Hello, There is an index named "linux" in our environment that needs to have the source universal forwarder changed to reflect a new server that is forwarding data. In other words, a server "syslog_01.server.net" was migrated to a new server "syslog_02.server.net". (not the actual domains.) The index "linux", I believe, is still listening to syslog_01, and needs to be changed to syslog_02. The universal forwarder was installed on the syslog_02 server. So I have two fairly high-level questions: 1.) How would I go about see the current configuration of the "linux" index (at least in terms of where it is listening?) 2.) How would I change where this index is listening? I've inherited the Splunk environment and am still a little fuzzy on how it was originally configured (the person who set it up no longer works here), but it looks like the data path goes like this: Universal forwarder  > heavy forwarder server > two index servers < master server to control index servers. I believe this is a standard configuration. The person who set up the environment left scant documentation regarding universal forwarder configuration. Apparently, universal forwarders are "Configured automatically by adding new universal forwarder server to linux_outputs or windows_outputs class" in the master server. However in the master server (splunk_home/etc/system/local), serverclass.conf doesn't contain any data. Although, I'm not entirely sure this would be the correct config file to change. Again, I'm fairly new to this environment and not sure how to proceed. Any and all input would be appreciated. Thank you! ... View more