When I asked "Are the UFs internal logs being sent to the indexers?", I'm wondering if you can search for index=_internal host=<<forwarder name>> and see the forwarders logs.  If so, then connectivity is confirmed; otherwise, it is not.

I am getting data for this query -->index=_internal host=forwardername* . This depicts that the connectivity is not an issue.

Agreed.  So now we focus on the file(s) the UF is trying to read. If you run splunk list monitor on the UF, does it show the expected file(s)?  If not, then the monitor stanza is incorrect or the UF is not finding the stanza.

Hi @richgalloway 

Thanks for your response.

When I run the command ./splunk list monitor in my uf I am able to see the input i.e. I get the expected file path.

few steps that I tried from my end.

I appended the files at same location for AMER,APAC and Emea-non-ngdc, I can see the appended changes reflecting in the splunk sh but still not getting data from Emea-non-ngdc. 

Please find the details requested by you.

Inputs.conf

[monitor:///directoryname/region_202*]
disabled = 0
index = custom_normal
sourcetype = custom_test

permissions for this file 

-rw-r--r-- 1 nobody nobody 1388 May 1 20:50

no error in splunkd.log wrt to this application.

Can you elaborate a little more wrt to ->Are the UFs internal logs being sent to the indexers?