There are 300 servers sending logs to the Heavy forwarder. The same common application is successfully deployed in all 300 servers and able to see all servers in forwarder-managment tab and app is also successfully deployed on all servers. But not able see logs from 200 on splunk cloud, also I can see logs are successfully coming to heavy forwarder as shown below in tcpdump output captured from HWF but unable to find logs of same server on Splunk Cloud.
22:50:10.781905 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 151196:151286, ack 1, win 55, length 90
22:50:21.891218 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 151286:153102, ack 1, win 55, length 1816
22:50:21.891845 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 153102:154925, ack 1, win 55, length 1823
22:50:21.897956 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 154925:155555, ack 1, win 55, length 630
22:50:21.899071 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 155555:155906, ack 1, win 55, length 351
22:50:21.900269 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 155906:156281, ack 1, win 55, length 375
22:50:21.901434 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 156281:156735, ack 1, win 55, length 454
22:50:21.934712 IP 10.11.45.142.57602 > 172.16.20.11.9997: Flags [P.], seq 156735:165117, ack 1, win 55, length 8382
... View more