- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Is it correct that the AMQP Messaging Modular Inpu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe I misunderstand how the MQ should be used.
In my trials I used a publisher publishing a message to an exchange with a set of routing keys. The subscriber then would create its own exclusive Queue and binds it with the wished routing keys to the exchange.
Using the the AMQP MInput I could observe a channel but no queue. After I created an the corresponding queue the splunk AMQP client bound the configured routing keys and received the sent messages.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Mod Input does not create queues. You connect to an existing defined queue.
Source is here : https://github.com/damiendallimore/SplunkModularInputsJavaFramework/tree/master/amqp
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Mod Input does not create queues. You connect to an existing defined queue.
Source is here : https://github.com/damiendallimore/SplunkModularInputsJavaFramework/tree/master/amqp
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay I just try to understand the reasoning behind it. In the "basic" rabbitMQ tutorials the pub and sub always make sure that the queue exists and therefore never encounter this problem.
Is it because as consumer/subscriber it is out of your scope/control what the AMQP compliant provider does and therefore "simply" (have to) assume that everything is already set up properly?
The quite real problem I ran into is that until I figured out what was the problem rabbitMQ created quite a log. Even more so when i restarted the MQ server/system which killed the non-persistent queue. The error log quickly grew to 12GB which then disabled the splunk indexer (<5GB) on my splunk test device. It feels a little bit like a local DoS ...
Of an operational perspective I need the error to know that there is something wrong, but it kinda sucks when this actually breaks the system 🙂 Sure I could turn off the ERROR log level, which would be kinda stupid ...
PS : the same problem arises with a bad password, but at a much slower rate ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
