We've recently been seeing interruptions or delays to logs going into Splunk. I have noticed that global;scratch_buffers_count queued increases substantially and doesn't every seem to stop climbing. Here are the stats: SourceName;SourceId;SourceInstance;State;Type;Number destination;d_spol;;a;processed;0 src.internal;s_sys#2;;a;processed;384 src.internal;s_sys#2;;a;stamp;1590690126 center;;received;a;processed;1925133 destination;d_mesg;;a;processed;384 destination;d_mail;;a;processed;2 destination;d_auth;;a;processed;3 destination;d_mlal;;a;processed;0 center;;queued;a;processed;1962257 source;pan_splunk;;a;processed;1924743 destination;d_file;;a;processed;1561759 destination;d_cron;;a;processed;1 global;scratch_buffers_count;;a;queued;150323855375 destination;#anon-destination0;;a;processed;362983 global;payload_reallocs;;a;processed;5 global;sdata_updates;;a;processed;24 global;scratch_buffers_bytes;;a;queued;1536 destination;d_boot;;a;processed;0 destination;d_kern;;a;processed;0 source;s_sys;;a;processed;390 global;msg_clones;;a;processed;4662233 destination;d_file_no_location;;a;processed;37125 global;internal_queue_length;;a;processed;0 Here is the source configuration: source pan_splunk { network(port(514) transport("tcp") max-connections(100) flags(syslog-protocol) log-fetch-limit(100) log-iw-size(100000) log-msg-size(10485760) ); network(port(514) transport("udp") max-connections(100) flags(syslog-protocol) log-fetch-limit(100) log-iw-size(100000) log-msg-size(10485760) ); network(transport("tls") port(10514) max-connections(100) flags(syslog-protocol) log-iw-size(100000) log-fetch-limit(100) log-msg-size(10485760) tls(peer-verify(optional-untrusted) key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); }; Here is the destination configuration destination d_file { file("`BASEPATH`/$location/$HOST/$app/${HOST}_$app.log" create_dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750) owner("splunk") group("splunk") perm(0640) log-fifo-size(1000) disk-buffer( mem-buf-size(10000) disk-buf-size(2000000000) reliable(yes) dir("/var/log/remote/disk-buffer_dfile") ) flags("threaded", "no-multi-line") ); }; This includes some recent modifications to try and resolve the issue but nothing we have tried so far has made a difference. I would welcome any help you could provide. Thanks, -Mark