Hi @yin_guan , at first, you don't need to locally index anything on the DS, so you can have : [indexAndForward]
index = false Then, did you checked if firewall route between UF and DS is open for...
See more...
Hi @yin_guan , at first, you don't need to locally index anything on the DS, so you can have : [indexAndForward]
index = false Then, did you checked if firewall route between UF and DS is open for the Management Port 8089 used by the DS ? You can check it from the UF using telnet: telnet 192.168.90.237 8089 Then, on the UF, I suppose that you configured outputs.conf in $SPLUNK_HOME/etc/system/local, is it true? it's a best practice do not configure outputs.conf in $SPLUNK_HOME/etc/system/local, but in a dedicated add-on deployed using the DS. At least, two or three minutes are required for the connection to the DS. Ciao. Giuseppe