Splunk frequently asked questions!!!
Question – How often does the forwarder send data to indexer?Answer – The forwarder sends data immediately when it becomes available. There is no certain interval that it waits or anything like that. but since it can send in blocks and set source type it must be waiting at least for an end of line,… Read More »