Can someone from Splunk PLEASE give a serious answer to this question? Journal logs from systemctl are not something that it makes sense to ignore, and as I've said in another post about this, should be part of the default TA_NIX support at this point, most distros use this and have for YEARS now. Asking users to come up with some whack unsupported script to dump logs into a file is BS. you have plenty of scripted inputs in the add on for nix already, solve this in a standard way! If you want to opensource the development of the nix TA, put it on github or something and start letting customers do it. Having it fragmented and undocumented is dumb.
... View more