Getting Data In

received event for unconfigured/disabled/deleted index='msad' with source='source::ActiveDirectory' host='host::WP000265' sourcetype='sourcetype::ActiveDirectory'

Builder

I was getting the message as follows. What should i have to do to get those logs?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Create an index on your peers (indexers) called msad, or enable the existing msad index, or change the inputs.conf to send the data to another index.

View solution in original post

SplunkTrust
SplunkTrust

Create an index on your peers (indexers) called msad, or enable the existing msad index, or change the inputs.conf to send the data to another index.

View solution in original post