We have distributed splunk environment. I am using Splunk_TA_windows on universal forwarders to send security event logs to Heavy forwarder and then to indexer. I can see that data is being sent to Indexer since i could see size of index growing, however on my search head I could not see this data. Indexer has been added as a search peer on my Search Head.
What could be the possible issue?
Thanks in Advance
Shubham
↧