https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232635#M188414 <P>This is very helpful ** i installed the add on Windows Infrastructure App upgrade when the DNS<BR /> and all the data warning gone . good one !!</P> Tue, 05 Jun 2018 14:30:13 GMT anilsharmahk 2018-06-05T14:30:13Z https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232630#M188409 <P>On the various dashboards created after the upgrade of the last Splunk Enterprice version (6.4.2) a yellow triangle is now present.</P> <P>Selecting it a pop-up appear saying "Evernttype 'wineventlog-dns" disabled or does not exist.</P> <P>How can disabled it and find what introduced it</P> Thu, 18 Aug 2016 15:23:26 GMT https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232630#M188409 arkonner 2016-08-18T15:23:26Z https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232631#M188410 <P>On your search head open Settings &gt; Event Types</P> <P>In here, search for "wineventlog-dns" and check it's status. If it's disabled, you could try re-enabling it.</P> <P>When upgrading splunk odd things somethings get turned off / on - this may just be one of those things?</P> <P>Before re-enabling the event type, run through the logic of the search string to make sure it will do what you expect, as any post-install pre-upgrade changes made may also have been reset.</P> Thu, 18 Aug 2016 15:31:36 GMT https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232631#M188410 sheamus69 2016-08-18T15:31:36Z https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232632#M188411 <P>I have this issue as well, however I have no event type called wineventlog-dns, for me this happened after upgrading to 6.4.2, however I believe it started when I upgraded the windows infrastructure app</P> <P><A href="https://splunkbase.splunk.com/app/1680/">https://splunkbase.splunk.com/app/1680/</A></P> Thu, 06 Oct 2016 18:59:33 GMT https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232632#M188411 austinparker 2016-10-06T18:59:33Z https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232633#M188412 <P>Same thing happened to me.</P> Fri, 14 Oct 2016 14:59:19 GMT https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232633#M188412 matthew_foos 2016-10-14T14:59:19Z https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232634#M188413 <P>I believe that the issue is stemming from the Windows Infrastructure App upgrade when the DNS TA is not also upgraded. It looks like the Windows Infra App is looking to create msad-dns-events eventtype using a search that involves <CODE>OR (eventtype=wineventlog-dns (Type=Warning OR Type=Error))</CODE> </P> <P>Installing Splunk Add-on for Microsoft Windows DNS (<A href="https://splunkbase.splunk.com/app/3208/">https://splunkbase.splunk.com/app/3208/</A>) contains the missing lookup and removes the error. This may need to be installed on a Forwarder, Indexer, and/or Search Head depending on your deployment.</P> <P>Btool export from Windows Infra App's default/eventtypes.conf:</P> <PRE><CODE>[msad-dns-events] search = ((eventtype=wineventlog_application OR eventtype=wineventlog_system OR eventtype=wineventlog_security) (Type=Warning OR Type=Error) DNS) OR (eventtype=wineventlog-dns (Type=Warning OR Type=Error)) </CODE></PRE> Mon, 17 Oct 2016 20:34:46 GMT https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232634#M188413 mmcginnis2 2016-10-17T20:34:46Z https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232635#M188414 <P>This is very helpful ** i installed the add on Windows Infrastructure App upgrade when the DNS<BR /> and all the data warning gone . good one !!</P> Tue, 05 Jun 2018 14:30:13 GMT https://community.splunk.com/t5/Splunk-Search/Event-type-disabled/m-p/232635#M188414 anilsharmahk 2018-06-05T14:30:13Z