Hi, I have data cloning to 2 splunk indexers (instances): forwarder1 / \ Splunk01 Splunk02 when the network goes out on the forwarder1, splunk01 and splunk02 don't receive data. Which is expected. The problem is when, once the network is restored, splunk01 gets the lost data, but splunk02 does not get the data that was lost. my forwarder outputs.conf is (server names have been changed to make this easier to understand): [tcpout] defaultGroup = firstsplunkserver,secondsplunkserver [tcpout:firstsplunkserver] server = splunk01:9997 [tcpout:secondsplunkserver] server = splunk02:9997 Why isn't splunk02 getting the lost data? How do you clone this data from splunk01? Thanks! ... View more

HI, I'm a newbie to splunk, and I'm trying to install the db connect app, but i'm just going through tthe requirements and it says i need the JRE. But should I install the Server JRE or just the JRE listed on oracle? Here's the doc i'm going off of. http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Deploymentrequirements thanks! ... View more