I want to increase one of my index frozen Time Period from 12 months to 13 months. I have increased the Max Size of Entire Index from the Splunk indexer > Settings. But I know this is not enough as my index frozen Time Period is set on 12 months period. So where should I update this value ? Should I need to update 'Indexes.conf' file for required indexes to the indexer server itself which is installed on Linux machine. What things I need to take care while updating this frozen Time Period.     ... View more

Splunk stopped sending email for Alerts, reports and Dashboards. Checked from IT team regarding SMTP settings under server settings option and there is no issue found from their end. Can you suggest me some solution or steps to resolve this issue.     ... View more

Hello Everyone,  We are trying to monitor specific local paths on a remote server (Remote01) and send the data to Splunk, either in an existing index or a new one.  We have installed a Universal Forwarder on the remote server and were able to fetch data from one folder (\\Remote01\e$\Document-DEF\Folder01) under the default index (index=main). However, we are unable to monitor a second folder (\\Remote01\e$\Document-GHI\Folder02) because the Universal Forwarder setup file only allows for one path.  We are facing the following challenges and would appreciate any guidance or advice on how to overcome them and successfully monitor both folders on the remote server in Splunk:  1.    We can't create a new index for the remote server. 2.    We can't get any information from the other folder we want to monitor ('Folder02'). 3.    We can't get information from the remote server in the existing index.  So in short, we can monitor one folder on the remote server Remote01 but unsure how to configure the forwarder to monitor a second folder on the same Remote01 server. Thanks in advance for your help! ... View more