I am trying to upload logs and whenever I do the logs come out scattered. Do I have to give every colum a title e.g In the column where there are src_ip's do I have to indicate that as the header of that column? Because in the raw logs there isn't anything of such just values. Anytime I try doing a query for example index=** sourcetype=*** | top limit=10 user src_ip It doesn't give me any result. The only time I get a result is just with the index=** sourcetype=***  In the second photo attached, the INTERESTING FIELD has the values instead of the name.   How do i resolve this, pleasssse!! Been stuck here. ... View more

Hey there, I am actually new to Splunk and at the moment I don't know what I a doing wrong. So I have a vm1 which has Splunk Enterprise deployed in it and another vm2 with the Universal Forwarder deployed in it. My aim is to forward logs from vm2 to the Splunk Enterprise in vm1, up till now I am not still able to do that. Checked agent Mgt still not seeing any device added or even on Add Data (Select Forwarders). How do I resolve this? What am I doing wrong? Thanks in anticipation.   ... View more