Hi team, in my environment  lets say say i have 1000 forwarders so in order to set deployment poll i can not go in each every forwarder and set ./splunk set deploy-server DS IP:8089.   in this scenario how we do set please clarify is there any automatic script?   thanks in advance ... View more

Hi, I am having trouble for routing the logs(first.txt) to separate index1/2 and second.txt to index3/4.   below are my environment inputs.conf [monitor:///home/odelakumar06/first.txt] disabled = false host = hf index = firstone sourcetype = firstone _TCP_ROUTING = FirstGroupIndexer [monitor:///home/odelakumar06/second.txt] disabled = false host = hf index = secondone sourcetype = secondone _TCP_ROUTING = SecondGroupIndexer and my outputs.conf is [tcpout] defaultGroup = FirstGroupIndexer,SecondGroupIndexer [tcpout:FirstGroupIndexer] disabled = false server = 34.100.154.111:9997,35.244.6.201:9997 [tcpout:SecondGroupIndexer] disabled = false server = 34.100.190.134:9997,34.93.239.18:9997 and i have one SH and i added all the above indexes in SH.  when i search in SH index=firstone, nothing i am getting. when i see splunkd log getting below errors. Please suggest   02-02-2023 06:33:10.051 +0000 ERROR TcpInputProc [1983 FwdDataReceiverThread] - Message rejected. Received unexpected message of size=1195725856 bytes from src=162.142.125.9:49748 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload. host = indx-1 source =/opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd   ... View more

Hi All   I can not able to see events from zoom, however when i search in _internal index I can see count of events showing from soure=zoom_input.log. Please help me, i have set up the integration as per given in splunk doc and my input port 9997 is listining too.         ... View more