All Apps and Add-ons

Subscription Status - Unacknowledged Messages on Pub/Sub [Google Cloud Platform Add-on]

mikaelarz45
Explorer

Hi everyone,

I would like to ask some help regarding the alerts we are getting in Google Stackdriver. This is regarding the unacknowledged messages in our environment. We still don't know why there are so many unacknowledged messages for this add-on.

Please see image below.

alt text

How to resolve this issue of unacknowledged messages? Note: The add-on is placed on the heavy forwarder.

0 Karma
1 Solution

mikaelarz45
Explorer

Issue has been resolved.

Note: This issue is happening since the input cannot cope up with the large number of messages.

To fix this, just clone your existing inputs that is is supposedly getting this messages.

The answer we have been looking for is under the troubleshooting guide of the app.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Troubleshoot

View solution in original post

0 Karma

mikaelarz45
Explorer

Issue has been resolved.

Note: This issue is happening since the input cannot cope up with the large number of messages.

To fix this, just clone your existing inputs that is is supposedly getting this messages.

The answer we have been looking for is under the troubleshooting guide of the app.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Troubleshoot

0 Karma

tyron_
Explorer

So you will end up with multiple inputs, but on the backend using the same subscription. Is that correct?
I believe that would be the only way to avoid duplicate messages, right? If you have multiple subscriptions as well, you will get duplicates

0 Karma

mikaelarz45
Explorer

Yes that's correct.

0 Karma

vik_splunk
Communicator

@mikaelarz45 . Thanks much. Will give this a try. Appreciate it!

0 Karma

vik_splunk
Communicator

I know i am a bit late to the party but was this resolved @mikaelarz45 ??

We are facing the exact same issue now

0 Karma

mikaelarz45
Explorer

Hi @vik_splunk, this was resolved on our end. I've forgotten about this question and failed to post the solution. But here is what we did to resolve this.

Note: This issue is happening since the input cannot cope up with the large number of messages.

To fix this, just clone your existing inputs that is is supposedly getting this messages.

The answer we have been looking for is under the troubleshooting guide of the app.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Troubleshoot

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...