You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 21, 2020. It is now read-only.
@znorm; I would recommend configuring your plugin for HTTP access to Splunk and running a packet capture in order to trace this down. My guess is that the event field passed to Splunk is empty, which is probably caused by a log record containing a blank message value.
I have seen that error when you try to push an entry which is empty. To avoid the error I added a filter on fluentd to exclude empty entries as a first rule.
This doesn't always happen, but it happens continuously sometimes with not explanation of what it means, and what we can do about it.
Eg logs
2017-09-02 16:16:19 +0000 [error]: #0 https://<splunk-server>/services/collector: 400 (Bad Request) {"text":"Event field cannot be blank","code":13,"invalid-event-number":31}
The text was updated successfully, but these errors were encountered: