There is a calculation error with number bytes used by a given connection while logging. This log message is false positive.
Use following workaround to suppress the log.
set in $SPLUNK_HOME/etc/log-local.cfg
category.AutoLoadBalancedConnectionStrategy=ERROR
Issue is fixed by splunk 9.1.3/9.2.1.
It's added to fixed issues
(SPL-248188, SPL-248140).
https://docs.splunk.com/Documentation/Splunk/9.2.1/ReleaseNotes/Fixedissues
You may also want to checkout https://community.splunk.com/t5/Knowledge-Management/Slow-indexer-receiver-detection-capability/m-p/...
Not every bug get's added there as each release will have hundreds of issues.
I will get this added to
https://docs.splunk.com/Documentation/Splunk/9.1.3/ReleaseNotes/Fixedissues
You can reach out to support and get official confirmation about fixed version.
We see this exact issue and it started after upgrading to 9.2.0.1. Suppressing the warning works as expected but was curious if you found this specific to 9.2 we are upgrading from 9.0.5 so it may have been introduced in 9.1 as well.
Correct. This is applicable for 9.1.0 and above.
There is a calculation error with number bytes used by a given connection while logging. This log message is false positive.
Use following workaround to suppress the log.
set in $SPLUNK_HOME/etc/log-local.cfg
category.AutoLoadBalancedConnectionStrategy=ERROR
Issue is fixed by splunk 9.1.3/9.2.1.
Hi. We just upgraded from 9.0.6 to 9.1.4 and are seeing these same warnings.
Do we know that this was fixed in 9.1.4?
You are going to see log that provides correct information about bytes used that is less than maxQueueSize. This is useful to find slow receivers and allows you to fix the configs to avoid queue blocking.
What is not expected is log reporting bytes more than maxQueueSize. Example 18446603427033668018 bytes.
Example below log is expected and you rather want to fix configs to not let one receiver use all queue.
WARN AutoLoadBalancedConnectionStrategy [xxxx TcpOutEloop] - Current dest host connection nn.nn.nn.nnn:9997, oneTimeClient=0, _events.size()=41, _refCount=2, _waitingAckQ.size()=5, _supportsACK=1, _lastHBRecvTime=Thu Jun 20 12:07:44 2023 is using 25214400 bytes. Total tcpout queue size is 26214400. Warningcount=841
Can you share the log?
It would be great if this is logged as an actual bug, or at least a known issue.
Some of us have several 1000 of UF's, spread across multiple environments, and updating the log-local.cfg just isn't feasible.
It's logged as a bug and fixed for 9.1.3/9.2.1
Any documentation on this error? I did not see it in any of the Release Notes or Fixed Issues
It's not added to release notes. But addressed by 9.1.3(released) and 9.21(not yet released)
Thanks, but I looked at both links below and see no mention of it...should I be looking somewhere else?