@sivaranjiniG , have you defined props and transforms under the search app context? Or if you created a new app, did you check the permission for app where you have defined props and transforms? can they be used in app context search or globally? (This can be validated in Splunk by going to Manage Apps (looking for sharing attribute) and searching for the custom app (if that's the case)) I was curious to know, have your tried removing "FORMAT = " (by default it should be considered an empty string)   ... View more

Yes, with email relay there is option for "IP address authentication"; means to authorize a specific server's IP address to send email through the relay service. ... View more

@maheshnc , you might need to enable email relay from your DMC/LM server to Email server in order to send internal emails (as per your organizational policies.) ... View more

Are you using "sslCommonNameToCheck"; this name should be defined in your cert installed on DS for validating the connections from Forwarders.  below for your reference... sslCommonNameToCheck = <comma-separated list> * One or more X.509 standard Common Names of the server certificate which splunkd, as a client, checks against when it connects to a server using TLS. * The Common Name (CN) is an X.509 standard field in a certificate that identifies the host name that is associated with the certificate. * The CN can be a short host name or a fully qualified domain name. For example, the CN can be one of "example", "www.example.com", or "example.com". * If the client cannot match the CN in the certificate that the server presents, then the client cannot authenticate the server, and terminates the session negotiation immediately. * For this setting to have any affect, the 'sslVerifyServerCert' setting must have a value of "true". * This setting is optional. * No default (no common name checking).   ... View more