Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Does Splunk Universal Forwarders contain an option to enable persistent queues?

ppuru
Path Finder
‎02-14-2018 09:24 PM

As per Splunk documentation, "Persistent queues are not available for splunktcp (input from Splunk forwarders)". Does this mean UF's can't leverage the anti data loss advantages of persistent queues?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎02-14-2018 09:59 PM

According to the manual

Persistent queuing is available for certain types of inputs, but not all. Generally speaking, it is available for inputs of an ephemeral nature, such as network inputs, but not for inputs that have their own form of persistence, such as file monitoring.

Is not it that there is no problem because it has its own persistence?

View solution in original post

Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎02-14-2018 09:59 PM

According to the manual

Persistent queuing is available for certain types of inputs, but not all. Generally speaking, it is available for inputs of an ephemeral nature, such as network inputs, but not for inputs that have their own form of persistence, such as file monitoring.

Is not it that there is no problem because it has its own persistence?

Reply
Solved! Jump to solution

ppuru
Path Finder
‎02-22-2018 01:55 AM

Thanks for the response.
I guess in which case the answer is no.

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎02-22-2018 03:59 AM

No in which sense? As far as I know persistent queues are available on UF, but as the document states: only for specific inputs.

So if you have direct UDP or TCP inputs going to your UF (or any of the other that support persistent queues), you can queue those.

Note: splunktcp is a specific type of input to receive data from other forwarders, it is not the same as a normal TCP input. Splunktcp not supporting persistent queues is no problem, because you should be able to solve that on the original forwarder that first collected the data.

Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎02-22-2018 06:57 AM

Thanks FrankVl. I think so, too.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...