Hey all super new to splunk administration - I'm having issues with the bro logs being indexed properly I have 2 days of logs from a folder - but when I go and search the index - despite Indexes showing millions of events existing, I only see the bro tunnel logs, and they're for the wrong day I'm not even looking to set up all the sourcetypes and extractions at this moment. I just want all of the logs ingested and searchable on the correct day/time.  I've played with the Bro apps and switching the config around in the props.conf.  I've deleted the fishbucket folder to start over and force the re-indexing Overall I feel like there's another step I'm missing.  inputs.conf [monitor://C:\bro\netflow] disabled = false host = MyHost index = bro crcSalt = <SOURCE> 1) why are the tunnel logs being indexed for the wrong day? How do I fix? 2) where are the rest of the logs and how do I troubleshoot?  ... View more