Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Could not send data to parsing queue

siddharthmis
Explorer
‎01-30-2018 02:21 AM

I have following in the logs-

INFO  TailReader - Could not send data to output queue (parsingQueue), retrying...
INFO  TailReader -   ...continuing.

On checking the metrics.log, I can see it reads-

INFO  Metrics - group=queue, name=parsingqueue, blocked=true, max_size_kb=512, current_size_kb=511

So, the problem is likely on the indexing side only - perhaps the indexing box is overloaded.

Any idea what can be done to fix this?

0 Karma
Reply

p_gurav
Champion
‎01-30-2018 05:49 AM

Hi siddharthmis,

Can you check monitoring console and also how many files server is monitoring?

0 Karma
Reply

siddharthmis
Explorer
‎02-05-2018 09:07 PM

Hi,

Sorry for the late reply. The server indeed monitors huge number of log files.
I increased the maxSize limit to a higher value in server.conf at the location ...\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\ and it helped.

0 Karma
Reply

p_gurav
Champion
‎02-05-2018 09:12 PM

Hi ,

Good it got resolved. But its always best practice to change configuration in "local" directory instead "default". 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...