There seems to be a 10 to 15 minute delay in the data that is being sent from a light weight forwarder to my central splunk server. It actually appears to pick up the changes to my log files quickly as I see it send data to the server almost instantly, but I am unable to see it on search on the receiving splunk server for quite a while. The receiving server is nearly idle. The strange thing for me is that we have our splunk server setup to receive syslog directly from other devices and that data is showing up almost instantly. Any help would be greatly appreciated.
Thanks -
... View more