Forwarding logs to Splunk via Vector returns HTTP 404 in RHOCP 4
Issue
- Log forwarding to Splunk via Vector log collector is configured but there are no logs being forwarded.
-
Following log entries can be found in log collector pods:
[user@server]$ oc -n openshift-logging logs collector-xfdxr | tail -20 Defaulted container "collector" out of: collector, logfilesmetricexporter 2023-03-21T08:44:45.236988Z ERROR sink{component_kind="sink" component_id=remote_splunk component_type=splunk_hec component_name=remote_splunk}:request{request_id=45340}: vector::sinks::util::retries: Not retriable; dropping the request. reason="response status: 404 Not Found" 2023-03-21T08:44:46.498813Z ERROR sink{component_kind="sink" component_id=remote_splunk component_type=splunk_hec component_name=remote_splunk}:request{request_id=45341}: vector::sinks::util::retries: Not retriable; dropping the request. reason="response status: 404 Not Found" [...]
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Red Hat OpenShift Logging (RHOL)
- 5
- Vector
- Splunk
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
