I have placed inputs.conf and outputs.conf on Splunk UF installed on application server to fetch the logs from a specific path but Splunk is not reading the same. I have tried to change the location of inputs.conf from Splunk_home/etc/apps/TA/local to /Splunk_home/etc/system/local but still no luck.
Don't know what is the issue for fetching data to Splunk, however, I am able to see the internal logs in Search Head.
It could be a permissions issue good place to check is splunkd.log or _internal index for errors, You can check the current monitor status by issuing command under $SPLUNK_HOME/bin use the "./splunk list inputstatus" to get more detailed info on where Splunk is in reading the different files.
Can you share the inputs.conf to see how did you configured?
Which platform those UF's are? -- Windows platform
Are you using DS for deploy those configs (probably not as you try to put those under system/local) -- No DS
My guidelines is that never ever put anything under system/local if it works somewhere else -- This is just for testing purpose, but reverted the change from etc/system/local to etc/apps/TA/local
Have you restart UF after adding those configurations or have you added those with CLI commands? ----Since it is Windows, have placed the TA manually by copy paste. Restarted Splunk services from Services
Which user is running splunk -- We have a user called splunk
Have you check UF's splunkd.log to see if there are any errors related to this -- Till now no such errors, but can see INFO ProxyConfig - Failed to initialize https_proxy from server.conf for splunkd.
Are UF's internal log seen on splunk SH? -- Yes I can see the splunk internal logs on SH but not the logs on the specified index