I build distributed Splunk Enterprise network the network flow is like below
*UF--->HF------->IDX----->SH*
In which I monitor a log file using inputs.conf
[monitor:///var/log/syslog]
disabled = false
index = new_indexer
I also created a new index in Indexer
But the log files are not indexing in indexer.
if I remove the index stanza in inputs.conf file the data is now indexing on the indexer.
Now here my question
How I specify the index to route the data to specific index?