Re: receiving errors after upgrading to 4.2.1

jcbrendsel · ‎05-13-2011

We just completed upgrading to 4.2.1.

But now, in our console, we keep getting error messages such as the following:

received event for unconfigured/disabled index='sample' with source='source::/opt/splunk/etc/apps/sample_app/logs/maillog' host='host::ip-10-250-39-210' sourcetype='sourcetype::sendmail' (1 missing total)

Any ideas?

hazekamp · ‎05-15-2011

jcbrendsel,

The "sample_app" app ships with Splunk and is told to index the following by default:

## inputs.conf
[monitor://$SPLUNK_HOME/etc/apps/sample_app/logs]
index=sample
sourcetype=sendmail

The error is likely caused by the disablement of the sample index that also ships with this app. I would recommend disabling the "sample_app" altogether, or re-enabling this index.

receiving errors after upgrading to 4.2.1

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation