I would run everything on linux that will give you a beter performance you can run all apps on both Windows and Linux, you just can't use all the TA's on both. This is correct and makes sense when you think about it, because on Windows there is no /var/log/ directory to monitor... The problem you were having with the *nix app was that it was the config of the TA you were trying to save, you can safely ignore that and remove the visibility of that part, in the manage app menu of Splunk.
... View more