Maybe I misunderstand how the MQ should be used.
In my trials I used a publisher publishing a message to an exchange with a set of routing keys. The subscriber then would create its own exclusive Queue and binds it with the wished routing keys to the exchange.
Using the the AMQP MInput I could observe a channel but no queue. After I created an the corresponding queue the splunk AMQP client bound the configured routing keys and received the sent messages.
The Mod Input does not create queues. You connect to an existing defined queue.
Source is here : https://github.com/damiendallimore/SplunkModularInputsJavaFramework/tree/master/amqp
The Mod Input does not create queues. You connect to an existing defined queue.
Source is here : https://github.com/damiendallimore/SplunkModularInputsJavaFramework/tree/master/amqp
Okay I just try to understand the reasoning behind it. In the "basic" rabbitMQ tutorials the pub and sub always make sure that the queue exists and therefore never encounter this problem.
Is it because as consumer/subscriber it is out of your scope/control what the AMQP compliant provider does and therefore "simply" (have to) assume that everything is already set up properly?
The quite real problem I ran into is that until I figured out what was the problem rabbitMQ created quite a log. Even more so when i restarted the MQ server/system which killed the non-persistent queue. The error log quickly grew to 12GB which then disabled the splunk indexer (<5GB) on my splunk test device. It feels a little bit like a local DoS ...
Of an operational perspective I need the error to know that there is something wrong, but it kinda sucks when this actually breaks the system 🙂 Sure I could turn off the ERROR log level, which would be kinda stupid ...
PS : the same problem arises with a bad password, but at a much slower rate ...