Hi guys, I have a gd issue here. My universal forwarder sends logs to a splunk search head, and the search head sees the logs with the IP of the universal forwarder as if it were the log source, when it is actually not, it is just forwarding logs from the sources. How can I get rid of this so I can see at the searches the real log source IPs ?? Is there a reason why this IP overwrite could be useful ? I dont see it and for now what I need is to have real IPs on the search heads. Craving for a solution
... View more