Thanks for your reply. I have created an index for this host and it started indexing in the correct index name i have created. But still i am getting the message, can we disable this from sending this logs to splunk.
I need the security, system and application which is now iam getting in splunk.
Sample Message:
unconfigured/disabled/deleted index=windows_server_powershell with source="source::WinEventLog:Microsoft-Windows-PowerShell/Operational" host="host::hostname" sourcetype="sourcetype::WinEventLog:Microsoft-Windows-PowerShell/Operational". So far received events from 2 missing index(es).
Sample Message2:
unconfigured/disabled/deleted index=windows_server_sysmon with source="source::WinEventLog:Microsoft-Windows-Sysmon/Operational" host="host::hostname" sourcetype="sourcetype::WinEventLog:Microsoft-Windows-Sysmon/Operational". So far received events from 1 missing index(es).
... View more