Periodically we see the following errors in Splunk:
Search peer serverxxxxx has the following message: Received event for unconfigured/disabled/deleted index=ube with source="source::tcp:19500" host="host::machinexxx" sourcetype="sourcetype::dummy". So far received events from 4 missing index(es).
We have uberagent data going to the default index as specified in the config. -
Any ideas how we can fix these strange events errors