When I launch Splunk web interface,I get next message.How to fix it?
"received event for unconfigured/disabled index='_audit' with source='source::audittrail' host='host::myhostname' sourcetype='sourcetype::audittrail'.
Click Manager-->Indexes, then "Enable" the _audit index. It should then be fixed when you restart Splunk.
never-displayed
