Correct. This is applicable for 9.1.0 and above.

Hi. We just upgraded from 9.0.6 to 9.1.4 and are seeing these same warnings.

Do we know that this was fixed in 9.1.4?

You are going to see log that provides correct information about bytes used that is less than maxQueueSize. This is useful to find slow receivers and allows you to fix the configs to avoid queue blocking.

What is not expected is log reporting bytes more than maxQueueSize. Example 18446603427033668018 bytes.


Example below log is expected and you rather want to fix configs to not let one receiver use all queue.

WARN AutoLoadBalancedConnectionStrategy [xxxx TcpOutEloop] - Current dest host connection nn.nn.nn.nnn:9997, oneTimeClient=0, _events.size()=41, _refCount=2, _waitingAckQ.size()=5, _supportsACK=1, _lastHBRecvTime=Thu Jun 20 12:07:44 2023 is using  25214400 bytes. Total tcpout queue size is 26214400. Warningcount=841

Can you share the log?

It would be great if this is logged as an actual bug, or at least a known issue.

Some of us have several 1000 of UF's, spread across multiple environments, and updating the log-local.cfg just isn't feasible.

It's logged as a bug and fixed for 9.1.3/9.2.1 

Any documentation on this error? I did not see it in any of the Release Notes or Fixed Issues

It's not added to release notes. But addressed by 9.1.3(released) and 9.21(not yet released)

Thanks, but I looked at both links below and see no mention of it...should I be looking somewhere else?

• https://docs.splunk.com/Documentation/Splunk/9.2.0/ReleaseNotes/Knownissues
• https://docs.splunk.com/Documentation/Splunk/9.1.3/ReleaseNotes/KnownIssues