Hi,
I'm running the latest Splunk indexer and forwarders (6.2.1) with my indexer on Linux and my forwarders on Windows 2008 R2. I've also deployed the Splunk Add-on for Microsoft Windows (4.7.3) on both the indexer and forwarders.
I'm seeing a lot of the following errors in my splunkd.log
WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='Security_ID_as_src_nt_domain'
WARN SearchOperator:kv - Missing FORMAT for: transform_name='Security_ID_as_src_nt_domain'
What are these errors from and how can I fix them?
... View more