Delays with real-time logging from Orchestrator to Splunk (NLOG)

Hi @chris_tsurumaki,

We use Splunk for our troubleshooting and reporting.

From what I read in your post, I assume that your forwarder might be scheduling sync with delays. Or in your case since you are using Nlog to push data to index directly there may be some consolidation errors and delay.

We solved this by writing a dedicated NLog target to a text file, the text file is then parsed by Splunk forwarder and incrementally adds key value pairs to your Splunk index.

All our robot VDI s have splunk forwarder in them by default, which helps us a lot. We do not need to maintain or check if it is up and running.

This way we knew that what is written in our orchestrator logs are also written to splunk index via the dedicated text file.

Another thing to note that is splunk admins do not prefer logs with new lines within them and some skip search on such events with new line char in Message field.
Unexpected errors in UiPath process generate human readable logs with new line values. Remember to replace / remove new lines in your logs. Splunk admins will love that!

I have a walkthrough in this thread which might give you some more ideas Logs - ElasticSearch - #2 by jeevith

Hope this helps.

I am tagging @codemonkee here as he is another forum member who has extensive knowledge over splunk usage for UiPath.