Getting Data In

Does Splunk Universal Forwarders contain an option to enable persistent queues?

ppuru
Path Finder

As per Splunk documentation, "Persistent queues are not available for splunktcp (input from Splunk forwarders)". Does this mean UF's can't leverage the anti data loss advantages of persistent queues?

0 Karma
1 Solution

HiroshiSatoh
Champion

According to the manual

Persistent queuing is available for certain types of inputs, but not all. Generally speaking, it is available for inputs of an ephemeral nature, such as network inputs, but not for inputs that have their own form of persistence, such as file monitoring.

Is not it that there is no problem because it has its own persistence?

View solution in original post

HiroshiSatoh
Champion

According to the manual

Persistent queuing is available for certain types of inputs, but not all. Generally speaking, it is available for inputs of an ephemeral nature, such as network inputs, but not for inputs that have their own form of persistence, such as file monitoring.

Is not it that there is no problem because it has its own persistence?

ppuru
Path Finder

Thanks for the response.
I guess in which case the answer is no.

0 Karma

FrankVl
Ultra Champion

No in which sense? As far as I know persistent queues are available on UF, but as the document states: only for specific inputs.

So if you have direct UDP or TCP inputs going to your UF (or any of the other that support persistent queues), you can queue those.

Note: splunktcp is a specific type of input to receive data from other forwarders, it is not the same as a normal TCP input. Splunktcp not supporting persistent queues is no problem, because you should be able to solve that on the original forwarder that first collected the data.

HiroshiSatoh
Champion

Thanks FrankVl. I think so, too.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...