noobie questions: How frequently does splunk index incoming updates (event logs) from forwarder. n other workds what are the Default settings for index refresh.
Also on the forwarder, i read from these Q&A pages that there is no way to batch the events (e.g. in windows event logs) on the forwarding server (Where forwarder is installed) such that i can send the events when a certain threshold (file size/event counter) is reached - any update will be captured by the forwarder and sent to the splunk server (correct?) So network essentially on the forwarding side caps my throughput.
... View more