Hello, I answer to both of you, I leave you my outputs.conf that as you say I downloaded it from the cloud and it points to the indexers. [root@host ~]# cat /opt/splunk/etc/system/local/outputs.conf [tcpout] defaultGroup = splunkcloud_20231028_9aaa4b04216cd9a0a4dc1eb274307fd1 useACK = true indexAndForward = 0 [tcpout:splunkcloud_20231028_9aaa4b04216cd9a0a4dc1eb274307fd1] server = inputs1.tenant.splunkcloud.com:9997, inputs2.tenant.splunkcloud.com:9997, inputs3.tenant.splunkcloud.com:9997, inputs4.tenant.splunkcloud.com:9997, inputs5.tenant.splunkcloud.com:9997, inputs6.tenant.splunkcloud.com:9997, inputs7.tenant.splunkcloud.com:9997, inputs8.tenant.splunkcloud.com:9997, inputs9.tenant.splunkcloud.com:9997, inputs10.tenant.splunkcloud.com:9997, inputs11.tenant.splunkcloud.com:9997, inputs12.tenant.splunkcloud.com:9997, inputs13.tenant.splunkcloud.com:9997, inputs14.tenant.splunkcloud.com:9997, inputs15.tenant.splunkcloud.com:9997 But this is a problem with this source, because I have other sources that go through that HF and arrive correctly to the cloud. I have already tested that port 9997 is up, but I must be missing something else. I have created the index mx_windows on both cloud and HF. any more ideas?
... View more