Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Upload and index a file : server abort

madmoravian
New Member
‎02-07-2012 08:10 AM

As a brand new user, I'm attempting to add several log files as input to my installation of splunk. These are server log files of about 3GB+. Whenever I attempt to "Upload and index a file" I get a "Your entry was not saved. The following error was reported: server abort." message.

I have managed to upload some access logs, but it generally takes me multiple tries to do so. The access log files are about 85MB in size.

Any thoughts? We are using 4.3

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Brian_Osburn
Builder
‎02-08-2012 06:02 AM

Try setting Splunk to read the directory, and not the file itself. My guess is it's trying to load the whole thing into memory or something.

Brian

View solution in original post

Reply
Solved! Jump to solution

apjhadoop
New Member
‎01-24-2014 12:39 PM

@madmoravian:
"moving the file to the Splunk server allowed it to successfully save and process the log file."

Moving it to which directory path on the Splunk server? Thanks.

0 Karma
Reply
Solved! Jump to solution

amiracle
Splunk Employee
Splunk Employee
‎03-18-2013 04:59 PM

If that does not work, try splinting the file into smaller chunks and see if your server can index the files then. On *NIX use the split command:

split -b 1000k largefile.big smallerfiles

You can also split it by lines if you know how many lines make up an event:

split -l 1000 largefile.big smallerfiles

This will then create the 'smallerfiles' with the suffix aa-zz.

0 Karma
Reply
Solved! Jump to solution
Solution

Brian_Osburn
Builder
‎02-08-2012 06:02 AM

Try setting Splunk to read the directory, and not the file itself. My guess is it's trying to load the whole thing into memory or something.

Brian

Reply
Solved! Jump to solution

himynamesdave
Contributor
‎03-25-2014 05:46 AM

+1 to this.

0 Karma
Reply
Solved! Jump to solution

madmoravian
New Member
‎02-08-2012 05:54 AM

Yes. moving the file to the Splunk server allowed it to successfully save and process the log file.

0 Karma
Reply
Solved! Jump to solution

Brian_Osburn
Builder
‎02-07-2012 05:56 PM

Let me know if this works, and we'll convert this to an answer..

0 Karma
Reply
Solved! Jump to solution

madmoravian
New Member
‎02-07-2012 12:23 PM

Not yet, as the file is not on the splunk server. I might move it over there and see what happens. Thanks for the suggestion.

0 Karma
Reply
Solved! Jump to solution

Brian_Osburn
Builder
‎02-07-2012 11:14 AM

Have you tried pointing Splunk @ the directory instead of at the file itself?

Brian

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top