Hi Community,   The sslPassword in Seach Head $SPLUNK_HOME/etc/system/local/web.conf not being hashed. Other .conf password like server.conf & authentication.conf in $SPLUNK_HOME/etc/system/local/ are hashed. I have changed the password recently in web.conf recently.   Anyone have any idea? ... View more

Hi Community,   One of the log source (e.g. index=my_index) at my company's splunk became inter=main. After multiple investigation, i found that Infrastructure Team has refreshed the device to a new hardware due to product EOL (same brand, same product, e.g. Palo Alto 3020 to PA3220). Also, the device IP is changed. Thus, i have modified the monitoring path at inputs.conf in Add-on and distribute to HF by deployment server.   Here is the example for what i modified:   [monitor:///siem/data/syslog/192.168.1.101/*] #original ip was 192.168.1.100  disabled = false  index = my_index sourcetype = my:sourcetype host_segment = 4   After such changes, i tried to verify the result on HF, the inputs.conf was successfully update to the new version.    However, the logs remain to index=main when searching on Search Head after the changes i did above.   Anyone know if any other thing i need to modify? Or else there are other root cause that making the logs fall under wrong index apart from the ip changes?   ... View more