Did u get to the solution for this. Running version 4.4 and have the exact issue.   Thanks ... View more

did you resolve this? I am trying 6.1.1 on RHEL 7.9 and using the RHEL 7 install getting the same issue ... View more

Did you get this resolved in the end? having the same issue ... View more

i have created a index for testing and selected that when i ingest the pcap. also i have selected system time. All that happens is that the inputs.conf file has the content of the pcap. I cannot see any data actually in splunk. ... View more

did you manage to find where in splunk the data is kept. This is driving me mad. ... View more

has it made your inputs.conf file really big? I am having the same issue. Each time i add a pcap it seems to complain and if i look on my search head under etc\system\local the inputs file will contain the pcap data. Not sure that's right as it could potentially fill up the search heads drive Damain ... View more

hi, Did you get to the bottom of this. I am in the same situation. Thanks ... View more