splunk-connect-for-kubernetes: Missing Logs

I have the below settings in my configmap, I am seeing loss of data in splunk ,not all the logs are pushed to splunk,

buffer:
  "@type": memory
  total_limit_size: 500m
  chunk_limit_size: 100m
  chunk_limit_records: 20000
  flush_interval: 5s
  flush_thread_count: 8
  overflow_action: drop_oldest_chunk
  #retry_max_times: 10
  retry_forever: true
  retry_type: periodic
  retry_wait: 5s

Could someone guide me if I am missing something here, I have observed loss of logs on only specific nodes. My setup is a on prem k8s with 3 masters and 10 nodes,kubernetes version is 15.5

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 20 (3 by maintainers)

Most upvoted comments

ok. do you see any splunk fluentd logs with error? ex: Failed POST to , response: {“text”:“Event field cannot be blank”,“code”:13,“invalid-event-number”:139} or any chance do your application pod logs has new line or white-spaces?

+1
shanmukha511 on Jul 14, 2020
Read more comments on GitHub
← splunk-connect-for-kubernetes: Metrics fails with RestClient::NotFound error="404 Not Found"
splunk-sdk-java: splunk sdk : com.splunk.HttpException: HTTP 401 -- call not properly authenticated →