I am monitor a log file on data source server[IP :172.1.1.100] via UF.then sent it to a middle forwarder(Due to limited network access，I must need a middle forwarder). then middle forwarder forward it to cluster indexer.But my indexer did not receive any logs.I'm checked for _internal. get the followling error:

'TcpInputProc’ Message rejected .Recevd unexpected 1532714272 byte message! from src=172.1.1.100:42613 ,Maxinum message allowed:67108864.(::)

The following is inputs.conf and outputs.conf on data source server

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/inputs.conf

[monitor:///data/www/logs/paycloud-app.log]
index=tomcat
sourcetype=tomcat_paycloud-app

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/outputs.conf

[tcpout:indexer1]
server=172.21.1.111:9997
[tcpout]
defaultGroup = indexer1

The following is inputs.conf and outputs.conf on middle forwarder

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/inputs.conf

[splunktcp://9997]
host=connection_ip

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/outputs.conf

[indexer_discoverty:master1]
pass4SymmKey=123qwe!@#
master_uri=https://172.21.2.106

[tcpout:group1]
autoLBFrequency = 30
forceTimebasedAutoLB = true
indexerDiscovery = master1
useACK = true

Q: I confirmed the network is fully available.But why I do not receive any log?