I am migrating from a stand-alone Splunk instance to a Splunk cluster (w/ search-head-cluster + indexer-cluster) and I am hitting this problem.

On my search heads, I have these settings

/opt/splunk/etc/system/local/props.conf:

[altr_web]
KV_MODE = none
category = Web
REPORT-altr_web = REPORT-altr_web

/opt/splunk/etc/apps/search/local/transforms.conf:

[REPORT-altr_web]
DELIMS = "\t"
FIELDS = "ip1","ip2","time","uri","status","execTime","bytes","referer","ua","nwtc","uid","abCookie"

I also verified that these settings are present on my search head with these commands:
$SPLUNK_HOME/bin/splunk btool --app=search transforms list
$SPLUNK_HOME/bin/splunk btool --app=search props list

All these look fine. Then I sent a test log file using a forwarder. However, during my search, I discovered that the transformation specified in transforms.conf didn't happen. (I couldn't see any fields such as ip1, ip2, uri, etc)

To troubleshoot the problem, I use my browser to connect to an indexer UI page, use the UI's Add Data feature, upload the log file directly and specifically picked altr_web as its source type. Again, when I search (on my search head) I still couldn't see any transformation happening.

I restarted my search head, but that didn't help.

What else can I do to troubleshoot this problem?

Updates:
I have resolved the problem. It turns out I need to follow the "2. If you want to migrate custom settings from a default app" part in this doc https://docs.splunk.com/Documentation/Splunk/7.2.3/DistSearch/Migratefromstandalonesearchheads#Migra... in order to migrate the props.conf and transforms.conf settings to the search head. Once I did that, it's working now!