Hello gents, Good day. I've been working on this, and I made this changes to my lab: - Disabled Firewall - Changed the topology to make the collector and Splunk server in two different subnets. (I'm not sure that this is major or not, but saw couple of discussions saying that Collector will not send the packets unless it rewritten first) However, it might work even if they were in the same subnet. The root cause of the issue was the Firewall on Collector Server, basically it was Centos 7. For reference, Firewall was allowing traffic on port 2055 - In direction by default, but it was very restrictive in out direction. I hope you find my answer helpful. ... View more