Description
According to the known issues section of the documentation the logging for the add-on is located within var/log/splunk/ta_databricks.log and var/log/TA-Databricks/<command_name>command.log. This is inconsistent with standard Splunk apps/add-on, as they should log under /var/log/splunk with a suitable filename to indicate the source (i.e., ta_databricks) and any subcomponent as required (as an example, ta_databricks_.log).
The logging format should also match that of the standard Splunk logs so that they are automatically ingested and processed correctly. Also, the documentation states that indistinct/unclear error messages may be displayed within the UI, which are not helpful to analysts who encounter them. A suitable/useful error message should always be provided in the UI to aid in troubleshooting, rather than having to inspect the logs each time there is a failure.