hey, im new to splunk , im doing practice for arch lab, i was creating a index in indexes.conf , once i saved and restarted splunk, i got the following :
Problem parsing indexes.conf: idx=_audit Configured path 'volume:primary/audit/db' refers to non-existent volume 'primary'; 1 volumes in config
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at http://www.splunk.com/page/submit_issue
this indexes.conf on the indexer, (splunk_home$ etc/apps/BaseConf/local/indexes.conf)
↧