As per solution provided on answers forum against the Question: Issues with Splunk_TA_nix and AIX, we changed the bandwidth.sh script to separate the two commands.
netstat -i -Z; sleep 1;
CMD='netstat -in'
But seems like Splunk user does not have the root privilege to execute netstat -i -Z command. Is there any other way on AIX server to execute this command with Splunk user (using another command or giving sudo permissions or adding splunk user to some AIX group), apart from re-installing the Splunk forwarder as root user?
You could use sudo
and configure sudoers
to allow the splunk user to run only the exact command (please use the full path) that the script needs to execute, then call sudo netstat -in
in your script.