Thank You for your reply!
There is no $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local directory there is a $SPLUNK_HOME/etc/apps/Splunk_TA_linux /default directory. There also is no existing input.conf file, the files available in $SPLUNK_HOME/etc/apps/Splunk_TA_linux /default are:
/opt/splunkforwarder/etc/apps/Splunk_TA_linux/default$ ls -ltr
total 52
-rw-r--r-- 1 splunk splunk 2833 Apr 19 2018 transforms.conf
-rw-r--r-- 1 splunk splunk 1481 Apr 19 2018 tags.conf
-rw-r--r-- 1 splunk splunk 7821 Apr 19 2018 props.conf
-rw-r--r-- 1 splunk splunk 2802 Apr 19 2018 eventtypes.conf
-rw-r--r-- 1 splunk splunk 24647 Apr 19 2018 eventgen.conf
drwxr-xr-x 3 splunk splunk 16 Apr 19 2018 data
-rw-r--r-- 1 splunk splunk 457 Apr 19 2018 app.conf
This is Splunk_TA_linux which in my understanding is different then Splunk Add-on for Unix and Linux, I used Splunk_TA_linux because it didn't require logging a support ticket.
... View more