Hi,
I'm having a problem with setting up my data stream for scripted input. I have the splunk universal forwarder setup on my node and it's working. I have a script that prints a JSON object (I also have script that generates key-value pair events and have the same problem with that) and I've setup the following configuration:

etc/system/local/inputs.conf

[script://$SPLUNKHOME/bin/scripts/rdbvmstatus.sh]
interval=60
index=vecc
disabled=0
source=rdbvmstatus
sourcetype=rdbvm_status

[host]$ cat props.conf
[rdbvmstatus]
KVMODE = json
TIMESTAMPFIELDS = tltimestamp
SHOULDLINEMERGE = false

Output from script:
[host]$ ./splunk cmd scripts/rdbvmstatus.sh
{ "tltimestamp" : "2019-05-08 07:29:32", "VIP" : "10.145.14.180", "agent": [ { "IP": "10.145.14.179", "type": "Standby", "state": "UP", "dbstate": "UP"},{ "IP": "10.145.14.178", "type": "Master", "state": "UP", "dbstate": "UP"}, { "IP": "10.145.14.177", "type": "Standby", "state": "UP", "dbstate": "UP"} ], "db_insync": "yes"}
[host]$

I can see the events in Splunk search (not the same event but an older one):

{ [-]
VIP: 10.145.14.180

agent: [ [+]
]

dbinsync: No Master DB found
tltimestamp: 2019-05-07 15:44:54

}
Show as raw text
Event Actions
Type

Field Value Actions
Selected

host
bl2ecmrdb1.vcc.t-mobile.lab
source
rdbvmstatus

Time

time
2019-05-07T15:44:54.000-07:00

Default
index
vecc

linecount
1

sourcetype
rdbvmstatus

splunkserver
blvnnm03

I would expect to be able to see the event fields if I click on "All Fields" in left sidebar and have them available there.

So apart from inputs.conf and props.conf, is there any other configuration I need to do to setup this data ingestion?

Regards,
Mikael