configuration:

1. Go to http://localhost:55679/debug/tracez to check zPages for samples. You might need to configure the endpoint.

2. Activate logging exporter. See Logging exporter for more information.

3. Run journalctl -u splunk-otel-collector.service -f to collect the logs for you to review.

4. Review Troubleshoot the Splunk OpenTelemetry Collector if you can’t find what you need in the logs.

Test the Collector by sending synthetic data

You can manually generate logs.

echo "2021-03-17 02:14:44 +0000 [debug]: test" >>/var/log/syslog.log
echo "2021-03-17 02:14:44 +0000 [debug]: test" | systemd-cat

Unwanted profiling logs appearing in Splunk Observability Cloud

By default, the Splunk Distribution of the OpenTelemetry Collector sends AlwaysOn Profiling data using the Splunk HEC exporter. See Turn off logs or profiling data for more information.

Exclude log data in the Collector

Depending on its configuration, the Splunk Distribution of the OpenTelemetry Collector might collect and send logs to Splunk Observability Cloud through a logs pipeline that uses the Splunk HEC exporter.

To turn off logs colletion, see Turn off logs or profiling data for more information.

Send logs to Splunk Cloud Platform or Enterprise using the Collector

To send logs from the Collector to Splunk Cloud Platform or Splunk Enterprise, see Send logs to Splunk Cloud Platform or Splunk Enterprise.