Problem:
We have been losing log messages at the Sumologic collection receivers using hosted HTTP collectors that are serving as the endpoint for log messages (via log4j2.xml config file)
https://github.com/SumoLogic/sumologic-log4j2-appender
Cause:
Absence of configuration of flushAllBeforeStopping can cause current data in the buffer not to be ingested into Sumo Logic if the appender terminates abnormally.
Absence of configuration for maxQueueSizeBytes would utilize the default 1million bytes for the buffer size and if the size of the data set to be ingested exceeds that, then we have seen data not be ingested into Sumo Logic. Appender logs may or may not (depending on the version of the Appender) display the following example log message
2018-11-21 11:12:21,005 Log4j2-TF-1-AsyncLoggerConfig--1 WARN Evicted 1 messages from buffer
Resolution:
Ensure the following settings are configured correctly
flushAllBeforeStopping - is an optional setting that should be set to true since it will flush all messages before stopping regardless of flushingAccuracyMs and avoid potential loss of data in ingestion.
maxQueueSizeBytes is another optional setting set to 1000000 by default for xaximum capacity (in bytes) of the message queue. If your message queue is bigger, it is recommended to increase this setting or else risk loss of data in ingestion
The relevant section in log4j2.xml would look like this
<SumoLogicAppender name="SumoAppender" url="${sumologic.httpsource.url}" flushAllBeforeStopping="true" maxQueueSizeBytes="<suitable_value>">
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss,SSS Z} [%t] level: %-5p category: %c - message: %m%n" />
</SumoLogicAppender>
Comments
0 comments
Please sign in to leave a comment.