I have installed Latest version of the Splunk App for CEF(2.0.1) in the clustered environment and it works fine , but my question here is can we forward the data from indexes or like (index=*) instead from data models . I have tried tweaking the search which the outputs produces and it seems doesn't work .
Or is there any way we can write all of the index data in outside of the splunk so I can monitor that data and feed it to our non-prod environment's
App is also only allowing to select one dataset for each DM for the output's , which leads to create more outputs list .
Thanks in Advance!