-
Bug
-
Resolution: Done
-
Normal
-
None
-
Logging 5.9.0
-
False
-
None
-
False
-
NEW
-
OBSDA-549 - Reliability and performance tuning for log collection
-
NEW
-
-
-
Log Collection - Sprint 251
Description of problem:
when compression=gzip, logs can be received in splunk.
when compression=zlib,snappy,zstd logs cannot be received in splunk. the collector raise error below.
oc logs clf-to-splunk-dmrmg Creating the directory used for persisting Vector state /var/lib/vector/splunk-aosqe/clf-to-splunk Starting Vector process... 2024-03-14T14:21:44.676696Z ERROR sink{component_kind="sink" component_id=output_splunk_aosqe component_type=splunk_hec_logs}: vector::sinks::util::retries: Not retriable; dropping the request. reason="response status: 415 Unsupported Media Type" internal_log_rate_limit=true
Steps to Reproduce:
- Deploy splunk-9.0 in the openshift-cluster.
- Forward logs to splunk using all supported compression methods(gzip,snappy,zlib,zstd).
cat <<EOF | oc apply -f -
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: clf-to-splunk
spec:
inputs:
- application:
namespaces:
- project-qa-1
name: myLogsQA
outputs:
- name: splunk-aosqe
type: splunk
tuning:
compression: 'gzip'
secret:
name: to-splunk-secret
url: https://splunk-default-service.splunk-aosqe.svc:8088
pipelines:
- name: pipe1
inputRefs:
- myLogsQA
outputRefs:
- splunk-aosqe
serviceAccountName: clf-to-splunk
EOF
Actual results:
Logs can not be forward to splunk when compression is snappy,zlib or zstd.
Expected results:
Limit the supported compression method to gzlib.
