Hi There,
I can see my data coming from the SAV box however it is being stored in the main index rather than Symantec index. From my limit knowledge it looks like the scripts are point to the symantec index however that is not the case.
This is an out of the box default install that I have no modified.
Any thoughts on where else I can look to resolve this?
Cheers
Hello,
The definition of Symantec index does exist on the Technology Add-ons under appserver/addons.
As per App docs, for distributed Splunk instances, the Technology Add-ons just needs to go on the indexers.
Technology Add-ons are included with this app in the appserver/addons directory.
Regards