I had the following scenario working in one clustered environment, using physical servers: 1. Route data to an index based on the value found in a raw data.  This is achieved by, using props and transforms conf that are deployed within a parsing app, that looks something like this: props.conf [a_somercetype] TRANSFORMS-index_routing = a_index_routing [b_sourcetype] TRANSFORMS-index_routing = b_index_routing transforms.conf: [index_routing] SOURCE_KEY = _raw REGEX = ^\d{4}\-\d{2}-\d{2}T\d{2}\:\d{2}\:\d{2}\.\d+\+\d{2}\:\d{2}\s\w+\.\w+\.bb\-(?<field1>\w+?)\- DEST_KEY = _MetaData:Index FORMAT = index_name_$1 note: field1 is where value a or b will appear There is also inputs.conf on the deployment server that pushes the config with correct index and sourcetype to the forwarder. This used to work without any issues. In fact still does in one of the clustered environment. But it doesn't work in the new test clustered environment as the data gets sent to main index instead of the indexes specified in props and transforms. Is there a setting on the indexer or elsewhere that could stop this from working? ... View more