Hi,  Were you able to figure out what was causing this issue? I am experiencing the same problem within my environment.  ... View more

I think this may help: https://docs.splunk.com/Documentation/Splunk/8.2.2/Indexer/Managesinglepeerconfigurations I get what your saying as if you theoretically have 3 Indexer Peers therefore 3 different inputs.conf allowing Splunk SSL receiving. If it is a small deployment I would manage it on a peer by peer basis and locally configure it in its own app context/repository. Or use the same cert and password throughout (probably not what you want) and use the deployment server to deploy it as an app ... View more

I'm like 90% sure it has to do with a SSL issue, I just can't seem to pinpoint where to look. ... View more

Have the same requirement. Just set frozen time period and maxtotaldatasizemb to some very large value ( greater than physical disk you have ). Then nothing will get deleted until frozen time period which in your case is 7 years. ... View more