Hi, I see that 3 Splunk universal forwarders/hosts monitoring the similar log file/path have stopped ingesting logs. Logs from other paths are being ingested, though.
I checked the splunkd.log and I see the below errors from the respective hosts.
host1:
09-06-2017 02:49:55.612 -0400 ERROR TailingProcessor - Ignoring path="C:\xyz.txt" due to: Bug during applyPendingMetadata, header processor does not own the indexed extractions confs.
the timestamps are in est and has a standalone props to parse events.
host2 & host3:
Line 2222: 09-04-2017 20:03:50.275 -0400 ERROR TailingProcessor - Ignoring path="C:\xyz.txt" due to: bad allocation
The timestamps are in UTC and have a standalone props to parse events from these 2 hosts.
Thanks
↧
3 Splunk universal forwarders/hosts monitoring the similar log file/path have stopped ingesting logs
↧
