Hi Folks,
Sorry for a basic question, I am a newbie.
I have successfully installed and configured Hadoop Connect to Splunk.
Created a HDFS input, selected default in my index selection (Index test_stage was not created)
Went to my search field and entered my sourcetype resulted the event data and was showing index as main
After the above step, i created a new index test_stage, went to Hadoop Connect HDFS and changed my index to test_stage.
Reloaded index and Restarted splunk still my index does not show any results.
Main index shows all the data, test_stage says "No results found"
Here is the cat inputs.conf
[hdfs://x.x.x.x/user/test/stage/test_stage]
host = test_stage
sourcetype = test_XML
index = test_stage
inputs.conf shows right index, why i am still not seeing any data in my new index?
PS: I also verified roles for admin user has access to search this index.
Please suggest me where I am doing wrong and any solutions.
Thanks for looking into this question.
