I have a single indexer and single search head with the indexer attached as a search peer and I created one index called "winevent" on the indexer.
I don't understand why the search head cannot see this index or auto complete it when I type it in search.
Is there another file I need to modify to make my search head aware of the indexes in an indexer?
I haven't seen a real clear answer on this and I am trying to expand my Splunk instance from all in one to distributed architecture
