Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Persistent Queue

hrawat_splunk
Splunk Employee
Splunk Employee
‎05-21-2024 04:22 PM

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/Data/Usepersistentqueues

Persistent queuing is available for certain types of inputs, but not all.

One major limitation with persistent queue at inputs  enabled on certain UF/HF/IHF/IUF inputs, if downstream parsingqueue/indexqueue/tcpoutqueue are blocked/saturated and a DS bundle push triggers splunk restart, events will be dropped if UF/HF/IHF/IUF failed to drain queues.

On windows DC, persistent queuing is enabled for windows modular inputs, DS bundle push triggers DC restart and events in parsingqueue/tcpoutqueue will be dropped.

On windows DC, some windows event (event occurred while the workstation was being shut down ) logs are always lost.

When Laptops are off the network and restarted/shutdown, in-memory queue events are dropped. 

With PQ, during splunk restart on forwarding tier, still splunk in-memory queued events might get dropped. 

Labels (1)
Labels
Tags (1)
Reply
Get Updates on the Splunk Community!

Let’s Talk Terraform

If you’re beyond the first-weeks-of-a-startup stage, chances are your application’s architecture is pretty ...

Cloud Platform | Customer Change Announcement: Email Notification is Available For ...

The Notification Team is migrating our email service provider. As the rollout progresses, Splunk has enabled ...

Save the Date: GovSummit Returns Wednesday, December 11th!

Hey there, Splunk Community! Exciting news: Splunk’s GovSummit 2024 is returning to Washington, D.C. on ...