I'm trying to deploy S.o.S TA for UNIX on a universal forwarded deployed to an AIX 6.1.0.0 instance in order to troubleshoot why the splunkd process is consistently consuming between 25% and 50% of our CPU.
I've extracted the tgz file under the "apps" directory, created a local inputs.conf with the various options enabled, and re-started the universal forwarder but no events are being forwarded.
I manually ran some of the bash scripts under the TA-sos bin directory and none of them are working properly. For the common.sh, I had to remove the case condition for it to work properly. For ps_sos.sh, running it gives the following error:
awk: 0602-521 There is a regular
expression error.
[] imbalance.
The source line number is 1. The
error context is
{NR == 1 && $0 = header} {sub("^", "", $1); if
(NF>12) {args=$13; for (j=14; j<=NF;
j++) args = args "" $j} else
args=""; sub("^[^\134[: -]*/",
"", >>> $12) <<<
There appears to be a issue with the FORMAT variable that is being set.
Any ideas on how to get this running properly?
