I pushed updates to inputs.conf and outputs.conf to the universal forwarder. But it is not forwarding data to the indexers. How can I fix?
Sanity check :
check if you can search your forwarder internal logs, to confirm if it can forward or not.
index=_internal host=myforwarder
To troubleshoot forwarding :
Run a btool command on your forwarder to verify your configuration.
see http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Usebtooltotroubleshootconfigurati...
Focus on outputs, and use the --debug to get the details, in case you have a conflict between several settings.
./splunk cmd btool outputs list --debug
Possible issue are :
tcpout group not matching your actual tcpout stanza name.
SSL setting errors, maybe password
To dig more, look at your forwarder $SPLUNK_HOME/var/log/splunk/splunkd.log logs after a restart, grep/find for SSL or ERROR keyword.
For the inputs, use the btool on inputs to check.