I installed the Splunk TA for Solaris 11 in my UF (Universal Forwarder) and left the default collection from the inputs.conf
The stanza:
[script://./bin/ldoms.sh]
disabled=0
index = ia
interval=600
source=solaris:ldoms
sourcetype=solaris:ldoms
is default but no data is being collected. When I run the ldoms.sh as root, it outputs the expected results. I do not see any errors in the splunkd.log file associated with the script.
Any help in troubleshooting this issue would be great
↧