I've got the Splunk Add-on for Unix and Linux installed on my index master and across my 3 indexers via a cluster bundle.
In the App for Unix & Linux running on my search head, I can see results from all 4 hosts, text like the output from cpu.sh and ps.sh .
But none of the add-on specific fields, e.g., pctCPU from top.sh , are being extracted, which of course breaks many of the associated dashboards.
Any help on getting the app & add-ons working, and in particular, fixing field extraction, across the cluster would be very much appreciated.
... View more