Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Could not send data to parsing queue

siddharthmis
Explorer
โ€Ž01-30-2018 02:21 AM

I have following in the logs-

INFO  TailReader - Could not send data to output queue (parsingQueue), retrying...
INFO  TailReader -   ...continuing.

On checking the metrics.log, I can see it reads-

INFO  Metrics - group=queue, name=parsingqueue, blocked=true, max_size_kb=512, current_size_kb=511

So, the problem is likely on the indexing side only - perhaps the indexing box is overloaded.

Any idea what can be done to fix this?

0 Karma
Reply

p_gurav
Champion
โ€Ž01-30-2018 05:49 AM

Hi siddharthmis,

Can you check monitoring console and also how many files server is monitoring?

0 Karma
Reply

siddharthmis
Explorer
โ€Ž02-05-2018 09:07 PM

Hi,

Sorry for the late reply. The server indeed monitors huge number of log files.
I increased the maxSize limit to a higher value in server.conf at the location ...\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\ and it helped.

0 Karma
Reply

p_gurav
Champion
โ€Ž02-05-2018 09:12 PM

Hi ,

Good it got resolved. But its always best practice to change configuration in "local" directory instead "default". ๐Ÿ™‚

0 Karma
Reply