Hi,
I have a universal forwarder forwarding some log files to a Splunk index instance. I created a sourcetype for these log files. Now in the default search app, I can see the logs when I type "sourcetype=xxx". But the same sourcetype is not available in the Splunk app I created.
Is all sourcetypes visable to all Splunk apps? If not, where can I configure the permissions?
Thanks.
... View more