I'm trying to get the *nix app going using the universal forwarder. I can forward logs fine from /etc/system/local/inputs.conf until I enable the *nix app. Once I enable the app it does forward *nix /etc/apps/unix/local/inputs.conf logs but not my system defined logs.
When *nix is enabled the splunkd.log just stays on INFO TcpOutputProc - Connected to idx= :9997
When it's disabled it updates fine and shows processing of the log files.
I've tried the configuration from my main splunk receiver server that is also using *nix and the default one from the unix/defaults/. Both cause the same action.
... View more