Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to find an eventtype <eventtype>

nocostk
Communicator
‎03-29-2011 07:02 PM

I recently updated my searchheads and indexers to 4.2. For some reason I get an error on my search heads when I'm trying specific searches:

[splunksysnet02] Unable to find an eventtype ShoppingSite_Errors

splunksysnet02 is my indexer (not search head). Why would I be suddenly getting this message? Is Splunk now looking to indexers for eventtypes? I tried copying my etc/apps/search/local from my search head to indexer but I still get that error.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nocostk
Communicator
‎04-20-2011 07:03 AM

Looks like some of the eventtypes (and tags) were disabled. I think they were before the 4.2 upgrade but 4.1x didn't really complain? I enabled them and things are working now.

View solution in original post

Reply
Solved! Jump to solution
Solution

nocostk
Communicator
‎04-20-2011 07:03 AM

Looks like some of the eventtypes (and tags) were disabled. I think they were before the 4.2 upgrade but 4.1x didn't really complain? I enabled them and things are working now.

Reply
Solved! Jump to solution

hazekamp
Builder
‎03-29-2011 09:10 PM

In distributed search, Splunk will automatically replicate the bundle on your search head down to the indexers, so you do not need to do this manually. This error is likely related to a scheduled search or otherwise which refers to the ShoppingSite_Errors eventtype or there is a tag specified on this eventtype.

For instance:

## tags.conf
[eventtype=ShoppingSite_Errors]
error = enabled
0 Karma
Reply
Solved! Jump to solution

nocostk
Communicator
‎03-30-2011 04:56 PM

There are both. I checked the tar'd bundle and in apps/search/local/{tags.conf,eventtypes.conf} there is reference to ShoppingSite_Errors. So they do exist on the indexer - but I'm still not clear why I'm getting the error that it is unable to find it.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...