Re: Read Time Out Error: Splunk Enterprise 7.1.0

samnathan · ‎06-12-2018

While inputting a Apache Archive file in ASCII format, 20.7 MB gzip compressed, 205.2 MB uncompressed am getting a "Read Timeout" error. This log/ASCII file has one line per request, with the following columns:
1. host making the request. A hostname when possible, otherwise the Internet address if the name could not be looked up.
2. timestamp in the format "DAY MON DD HH:MM:SS YYYY", where DAY is the day of the week, MON is the name of the month, DD is the day of the month, HH:MM:SS is the time of day using a 24-hour clock, and YYYY is the year. The timezone is -0400.
3. request given in quotes.
4. HTTP reply code.
5. bytes in the reply

Can someone help please?

samnathan · ‎06-12-2018

I tried restarting Splunk and attempted "Upload." It gets stuck at "Generating Data Preview" and gets "Read Timeout" throws error. It's a free dataset a trace containing one month's worth of all HTTP requests to the NASA Kennedy Space Center WWW server in Florida. If someone wants to try please let me know. I don't have enough Karma points to share the URL. However you may find it in ita"dot"ee"dot"lbl"dot"gov website.

Read Time Out Error: Splunk Enterprise 7.1.0

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation