Could not send data to parsing queue

siddharthmis · ‎01-30-2018

I have following in the logs-

INFO  TailReader - Could not send data to output queue (parsingQueue), retrying...
INFO  TailReader -   ...continuing.

On checking the metrics.log, I can see it reads-

INFO  Metrics - group=queue, name=parsingqueue, blocked=true, max_size_kb=512, current_size_kb=511

So, the problem is likely on the indexing side only - perhaps the indexing box is overloaded.

Any idea what can be done to fix this?

p_gurav · ‎01-30-2018

Hi siddharthmis,

Can you check monitoring console and also how many files server is monitoring?

siddharthmis · ‎02-05-2018

Hi,

Sorry for the late reply. The server indeed monitors huge number of log files.
I increased the maxSize limit to a higher value in server.conf at the location ...\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\ and it helped.

p_gurav · ‎02-05-2018

Hi ,

Good it got resolved. But its always best practice to change configuration in "local" directory instead "default". 🙂

Could not send data to parsing queue

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >