All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Field Extractor and non-default indicies

eegilbert
Explorer
‎03-19-2014 03:02 PM

Hello,

I'm using the 2.1 version of the Field Extractor app and it doesn't appear to like non-default indexes:

Unable to initialize workflow
information: Ignoring unknown index
'indexname')

Stacktrace: Traceback (most recent
call last): File "", line 397,
in initInfoFromWorkflow File
"", line 494, in
setCurrentIndex ModelException:
Ignoring unknown index 'indexname'

Please note indexname is my generic index name for this example.

Reply
1 Solution
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎05-21-2014 10:27 AM

I fixed the problem. Update the app to 2.3.

I just updated the Field Extractor app to work in distributed environments, so it works with indexes not on the search head.

 http://apps.splunk.com/app/494/

Let me know if you see any problems.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎05-21-2014 10:27 AM

I fixed the problem. Update the app to 2.3.

I just updated the Field Extractor app to work in distributed environments, so it works with indexes not on the search head.

 http://apps.splunk.com/app/494/

Let me know if you see any problems.

0 Karma
Reply
Solved! Jump to solution

scsr_1
New Member
‎04-11-2014 07:23 AM

My network data has its own index and I am receiving the same error.

Unable to initialize workflow information: Ignoring unknown index 'index_name')

I checked with our Splunk Admin and he said the permissions are correct.

0 Karma
Reply
Solved! Jump to solution

carasso
Splunk Employee
Splunk Employee
‎03-19-2014 05:12 PM

Is it possible the user running the field extractor does not have permission to use that index?

0 Karma
Reply
Solved! Jump to solution

eegilbert
Explorer
‎03-20-2014 10:04 AM

Hello, I did wonder about this, however I'm using splunk with admin level permissions. I've even tried setting the app for read/write for all as a test and still get the same result.

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...