Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting indexer error "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX-\x00\x00j\x00fre"?

LewisWheeler
Communicator
‎11-16-2015 02:53 AM

I have the following error message appearing every ~3 seconds. My searches have not yielded anyone who has this issue. Anyone come across it?

ERROR EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX-\x00\x00j\x00fre

My thoughts are that I have a bad data source coming in, which is somehow telling Splunk that it needs to be deposited into an index called \x00\x00j\x00fre - although trying to find it isn't too easy!

Reply
1 Solution
Solved! Jump to solution
Solution

tlelle_splunk
Splunk Employee
Splunk Employee
‎02-29-2016 08:41 AM

I was having this same issue. Removed splunk_add_on_nix from the SH's (SA-Nix from indexers as well), and this error disappeared.

View solution in original post

Reply
Solved! Jump to solution
Solution

tlelle_splunk
Splunk Employee
Splunk Employee
‎02-29-2016 08:41 AM

I was having this same issue. Removed splunk_add_on_nix from the SH's (SA-Nix from indexers as well), and this error disappeared.

Reply
Solved! Jump to solution

LewisWheeler
Communicator
‎03-01-2016 05:00 AM

I also had the add on enabled, I can't prove this was the cause as I no longer have access to the environment so as good an answer as we're going to get from @tlelle!

0 Karma
Reply
Solved! Jump to solution

tlelle_splunk
Splunk Employee
Splunk Employee
‎02-29-2016 08:24 AM

Happening to me at the moment as well. Strange error.

0 Karma
Reply
Solved! Jump to solution

asimagu
Builder
‎02-10-2016 03:43 AM

hi, did you find a solution for this problem. It is happening to me now

0 Karma
Reply
Solved! Jump to solution

LewisWheeler
Communicator
‎02-10-2016 08:12 AM

Never found the solution, I believe it was something strange coming from a Universal Forwarder (A windows one) which fixed itself - I think it was for mis-configured index for Windows eventlog data as that happened to coincide (seems there was a bug in a older version of the UC for Windows which meant some eventlog data was forwarded despite no options being selected during installation).

Fixed itself so never investigated further.

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...