Splunk HEC exporter sends empty log messages, which are disregarded with an error message #20290
Comments
atoulme
added
exporter/splunkhec
and removed
needs triage
|
Is Splunk also running on Windows? |
|
No this is the Splunk cloud endpoint. Nothing running locally. |
|
Understood. We had that report - the "No data" error means that the log record itself is empty. This is a bug ; we should probably drop empty log records. |
atoulme
changed the title
|
No the log record is not empty, i am sending the same log to signalfx endpoint and its reaching there fine. Just not on Splunk |
|
The error specifically says |
|
@rohits-splunk can you attach the configurations you're using for splunk hec exporter? Are they default? |
|
Hi @vihas-splunk , This is my splunk_hec exporter configuration :: Tracessapm: Metrics + Eventssignalfx: Logssplunk_hec: |
|
is there any chance you can share the logs that you're ingesting? |
|
@vihas-splunk Here you go :: |
|
@atoulme can you please assign this to me, I have found the root cause. |
|
It’s yours! |
Component(s)
No response
Describe the issue you're reporting
I am trying to export logs from a window server using OTEL collector and HEC exporter , but getting the below error in windows event logs ::
1.6795869182428775e+09 error exporterhelper/queued_retry.go:401 Exporting failed. The error is not retryable. Dropping data. {"kind": "exporter", "data_type": "logs", "name": "splunk_hec", "error": "Permanent error: \"HTTP/1.1 400 Bad Request\\r\\nContent-Length: 27\\r\\nConnection: Keep-Alive\\r\\nContent-Type: application/json; charset=UTF-8\\r\\nDate: Thu, 23 Mar 2023 15:55:18 GMT\\r\\nServer: Splunkd\\r\\nVary: Authorization\\r\\nX-Content-Type-Options: nosniff\\r\\nX-Frame-Options: SAMEORIGIN\\r\\n\\r\\n{\\\"text\\\":\\\"No data\\\",\\\"code\\\":5}\"", "dropped_items": 1} go.opentelemetry.io/collector/exporter/exporterhelper.(*retrySender).send go.opentelemetry.io/[email protected]/exporter/exporterhelper/queued_retry.go:401 go.opentelemetry.io/collector/exporter/exporterhelper.(*logsExporterWithObservability).send go.opentelemetry.io/[email protected]/exporter/exporterhelper/logs.go:135 go.opentelemetry.io/collector/exporter/exporterhelper.(*queuedRetrySender).start.func1 go.opentelemetry.io/[email protected]/exporter/exporterhelper/queued_retry.go:205 go.opentelemetry.io/collector/exporter/exporterhelper/internal.(*boundedMemoryQueue).StartConsumers.func1 go.opentelemetry.io/[email protected]/exporter/exporterhelper/internal/bounded_memory_queue.go:61In the hec endpoint i am using the same endpoint which i tried for sending the events through curl which worked perfectly. Not sure why the exporter is failing.
The text was updated successfully, but these errors were encountered: