Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Error while uploading file

panqa
New Member
‎05-17-2019 01:44 PM

I am new to splunk, and this it my first time using splunk. I am trying to upload a json config file, and is getting the below error:
Upload failed with ERROR : Read Timeout

Also, the health status of splunkd is showing red, in GUI with the below messages:
Root Cause(s):
The diskspace remaining=3793 has breached the red threshold for filesystems=[/opt/splunk/var/lib/splunk/audit/db]
Last 50 related messages:
05-17-2019 12:14:12.028 -0700 ERROR DiskMon - The index processor has paused data flow. Current free disk space on partition '/' has fallen to 3793MB, below the minimum of 4500MB. Data writes to index path '/opt/splunk/var/lib/splunk/audit/db'cannot safely proceed. Increase free disk space on partition '/' by removing or relocating data.

Root Cause(s):
The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate indexing or forwarding rate, or a sudden burst of incoming data.
Last 50 related messages:
05-17-2019 12:22:36.317 -0700 WARN TailReader - Could not send data to output queue (parsingQueue), retrying...
05-17-2019 12:14:12.089 -0700 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
05-17-2019 12:14:12.089 -0700 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
05-17-2019 12:14:12.085 -0700 INFO TailReader - batchreader0 waiting to be un-paused
05-17-2019 12:14:12.085 -0700 INFO TailReader - Starting batchreader0 thread
05-17-2019 12:14:12.085 -0700 INFO TailReader - Registering metrics callback for: batchreader0
05-17-2019 12:14:12.085 -0700 INFO TailReader - tailreader0 waiting to be un-paused
05-17-2019 12:14:12.085 -0700 INFO TailReader - Starting tailreader0 thread
05-17-2019 12:14:12.085 -0700 INFO TailReader - Registering metrics callback for: tailreader0

How get this rectified and proceed with uploading the file

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2019 02:18 PM

You may have two problems, with the first caused by the second. Let's address the more important one first. Your disk is too full. As one of the error messages says: "Increase free disk space on partition '/' by removing or relocating data."

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Introducing .conf Stories Series!

“.conf Stories” Series – First Feature: Rich Mahlerwein   Every year .conf brings together some of the most ...
li.common.scroll-to.top