Temporarily I dont have access to search head.
I had set the inputs.conf to forward windows eventlogs to Splunk indexer.
How do i confirm that my logs are forwarded to Splunk indexer from Universal forwarder?
I tested this :
> splunk list forward-server Splunk username: admin Password:***** Active forwards: 10.xxx.xxx.xxx:9997 Configured but inactive forwards: None
SO , from this can i confirm logs are forwarded successfully ?