Ah so you've caught the inputs.conf issue. Hopefully you used some form of this command I gave you to figure that out. No?
./splunk cmd btool inputs list --debug
Can you mark my answer as the correct one?
Your problem is now solved. You now know the inputs.conf on 45 forwarders have a different index of wineventlog. So now you must change those conf files and restart the forwarders. Note, if any are heavy forwarders, they can be "refreshed" via api call vs restarting the entire service (if you even care, if you do... just ask 😉
If you have more than a handful of forwarders you absolutely need a deployment server... you should need one at least... maybe you dont ... but I would demand one if I had that many forwarders to babysit.
Check this link out and do mark my answer above as the most excellent please!
http://docs.splunk.com/Documentation/Splunk/6.2.5/Updating/Extendedexampledeployseveralstandardforwarders
Cheers!
... View more