Currently we have a UF that is configured with 50 inputs, of which 49 work well and only 1 does not index events and also reports any errors.
Review the information on the internal validating that the splunkd does not inform any evidence that it can help to validate why this input is not working.
But what you see is what you do next query index = _introspection component = PerProcess "event that does not index ..." I have current information, the script runs every 1 minute and gives me the next information.
Review the too many events that you index and don't use these metrics .... why when the event I stop indexing this information splunk differently,... and I don't understand why they too many fuels that are working correctly in the tienen this information.
Does the script run if you run it manually, with, for instance,
splunk cmd python /path/to/file.py
(Obviously fix that syntax, I'm sure it's wrong!)
Beyond that, I'm not sure what other information you've give us. I think autocorrect may have "fixed" many of your words for you, because I can't quite make sense out of the remainder of the question. Happy to listen again if you want to try reposting that?
Sorry for the delay, validate that the python as a process in the OS was taken and it was like that for more than 2 days, the _internal was checked and there was no information of any error or that splunk will show that there is a script input it cannot be executed for XXX reason .
To solve this, the input via web was deactivated (in an HF server) and then it was enabled, and after that it was validated that the indexing is done correctly.