Is the Crowdstrike app installed on a search head cluster? Is the Crowdstrike add-on installed on the heavy forwarder? Did you only add inputs from the heavy forwarder? Did you call support to have data streaming authorized? These are all necessary steps to get CS data in.
... View more