Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk Universal Forwarders contain an option to enable persistent queues?

ppuru
Path Finder
‎02-14-2018 09:24 PM

As per Splunk documentation, "Persistent queues are not available for splunktcp (input from Splunk forwarders)". Does this mean UF's can't leverage the anti data loss advantages of persistent queues?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎02-14-2018 09:59 PM

According to the manual

Persistent queuing is available for certain types of inputs, but not all. Generally speaking, it is available for inputs of an ephemeral nature, such as network inputs, but not for inputs that have their own form of persistence, such as file monitoring.

Is not it that there is no problem because it has its own persistence?

View solution in original post

Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎02-14-2018 09:59 PM

According to the manual

Persistent queuing is available for certain types of inputs, but not all. Generally speaking, it is available for inputs of an ephemeral nature, such as network inputs, but not for inputs that have their own form of persistence, such as file monitoring.

Is not it that there is no problem because it has its own persistence?

Reply
Solved! Jump to solution

ppuru
Path Finder
‎02-22-2018 01:55 AM

Thanks for the response.
I guess in which case the answer is no.

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎02-22-2018 03:59 AM

No in which sense? As far as I know persistent queues are available on UF, but as the document states: only for specific inputs.

So if you have direct UDP or TCP inputs going to your UF (or any of the other that support persistent queues), you can queue those.

Note: splunktcp is a specific type of input to receive data from other forwarders, it is not the same as a normal TCP input. Splunktcp not supporting persistent queues is no problem, because you should be able to solve that on the original forwarder that first collected the data.

Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎02-22-2018 06:57 AM

Thanks FrankVl. I think so, too.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...