All Apps and Add-ons

Subscription Status - Unacknowledged Messages on Pub/Sub [Google Cloud Platform Add-on]

mikaelarz45
Explorer

Hi everyone,

I would like to ask some help regarding the alerts we are getting in Google Stackdriver. This is regarding the unacknowledged messages in our environment. We still don't know why there are so many unacknowledged messages for this add-on.

Please see image below.

alt text

How to resolve this issue of unacknowledged messages? Note: The add-on is placed on the heavy forwarder.

0 Karma
1 Solution

mikaelarz45
Explorer

Issue has been resolved.

Note: This issue is happening since the input cannot cope up with the large number of messages.

To fix this, just clone your existing inputs that is is supposedly getting this messages.

The answer we have been looking for is under the troubleshooting guide of the app.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Troubleshoot

View solution in original post

0 Karma

mikaelarz45
Explorer

Issue has been resolved.

Note: This issue is happening since the input cannot cope up with the large number of messages.

To fix this, just clone your existing inputs that is is supposedly getting this messages.

The answer we have been looking for is under the troubleshooting guide of the app.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Troubleshoot

0 Karma

tyron_
Explorer

So you will end up with multiple inputs, but on the backend using the same subscription. Is that correct?
I believe that would be the only way to avoid duplicate messages, right? If you have multiple subscriptions as well, you will get duplicates

0 Karma

mikaelarz45
Explorer

Yes that's correct.

0 Karma

vik_splunk
Communicator

@mikaelarz45 . Thanks much. Will give this a try. Appreciate it!

0 Karma

vik_splunk
Communicator

I know i am a bit late to the party but was this resolved @mikaelarz45 ??

We are facing the exact same issue now

0 Karma

mikaelarz45
Explorer

Hi @vik_splunk, this was resolved on our end. I've forgotten about this question and failed to post the solution. But here is what we did to resolve this.

Note: This issue is happening since the input cannot cope up with the large number of messages.

To fix this, just clone your existing inputs that is is supposedly getting this messages.

The answer we have been looking for is under the troubleshooting guide of the app.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Troubleshoot

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...