Hi guys,
I get this error message on Splunk App for Infrastructure:
Received event for unconfigured/disabled/deleted index=em_metrics with source="source::Perfmon:CPU" host="host::DSK0098" sourcetype="sourcetype::Perfmon:CPU". So far received events from 1 missing index(es).
Can anyone tell me why i get this and how can i correct it?
Thank you.
The add-on/app installed and configured is sending logs/data to an index called "em_metrics", but that's not defined. Please create "index=em_metrics" if you haven't done so and the message will go away. [ if you are creating indexes via indexes.conf], you will need to restart the indexer.
The add-on/app installed and configured is sending logs/data to an index called "em_metrics", but that's not defined. Please create "index=em_metrics" if you haven't done so and the message will go away. [ if you are creating indexes via indexes.conf], you will need to restart the indexer.
Hi lakshman239,
This is the short answer.
The longer answer is the fact that i have overlooked the fact that i needed to install Splunk Add-on for Infrastructure.
Bogdan.