I'm facing the exact same issue, and I don't have the index specified in my inputs.conf file.
I' have an "Universal Forwarder" on a linux server with the Splunk_TA_stream app. When creating a new stream group in the app, it get pushed to the forwarder. ( I can see it when accessing "localhost:8889" ) So communication between my two machines is working. But on the "Stream App" I can only see events from the "Search Head Forwarder" where the stream app is installed on.
There are no errors in splunkd.log and streamfwd.log.
My external forwarder doesn't get matched as a forwarder in the "Distributed Forwarder Management" and doesnt' appear in "Stream Forwarder Status" dashboard.
Thanks for helping.
I could solve my issue by setting the forwarder to send logs to my search head.
output.conf on the forwarder:
defaultGroup = primary_indexers
forwardedindex.2.whitelist = (_audit|_introspection|_internal)
server = SEARCH_HEAD_FQDN:9997
input.conf on search head:
connection_host = ip
... View more