Forwarding logs to Splunk via Vector returns HTTP 404 in RHOCP 4

Solution Verified - Updated -

Issue

  • Log forwarding to Splunk via Vector log collector is configured but there are no logs being forwarded.
  • Following log entries can be found in log collector pods:

    [user@server]$ oc -n openshift-logging logs collector-xfdxr | tail -20
    Defaulted container "collector" out of: collector, logfilesmetricexporter
    2023-03-21T08:44:45.236988Z ERROR sink{component_kind="sink" component_id=remote_splunk component_type=splunk_hec component_name=remote_splunk}:request{request_id=45340}: vector::sinks::util::retries: Not retriable; dropping the request. reason="response status: 404 Not Found"
    2023-03-21T08:44:46.498813Z ERROR sink{component_kind="sink" component_id=remote_splunk component_type=splunk_hec component_name=remote_splunk}:request{request_id=45341}: vector::sinks::util::retries: Not retriable; dropping the request. reason="response status: 404 Not Found"
    [...]
    

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Red Hat OpenShift Logging (RHOL)
    • 5
  • Vector
  • Splunk

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content