Hi All,
My setup is firewall are sending logs to Syslog server and heavy forwarder installed on syslog server itself to read the files.
Since 2 days we are getting warn message "Enqueuing a very large file" and HF stopped sending logs to splunk cloud indexers (each file size is 2GB to 3.50GB in an hour).
Till now we tried increasing queue size that is set to unlimited in server.conf.
[queue=parsingQueue]
maxSize = 0
And also set thruput in limits.conf to unlimited.
[thruput]
maxKBps = 0
Please help to resolve this issue.
Thanks.
Bhaskar
↧