Splunk IT Service Intelligence

How to handle Splunk ITSI Warning | Eventtype 'wineventlog-ds' Missing?

caiosalonso
Path Finder

Hi,

We have a new implementation of Splunk ITSI, running on Splunk Cloud, in a new search head. Since the day the search head was installed, every search that we run is followed by a warning message related to a missing eventttype.

Warning message is similar to below:
"[idx-1.my-company.splunkcloud.com,idx-2.my-company.splunkcloud.com] Eventtype 'wineventlog-ds' does not exist or is disabled."

Anyone have ever experienced this behavior on Splunk ITSI? Or have any knowledge of which is the source app/add-on that contains this eventtype that is being referenced by ITSI?

Thanks!

Labels (2)
0 Karma
1 Solution

yannK
Splunk Employee
Splunk Employee

The Content Pack for Windows Dashboards and Reports (DA-ITSI-CP-windows dashboards) requires the Splunk Add-on for Microsoft Windows as a prerequisite.

All the mentioned event types are shipped with this add-on. The Splunk Add-on for Microsoft Windows DNS is an older app, now archived but functionality of this add-on has been incorporated in Splunk Add-on for Microsoft Windows.
Therefore, installing the Splunk Add-on for Microsoft Windows on the SH will eliminate the missing event types errors from the environment.

View solution in original post

Farheen
Explorer

There are pre-req's that are required to have the correct knowledge objects for Windows Infrastructure app. If these are not on the same Search Head as the windows infrastructure app it will give you those errors.

http://docs.splunk.com/Documentation/MSApp/1.3.0/MSInfra/Platformandhardwarerequirements#The_Splunk_...

The Splunk Add-ons for Microsoft Active Directory and Windows DNS v1.0.0 or later

The suite of Splunk Add-ons for Active Directory must be installed on universal forwarders in the Windows deployment.

You can download the Splunk Add-ons for Microsoft Active Directory and Windows DNS from Splunkbase.

Please refer the original post for more info on this
https://community.splunk.com/t5/All-Apps-and-Add-ons/Message-quot-Eventtype-wineventlog-ds-does-not-...

 

yannK
Splunk Employee
Splunk Employee

The Content Pack for Windows Dashboards and Reports (DA-ITSI-CP-windows dashboards) requires the Splunk Add-on for Microsoft Windows as a prerequisite.

All the mentioned event types are shipped with this add-on. The Splunk Add-on for Microsoft Windows DNS is an older app, now archived but functionality of this add-on has been incorporated in Splunk Add-on for Microsoft Windows.
Therefore, installing the Splunk Add-on for Microsoft Windows on the SH will eliminate the missing event types errors from the environment.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...