Alerting

Error while uploading file

panqa
New Member

I am new to splunk, and this it my first time using splunk. I am trying to upload a json config file, and is getting the below error:
Upload failed with ERROR : Read Timeout

Also, the health status of splunkd is showing red, in GUI with the below messages:
Root Cause(s):
The diskspace remaining=3793 has breached the red threshold for filesystems=[/opt/splunk/var/lib/splunk/audit/db]
Last 50 related messages:
05-17-2019 12:14:12.028 -0700 ERROR DiskMon - The index processor has paused data flow. Current free disk space on partition '/' has fallen to 3793MB, below the minimum of 4500MB. Data writes to index path '/opt/splunk/var/lib/splunk/audit/db'cannot safely proceed. Increase free disk space on partition '/' by removing or relocating data.

Root Cause(s):
The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate indexing or forwarding rate, or a sudden burst of incoming data.
Last 50 related messages:
05-17-2019 12:22:36.317 -0700 WARN TailReader - Could not send data to output queue (parsingQueue), retrying...
05-17-2019 12:14:12.089 -0700 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
05-17-2019 12:14:12.089 -0700 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
05-17-2019 12:14:12.085 -0700 INFO TailReader - batchreader0 waiting to be un-paused
05-17-2019 12:14:12.085 -0700 INFO TailReader - Starting batchreader0 thread
05-17-2019 12:14:12.085 -0700 INFO TailReader - Registering metrics callback for: batchreader0
05-17-2019 12:14:12.085 -0700 INFO TailReader - tailreader0 waiting to be un-paused
05-17-2019 12:14:12.085 -0700 INFO TailReader - Starting tailreader0 thread
05-17-2019 12:14:12.085 -0700 INFO TailReader - Registering metrics callback for: tailreader0

How get this rectified and proceed with uploading the file

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You may have two problems, with the first caused by the second. Let's address the more important one first. Your disk is too full. As one of the error messages says: "Increase free disk space on partition '/' by removing or relocating data."

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...