Search peer xxxxxxxxxx has the following message:
Received event for unconfigured/disabled/deleted index=wineventlog with source="source::WinEventLog:Security" host="host::clientxxxx" sourcetype="sourcetype::WinEventLog:Security". So far received events from 1 missing index(es). 25/10/2016 14:04:25
My indexes.conf
[WinEventLog://Security]
disabled=0
index=webservices_windows
blacklist1=5156,4658,4672,5158,4648,4663,4776,4634,4656,5157
blacklist2 = EventCode="4624" Message="Account\sName:[\s\S]+-[\s\S]+Logon\sType\:[\s\t]+3[\s\S]+Account\sName:[\s\t]+[^\$]+\$"
checkpointInterval=5
current_only=1
[install]
state = enabled
[tcpout]
defaultGroup = ue-autolb-group
useACK = true
[tcpout:ue-autolb-group]
server = 00.000.00.000:9991, 00.000.00.000:9991, 00.000.00.000:9991
autoLB = true
please help deployment server correct same as indexers.
↧