Solved: creation of new index through ds not working

spyme72 · ‎10-31-2013

i created a new index by creating a new TA app.
i added the indexes.conf to the default folder . when i pushed the configuration the index is not getting created.
getting the following error
Search peer stluspkidxdev02 has the following message: received event for unconfigured/disabled/deleted index='windows' with source='source::WinEventLog:Application' host='host::stlwexchcast01' sourcetype='sourcetype::WinEventLog:Application' (2 missing total)
x

lguinn2 · ‎11-01-2013

The error message is indicating that the index is not available.

Did you restart the indexer after installing the new TA app? Indexes do not become available until after the indexer is restarted, unless the index was created via the Splunk GUI.

You can restart splunkd using the deployment server, or you can manually restart the indexer(s).

View solution in original post

lguinn2 · ‎11-01-2013

The error message is indicating that the index is not available.

Did you restart the indexer after installing the new TA app? Indexes do not become available until after the indexer is restarted, unless the index was created via the Splunk GUI.

You can restart splunkd using the deployment server, or you can manually restart the indexer(s).

creation of new index through ds not working

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk