I have an enterprise splunk deployment with 4 indexer clisters and a Search Head cluster.
I have installed Sophos app on Search head. I am getting the logs from sophos central servers by api integration method. I would like to know where these logs are stored? How to identify which indexer its storing on.