Hello,
My colleague configured 1 heavy forwarder and I configured the other 2. In my Splunk, I see both sourcetype UDP:514 and sourcetype syslog.
Is this normal, or did we set different sourcetypes when we set them up?
We used the CLI and when I check \splunk\home\etc\local\inputs.conf the file has almost nothing in it, except the host...
Can someone tell me where I can go to compare on the 2 systems if we have set different sourcetypes?
Thanks,
↧