I have cloned a _json sourcetype to a custom sourcetype name and gave the correct URI for managed splunk cloud , still not being able to send logs to managed splunkcloud . I have also created a custom sourcetype cloning json_no_timestamp , it works, what are we missing
1) Is the issue on sourcetype definition or log4j configuration?
2) How to correct it ?
Thanks will have a look and post back
We need more detail. In any case, check the error logs for splunkd and there is probably something there that you can fix.