I'm trying to change were universal forwarders information gets indexed.

Example:

Universal forwarder configured to send data to splunkserver:2222

On the Splunk server in my /etc/system/local/inputs.conf I have:

[splunktcp://2222]
index = notmain

However all the forwarded data goes into the main index.
Thanks