While the 'Test' button in the Log Forwarding configuration successfully sends a test message to the collector, no actual log data is being forwarded afterward. 

The protocol is set to syslog

/storage/var/loginsight/runtime.log shows error Pending queue is full.

[“Importingthread-2”/airalogsip warn] [com.vmware.loginsight.ingestion.forwarding.baseforwarder] [dropped 1 events for target splunk IP, reason: pending queue is full [1033 suppressed]]

Aria Operations for Logs 8.18.5

Missing rule on firewall. The firewall allowed the initial handshake to go through but dropped traffic after inspecting the actual payload. 

Work with networking team to create rule on firewall to allow the traffic.