Can we enable this scripted input if the user splunk is run as non root user?
Any workaround if we have to run splunk as non root user?
Yes that's possible. You have to do two things:
assertInvokerIsSuperuser
in the rlog.sh, so no super-user check is done./var/log/audit/audit.log
in RedHat.