Yes, it's root.
I can't use, [script://./bin/openPorts.sh] instead of [script://./bin/openPortsEnhanced.sh], coz it's not a same. I need something like this — http://prntscr.com/i942vd

And as I said Unix:SSHDConfig have the same problem (what u can see from screenshot).

What can affect to this?

Try to run the script directly and see what happens: Change into the directory etc/apps/Splunk_TA_nix/bin and execute the script via ./openPortsEnhanced.sh

The output should be something like this:
[root@myhost bin]# ./openPortsEnhanced.sh
Fri Feb 2 13:33:15 CET 2018 app=ntpd dest_ip=* dest_port=123 pid=634 user=ntp fd=16u ip_version=4 dvc_id=15331 transport=UDP
Fri Feb 2 13:33:15 CET 2018 app=ntpd dest_ip=* dest_port=123 pid=634 user=ntp fd=17u ip_version=6 dvc_id=15332 transport=UDP
...

Having a look at the script, it runs the following command to get a list of the open ports:
lsof -i -P -n

What happens when you execute this command? Perhaps you need to install lsof.

@Yunagi
Hello.
So, if script run manually it's works, it's show correct information. Okay, how me fix this problem now? :S

What I find confusing is that the openPortsEnhanced script produces an output line for each open port plus one output line in the form of "... file_hash=(stdin)=...". This last line (whatever its purpose) is correctly visible in the screenshot of your original post. However, the other lines (the open port lines) are missing.
Maybe your search is wrong. Try a Splunk search like: index=* sourcetype="Unix:ListeningPorts".
Perhaps you can find error information in the internals logs. Search for something like: index=_* openPortsEnhanced.sh.

I have no direct access to PC and my client has not given me correct information.
The problem was in not installed isof.
Tnx for helping!