Using Universal forwarder as intermediate forwarder for source universal forwarders can cause

1. Events being merged into one  event randomly.
2. Permanently blocked tcpout queue on  Intermediate Universal Forwarder(IUF).

Randomly merged events. There are few scenarios where this can happen. Assuming there are > 1 IUFs and > 1 indexers.

Let's say source UF partially read an event and get's restarted. This partial event is sent to IUF1, IUF1 immediately sends it to Indexer1. Incomplete event now sits in to parsing queue of Indexer1. 

After restart, source UF sends rest of the partially read event and few other complete events to IUF2 and indexer2. After that source UF switches to IUF1 and starts sending some events. The moment  IUF1 selects  indexer1, indexer1 will merge previously saved partial event to random new event of same source file of source UF.

There are some other scenario where partial event waiting on indexer's parsing queue will be merged with some random event of same file.

Another problem with having Intermediate Universal forwarder load balancing Universal Forwarders, is permanently blocked tcpout queue.

Following slide explains how there can be a permanently blocked tcpout queue on  Intermediate Universal Forwarder

https://conf.splunk.com/files/2019/slides/FN1570.pdf