Hi,
I'm having a problem with setting up my data stream for scripted input. I have the splunk universal forwarder setup on my node and it's working. I have a script that prints a JSON object (I also have script that generates key-value pair events and have the same problem with that) and I've setup the following configuration:

etc/system/local/inputs.conf

[script://$SPLUNK_HOME/bin/scripts/rdb_vm_status.sh]
interval=60
index=vecc
disabled=0
source=rdb_vm_status
sourcetype=rdb_vm_status

[host]$ cat props.conf
[rdb_vm_status]
KV_MODE = json
TIMESTAMP_FIELDS = tl_timestamp
SHOULD_LINEMERGE = false

Output from script:
[host]$ ./splunk cmd scripts/rdb_vm_status.sh
{ "tl_timestamp" : "2019-05-08 07:29:32", "VIP" : "10.145.14.180", "agent": [ { "IP": "10.145.14.179", "type": "Standby", "state": "UP", "db_state": "UP"},{ "IP": "10.145.14.178", "type": "Master", "state": "UP", "db_state": "UP"}, { "IP": "10.145.14.177", "type": "Standby", "state": "UP", "db_state": "UP"} ], "db_insync": "yes"}
[host]$

I can see the events in Splunk search (not the same event but an older one):

{ [-]
VIP: 10.145.14.180

agent: [ [+]
]

db_insync: No Master DB found
tl_timestamp: 2019-05-07 15:44:54

}
Show as raw text
Event Actions
Type

Field Value Actions
Selected

host
bl2ecmrdb1.vcc.t-mobile.lab
source
rdb_vm_status

Time

_time
2019-05-07T15:44:54.000-07:00

Default
index
vecc

linecount
1

sourcetype
rdb_vm_status

splunk_server
blvnnm03

I would expect to be able to see the event fields if I click on "All Fields" in left sidebar and have them available there.

So apart from inputs.conf and props.conf, is there any other configuration I need to do to setup this data ingestion?

Regards,
Mikael