connection_host = ip
defaultGroup = index_nodes
server = 10.1.1.2:5555
index = main
sourcetype = kevin
This does not work when my forwarder has the SplunkLightForwarder app enabled. But when I disable it and pretend it's a normal Splunk instance it works. ¿por qué?
SplunkLightForwarder disables network inputs. The presumption is that if you're going to send something over the network, send it straight to the indexer rather than passing it thought a LWF. The input can be selectively re-enabled.
So I added the lines which made it work
disabled = false
Would any of the other settings in default-mode.conf effect me, such as pipeline:fifo?
View solution in original post