How to clear message up at the top

How can I clear this message showing at the top of the search splunk interface?

Search peer su1-splunk-indexer02 has the following message: received event for unconfigured/disabled index='risops' with source='source::/data/kill_logs/current.log' host='host::su1-hacks10.wowadmin.net' sourcetype='sourcetype::shadowwatch' (1 missing total)

message

asked 09 Feb, 12:19

suhprano
189●1●6
accept rate: 0%

One Answer:

oldest newest most voted

The easiest way would be to create an index called risops - it's basically telling you it's missing an index that it received and event for.

Other then that, you could fix the offending forwarder to send it to another index.

link

answered 09 Feb, 12:46

Brian Osburn
2.8k●13
accept rate: 22%

Thanks for responding, but I just want to clear the message. I've already updated the inputs.conf to not use that index. The underlining issue is resolved, but I still see this message at the top of the interface, I just want to know how to remove the message.

(09 Feb, 12:50) suhprano

It should go away..may have to log out and re-log back in..

(09 Feb, 12:51) Brian Osburn

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

message ×21

Asked: 09 Feb, 12:19

Seen: 231 times

Last updated: 09 Feb, 12:51

How to clear message up at the top

Follow this question

Splunk Resources

Related questions