From dfa452d6157fe87133a6ff6d7ea9acb1e5f58c94 Mon Sep 17 00:00:00 2001
From: Splunk User <splunk@SPLDSMC.jpit.com>
Date: Sun, 22 Dec 2024 22:45:19 +0100
Subject: [PATCH] remove

---
 .../.DS_Store                                 |  Bin 6148 -> 0 bytes
 .../@PaxHeader                                |    1 -
 .../Splunk_TA_nix/.DS_Store                   |  Bin 6148 -> 0 bytes
 .../Splunk_TA_nix/LICENSES/Apache-2.0.txt     |  208 ---
 .../LICENSES/LicenseRef-Splunk-8-2021.txt     |  400 ------
 .../Splunk_TA_nix/README.txt                  |    4 -
 .../Splunk_TA_nix/README/restmap.conf.spec    |   12 -
 .../Splunk_TA_nix/THIRDPARTY                  |   61 -
 .../Splunk_TA_nix/VERSION                     |    2 -
 .../Splunk_TA_nix/app.manifest                |   66 -
 .../appserver/static/appIcon.png              |  Bin 3348 -> 0 bytes
 .../components/js_sdk_extensions/common.js    |   19 -
 .../js_sdk_extensions/monitor_inputs.js       |   54 -
 .../js_sdk_extensions/scripted_inputs.js      |   68 -
 .../Splunk_TA_nix/appserver/static/setup.css  |   64 -
 .../Splunk_TA_nix/appserver/static/setup.js   |  314 ----
 .../appserver/static/setup_cloud.js           |   34 -
 .../Splunk_TA_nix/bin/bandwidth.sh            |   92 --
 .../Splunk_TA_nix/bin/common.sh               |  138 --
 .../Splunk_TA_nix/bin/cpu.sh                  |  184 ---
 .../Splunk_TA_nix/bin/cpu_metric.sh           |  211 ---
 .../Splunk_TA_nix/bin/df.sh                   |  318 ----
 .../Splunk_TA_nix/bin/df_metric.sh            |  364 -----
 .../Splunk_TA_nix/bin/hardware.sh             |  225 ---
 .../Splunk_TA_nix/bin/interfaces.sh           |  528 -------
 .../Splunk_TA_nix/bin/interfaces_metric.sh    |  547 -------
 .../Splunk_TA_nix/bin/iostat.sh               |   52 -
 .../Splunk_TA_nix/bin/iostat_metric.sh        |   67 -
 .../Splunk_TA_nix/bin/lastlog.sh              |   53 -
 .../Splunk_TA_nix/bin/lsof.sh                 |   74 -
 .../Splunk_TA_nix/bin/netstat.sh              |   52 -
 .../Splunk_TA_nix/bin/nfsiostat.sh            |  199 ---
 .../Splunk_TA_nix/bin/openPorts.sh            |   66 -
 .../Splunk_TA_nix/bin/openPortsEnhanced.sh    |  125 --
 .../Splunk_TA_nix/bin/package.sh              |   67 -
 .../Splunk_TA_nix/bin/passwd.sh               |   30 -
 .../Splunk_TA_nix/bin/protocol.sh             |   81 --
 .../Splunk_TA_nix/bin/ps.sh                   |   76 -
 .../Splunk_TA_nix/bin/ps_metric.sh            |  110 --
 .../Splunk_TA_nix/bin/rlog.sh                 |   61 -
 .../Splunk_TA_nix/bin/selinuxChecker.sh       |   56 -
 .../Splunk_TA_nix/bin/service.sh              |  196 ---
 .../Splunk_TA_nix/bin/setup.sh                | 1276 -----------------
 .../Splunk_TA_nix/bin/setupservice.py         |   38 -
 .../Splunk_TA_nix/bin/sshdChecker.sh          |   98 --
 .../Splunk_TA_nix/bin/time.sh                 |   67 -
 .../Splunk_TA_nix/bin/top.sh                  |   87 --
 .../Splunk_TA_nix/bin/update.sh               |  130 --
 .../Splunk_TA_nix/bin/uptime.sh               |   52 -
 .../Splunk_TA_nix/bin/usersWithLoginPrivs.sh  |   45 -
 .../Splunk_TA_nix/bin/version.sh              |   44 -
 .../Splunk_TA_nix/bin/vmstat.sh               |  181 ---
 .../Splunk_TA_nix/bin/vmstat_metric.sh        |  193 ---
 .../Splunk_TA_nix/bin/vsftpdChecker.sh        |   65 -
 .../Splunk_TA_nix/bin/who.sh                  |   41 -
 .../Splunk_TA_nix/default/.DS_Store           |  Bin 6148 -> 0 bytes
 .../Splunk_TA_nix/default/app.conf            |   30 -
 .../Splunk_TA_nix/default/data/.DS_Store      |  Bin 6148 -> 0 bytes
 .../Splunk_TA_nix/default/data/ui/.DS_Store   |  Bin 6148 -> 0 bytes
 .../default/data/ui/nav/default.xml           |    8 -
 .../views/ta_nix_configuration.env_cloud.xml  |   23 -
 .../data/ui/views/ta_nix_configuration.xml    |   96 --
 .../Splunk_TA_nix/default/eventtypes.conf     |  722 ----------
 .../Splunk_TA_nix/default/inputs.conf         |  270 ----
 .../Splunk_TA_nix/default/macros.conf         |    7 -
 .../Splunk_TA_nix/default/props.conf          |  788 ----------
 .../Splunk_TA_nix/default/restmap.conf        |    9 -
 .../Splunk_TA_nix/default/tags.conf           |  851 -----------
 .../Splunk_TA_nix/default/transforms.conf     |  531 -------
 .../Splunk_TA_nix/default/web.conf            |    8 -
 .../lookups/nix_da_update_status.csv          |    8 -
 .../lookups/nix_da_version_ranges.csv         |    8 -
 ...nix_linux_audit_action_object_category.csv |   12 -
 .../lookups/nix_linux_service_startmodes.csv  |  129 --
 .../lookups/nix_vendor_actions.csv            |   22 -
 .../Splunk_TA_nix/metadata/default.meta       |   11 -
 .../Splunk_TA_nix/splunkbase.manifest         |  359 -----
 .../Splunk_TA_nix/static/appIcon.png          |  Bin 3348 -> 0 bytes
 .../Splunk_TA_nix/static/appIconAlt.png       |  Bin 3348 -> 0 bytes
 .../Splunk_TA_nix/static/appIconAlt_2x.png    |  Bin 6738 -> 0 bytes
 .../Splunk_TA_nix/static/appIconLg.png        |  Bin 6738 -> 0 bytes
 .../Splunk_TA_nix/static/appIconLg_2x.png     |  Bin 15057 -> 0 bytes
 .../Splunk_TA_nix/static/appIcon_2x.png       |  Bin 6738 -> 0 bytes
 83 files changed, 11488 deletions(-)
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/.DS_Store
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/@PaxHeader
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/.DS_Store
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/Apache-2.0.txt
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/LicenseRef-Splunk-8-2021.txt
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README.txt
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README/restmap.conf.spec
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/THIRDPARTY
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/VERSION
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/app.manifest
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/appIcon.png
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/common.js
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/monitor_inputs.js
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/scripted_inputs.js
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.css
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.js
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup_cloud.js
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/bandwidth.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/common.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu_metric.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df_metric.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/hardware.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces_metric.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat_metric.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lastlog.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lsof.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/netstat.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/nfsiostat.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPorts.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPortsEnhanced.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/package.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/passwd.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/protocol.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps_metric.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/rlog.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/selinuxChecker.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/service.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setup.sh
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setupservice.py
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/sshdChecker.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/time.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/top.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/update.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/uptime.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/usersWithLoginPrivs.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/version.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat_metric.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vsftpdChecker.sh
 delete mode 100755 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/who.sh
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/.DS_Store
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/app.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/.DS_Store
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/.DS_Store
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/nav/default.xml
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.env_cloud.xml
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.xml
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/eventtypes.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/inputs.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/macros.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/props.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/restmap.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/tags.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/transforms.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/web.conf
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_update_status.csv
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_version_ranges.csv
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_audit_action_object_category.csv
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_service_startmodes.csv
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_vendor_actions.csv
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/metadata/default.meta
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/splunkbase.manifest
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIcon.png
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconAlt.png
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconAlt_2x.png
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconLg.png
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconLg_2x.png
 delete mode 100644 apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIcon_2x.png

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/.DS_Store b/apps/splunk-add-on-for-unix-and-linux_920/.DS_Store
deleted file mode 100644
index 5303afac141f4b94c03b3b92bf3e399e6f85c4a3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKO>5gg5S_K1MoI|y(14E%y_(i8gkXA6ofOhrsX}{biz-!yiYQv+4;(NCotqz%
zYkx`qPWxteUD~>ZoDx%JVCIcxXSCY4%dVD))Nr2niP}UIKp7h$%wL4tSvRENBTb;P
z?>M6orIf=?HnJtKjSTSI?NLOpFmG4%%ly48&8Mt18QOVqJcmC1ZUr9E0mU??lIB#=
z1toNjj0Ao`SASIA+`ckfOvk>@ui3aPrn6q}n`$&$I}dh)AlMH+#GlO~o~5(-beK-w
z@zc36Ww!Ry>`gIRB<+VMrkbTiHJaFhA|D~;{oA6-&0=WgRX(+~v1<szFihH=<??87
z+|~U-Z`IYy!P8z>ANP+|t1vix^yJy=<f6Q+%ojU)QdsX+4m_^mdhG}b1HynXu*D4c
zJuKMY;%}5s69$BV`(c3h2MuM6Jk}2F)&XO$0KgW)R^apRBG+h-k;mF0S|G}m0$r){
zR}AIK5!XI1@>n}`<)m!Sc#rQ{`5TI|y(6w|I;qH^SYbdI_?-d1`$5`#{=fM5{of{u
z5e9^T|C0gLI*m_<7@I#^H%7^4t%iPtvT$DQ@Mj4edlVy=kKzv03gVg_VC1oOhzLY}
N1S}0=gn>I{;0F+$W1s*4

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/@PaxHeader b/apps/splunk-add-on-for-unix-and-linux_920/@PaxHeader
deleted file mode 100644
index 7a33113b..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/@PaxHeader
+++ /dev/null
@@ -1 +0,0 @@
-28 mtime=1729255943.7335782
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/.DS_Store b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/.DS_Store
deleted file mode 100644
index 86a07b6257b39c515d1ebfb8fb1e8379c0ba4247..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKU5nE|6ur~dHtp(CP+?z$fUjk3g=Hzebh|BB&{djcMO13D>1x<)Qkv8XrO;>n
z5B>#T{U!bvpY+_BSx8bp-j+q?hM6;&oIAO5W-^l@BGH|DEuuORSxAhf8nWLQKj*Yz
z1zocZ6tayA8dFF<ozY~2Z7PfcMuF?50DrqT@zqXo?Na*tjVT!f(Wx6mE;zhE93buf
zl!g*fRr|&G+Gq5E^PI=moJWydtPWw8CGO=|74p#58CsuHkdH!q{yW=U#8VyfH+LHN
zanfvl7lmT!M!8~H)|U0gc^@sDWSq?7?s)c!?~bD=a4*Ya_r#wpM)f;~QJ9SVa59q)
zzBd8o^$S1rqD42Fhh8jw9reJfR;#1>&T_fe-f!5gc5~IRm+gnmhP~g~Tdk_r-TMz7
z4M*p}MHqcT4`2dornFlcFM)e#(GwcbA@%8q9OO<;vmfB3$D#tIB3$RtY)WyKU3iyc
zTNvpHB~aKy0%rMgq`#y_x=cgFa6mnJO8p#{$2iTcrMZ|>34PocLmu(8&uxkkb%5AI
z^uR?-Jg5FKALUF)w^D`|_bI^~JIzKZSg$m<M#uCR3J=kz=jhoG_b;<PQnj>Cg-)Qt
z5aThRXLOWhvu0vDr5Rp$%}vigYwMcFX~HuK7zM6g0bU<$B*u=$wL-acAd^P`U<uXI
zQ089+_OUf~G_Dom2}~$gpmG)Zh#{0a>TS*IXk05)?j-c#L+CdPeL@lP?P%YYbP^qf
zCN~Ng1+oeh)oq>k|NfuP|5+z<XB03B{8tKyQqSpi(IvgNZgh_KS{vyt5*zc@3Z)A&
jy&cN}Z^b)E((ugY0<fcTtq?UZ^CKW-Fqu){N)`A8Ztd~E

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/Apache-2.0.txt b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/Apache-2.0.txt
deleted file mode 100644
index 527a83a2..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/Apache-2.0.txt
+++ /dev/null
@@ -1,208 +0,0 @@
-Apache License
-
-Version 2.0, January 2004
-
-http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION,
-AND DISTRIBUTION
-
-   1. Definitions.
-
-
-
-"License" shall mean the terms and conditions for use, reproduction, and distribution
-as defined by Sections 1 through 9 of this document.
-
-
-
-"Licensor" shall mean the copyright owner or entity authorized by the copyright
-owner that is granting the License.
-
-
-
-"Legal Entity" shall mean the union of the acting entity and all other entities
-that control, are controlled by, or are under common control with that entity.
-For the purposes of this definition, "control" means (i) the power, direct
-or indirect, to cause the direction or management of such entity, whether
-by contract or otherwise, or (ii) ownership of fifty percent (50%) or more
-of the outstanding shares, or (iii) beneficial ownership of such entity.
-
-
-
-"You" (or "Your") shall mean an individual or Legal Entity exercising permissions
-granted by this License.
-
-
-
-"Source" form shall mean the preferred form for making modifications, including
-but not limited to software source code, documentation source, and configuration
-files.
-
-
-
-"Object" form shall mean any form resulting from mechanical transformation
-or translation of a Source form, including but not limited to compiled object
-code, generated documentation, and conversions to other media types.
-
-
-
-"Work" shall mean the work of authorship, whether in Source or Object form,
-made available under the License, as indicated by a copyright notice that
-is included in or attached to the work (an example is provided in the Appendix
-below).
-
-
-
-"Derivative Works" shall mean any work, whether in Source or Object form,
-that is based on (or derived from) the Work and for which the editorial revisions,
-annotations, elaborations, or other modifications represent, as a whole, an
-original work of authorship. For the purposes of this License, Derivative
-Works shall not include works that remain separable from, or merely link (or
-bind by name) to the interfaces of, the Work and Derivative Works thereof.
-
-
-
-"Contribution" shall mean any work of authorship, including the original version
-of the Work and any modifications or additions to that Work or Derivative
-Works thereof, that is intentionally submitted to Licensor for inclusion in
-the Work by the copyright owner or by an individual or Legal Entity authorized
-to submit on behalf of the copyright owner. For the purposes of this definition,
-"submitted" means any form of electronic, verbal, or written communication
-sent to the Licensor or its representatives, including but not limited to
-communication on electronic mailing lists, source code control systems, and
-issue tracking systems that are managed by, or on behalf of, the Licensor
-for the purpose of discussing and improving the Work, but excluding communication
-that is conspicuously marked or otherwise designated in writing by the copyright
-owner as "Not a Contribution."
-
-
-
-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
-of whom a Contribution has been received by Licensor and subsequently incorporated
-within the Work.
-
-2. Grant of Copyright License. Subject to the terms and conditions of this
-License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
-no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
-Derivative Works of, publicly display, publicly perform, sublicense, and distribute
-the Work and such Derivative Works in Source or Object form.
-
-3. Grant of Patent License. Subject to the terms and conditions of this License,
-each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
-no-charge, royalty-free, irrevocable (except as stated in this section) patent
-license to make, have made, use, offer to sell, sell, import, and otherwise
-transfer the Work, where such license applies only to those patent claims
-licensable by such Contributor that are necessarily infringed by their Contribution(s)
-alone or by combination of their Contribution(s) with the Work to which such
-Contribution(s) was submitted. If You institute patent litigation against
-any entity (including a cross-claim or counterclaim in a lawsuit) alleging
-that the Work or a Contribution incorporated within the Work constitutes direct
-or contributory patent infringement, then any patent licenses granted to You
-under this License for that Work shall terminate as of the date such litigation
-is filed.
-
-4. Redistribution. You may reproduce and distribute copies of the Work or
-Derivative Works thereof in any medium, with or without modifications, and
-in Source or Object form, provided that You meet the following conditions:
-
-(a) You must give any other recipients of the Work or Derivative Works a copy
-of this License; and
-
-(b) You must cause any modified files to carry prominent notices stating that
-You changed the files; and
-
-(c) You must retain, in the Source form of any Derivative Works that You distribute,
-all copyright, patent, trademark, and attribution notices from the Source
-form of the Work, excluding those notices that do not pertain to any part
-of the Derivative Works; and
-
-(d) If the Work includes a "NOTICE" text file as part of its distribution,
-then any Derivative Works that You distribute must include a readable copy
-of the attribution notices contained within such NOTICE file, excluding those
-notices that do not pertain to any part of the Derivative Works, in at least
-one of the following places: within a NOTICE text file distributed as part
-of the Derivative Works; within the Source form or documentation, if provided
-along with the Derivative Works; or, within a display generated by the Derivative
-Works, if and wherever such third-party notices normally appear. The contents
-of the NOTICE file are for informational purposes only and do not modify the
-License. You may add Your own attribution notices within Derivative Works
-that You distribute, alongside or as an addendum to the NOTICE text from the
-Work, provided that such additional attribution notices cannot be construed
-as modifying the License.
-
-You may add Your own copyright statement to Your modifications and may provide
-additional or different license terms and conditions for use, reproduction,
-or distribution of Your modifications, or for any such Derivative Works as
-a whole, provided Your use, reproduction, and distribution of the Work otherwise
-complies with the conditions stated in this License.
-
-5. Submission of Contributions. Unless You explicitly state otherwise, any
-Contribution intentionally submitted for inclusion in the Work by You to the
-Licensor shall be under the terms and conditions of this License, without
-any additional terms or conditions. Notwithstanding the above, nothing herein
-shall supersede or modify the terms of any separate license agreement you
-may have executed with Licensor regarding such Contributions.
-
-6. Trademarks. This License does not grant permission to use the trade names,
-trademarks, service marks, or product names of the Licensor, except as required
-for reasonable and customary use in describing the origin of the Work and
-reproducing the content of the NOTICE file.
-
-7. Disclaimer of Warranty. Unless required by applicable law or agreed to
-in writing, Licensor provides the Work (and each Contributor provides its
-Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied, including, without limitation, any warranties
-or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR
-A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness
-of using or redistributing the Work and assume any risks associated with Your
-exercise of permissions under this License.
-
-8. Limitation of Liability. In no event and under no legal theory, whether
-in tort (including negligence), contract, or otherwise, unless required by
-applicable law (such as deliberate and grossly negligent acts) or agreed to
-in writing, shall any Contributor be liable to You for damages, including
-any direct, indirect, special, incidental, or consequential damages of any
-character arising as a result of this License or out of the use or inability
-to use the Work (including but not limited to damages for loss of goodwill,
-work stoppage, computer failure or malfunction, or any and all other commercial
-damages or losses), even if such Contributor has been advised of the possibility
-of such damages.
-
-9. Accepting Warranty or Additional Liability. While redistributing the Work
-or Derivative Works thereof, You may choose to offer, and charge a fee for,
-acceptance of support, warranty, indemnity, or other liability obligations
-and/or rights consistent with this License. However, in accepting such obligations,
-You may act only on Your own behalf and on Your sole responsibility, not on
-behalf of any other Contributor, and only if You agree to indemnify, defend,
-and hold each Contributor harmless for any liability incurred by, or claims
-asserted against, such Contributor by reason of your accepting any such warranty
-or additional liability. END OF TERMS AND CONDITIONS
-
-APPENDIX: How to apply the Apache License to your work.
-
-To apply the Apache License to your work, attach the following boilerplate
-notice, with the fields enclosed by brackets "[]" replaced with your own identifying
-information. (Don't include the brackets!) The text should be enclosed in
-the appropriate comment syntax for the file format. We also recommend that
-a file or class name and description of purpose be included on the same "printed
-page" as the copyright notice for easier identification within third-party
-archives.
-
-Copyright [yyyy] [name of copyright owner]
-
-Licensed under the Apache License, Version 2.0 (the "License");
-
-you may not use this file except in compliance with the License.
-
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-
-distributed under the License is distributed on an "AS IS" BASIS,
-
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-
-See the License for the specific language governing permissions and
-
-limitations under the License.
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/LicenseRef-Splunk-8-2021.txt b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/LicenseRef-Splunk-8-2021.txt
deleted file mode 100644
index c4063024..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/LICENSES/LicenseRef-Splunk-8-2021.txt
+++ /dev/null
@@ -1,400 +0,0 @@
-SPLUNK GENERAL TERMS
-
-Last Updated: August 12, 2021
-
-These Splunk General Terms (“General Terms”) between Splunk Inc., a Delaware corporation, with its principal place of business at 270 Brannan Street, San Francisco, California 94107, U.S.A (“Splunk” or “we” or “us” or “our”) and you (“Customer” or “you” or “your”) apply to the purchase of licenses and subscriptions for Splunk’s Offerings. By clicking on the appropriate button, or by downloading, installing, accessing or using the Offerings, you agree to these General Terms. If you are entering into these General Terms on behalf of Customer, you represent that you have the authority to bind Customer. If you do not agree to these General Terms, or if you are not authorized to accept the General Terms on behalf of the Customer, do not download, install, access, or use any of the Offerings.
-
-See the General Terms Definitions Exhibit attached for definitions of capitalized terms not defined herein.
-
-1.	License Rights
-(A)	General Rights. You have the nonexclusive, worldwide, nontransferable and nonsublicensable right, subject to payment of applicable Fees and compliance with the terms of these General Terms, to use your Purchased Offerings for your Internal Business Purposes during the Term and up to the Capacity purchased.
-
-(B)	Copies for On-Premises Products. You have the right to make a reasonable number of copies of On-Premises Products for archival and back-up purposes.
-
-(C)	Splunk Extensions. You may use Splunk Extensions solely in connection with the applicable Purchased Offering subject to the same terms and conditions for that Offering (including with respect to Term) and payment of any Fees associated with the Splunk Extensions. Some Splunk Extensions may be made available under license terms that provide broader rights than the license rights you have to the applicable underlying Offering (e.g., if the Extension is Open Source Software). These broader rights will apply to that Splunk Extension. Splunk Extensions may be installed on Hosted Services pursuant to our instructions.
-
-(D)	Trials, Evaluations, Beta and Free Licenses.
-(i)	Trials and Evaluations. Offerings provided for trials and evaluations are provided at no charge, and their use will be for a limited duration.
-
-(ii)	Beta Licenses. Some Offerings and features may be available to you as a preview, or as an alpha, beta or other pre-release version (each, a “Beta Offering”). All rights for Beta Offerings are solely for internal testing and evaluation.  Your use of a Beta Offering will be for the term specified by us, and if no term is specified, then for the earlier of one year from the start date of the Beta Offering or when that version of the Beta Offering becomes generally available.  We may discontinue the Beta Offering at any time and may decide not to make any of the features and functionality generally available.
-
-(iii)	Free Licenses. From time to time, we may make certain Offerings available for full use (i.e., not subject to limited evaluation purposes) at no charge. These free Offerings may have limited features, functions, and other technical limitations.
-
-(iv)	Donated Offerings. Donated Offerings are free limited Offerings donated to qualifying Nonprofits under a Splunk donation program. By procuring and making use of a Donated Offering, you hereby represent and warrant that you are a lawfully organized Nonprofit, and you agree to provide verification of your nonprofit status to Splunk upon request. At Splunk’s request, you agree: (a) to publish a press release and case study on your use of the Donated Offering; and (b) to be interviewed for the production of a Splunk customer video that will accompany the press release and case study. Splunk will draft and edit all content in collaboration with you and will obtain your edits and written approval (email is sufficient) prior to publication, and such approval will not be unreasonably withheld. You will allow Splunk to reference your Nonprofit and leading spokespeople in press releases with your written approval (email is sufficient). Splunk may use your name and logo on sales presentations, websites, and other marketing collateral without your prior approval.
-
-(E)	Test and Development Licenses. For Offerings identified as “Test and Development” Offerings on your Order, you only have the right to use those Offerings up to the applicable Capacity on a non-production system for non-production uses, including product migration testing or pre-production staging, or testing new data sources, types, or use cases.  Test and Development Offerings may not be used for any revenue generation, commercial activity, or other productive business or purpose.
-
-(F)	Limitations. Notwithstanding anything to the contrary in these General Terms, we do not provide maintenance and support, warranties, service level commitments, or indemnification for Test and Development Offerings, trials, evaluations, or free or Beta Offerings.
-
-2.	Purchasing Through Authorized Resellers, Digital Marketplaces, and Splunk Affiliates
-(A)	Authorized Resellers and Digital Marketplaces. If you purchase Offerings through a Splunk authorized reseller or Digital Marketplace, these General Terms will govern those Offerings. Your payment obligations for the Purchased Offerings will be with the authorized reseller or Digital Marketplace, as applicable, not Splunk. You will have no direct Fee payment obligations to Splunk for those Offerings. However, in the event that you fail to pay the Digital Marketplace for your Purchased Offerings, Splunk retains the right to enforce your payment obligations and collect directly from you.
-
-Any terms agreed to between you and the authorized reseller that are in addition to these General Terms are solely between you and the authorized reseller and Digital Marketplace, as applicable. No agreement between you and an authorized reseller or Digital Marketplace is binding on Splunk or will have any force or effect with respect to the rights in, or the operation, use or provision of, the Offerings.
-
-(B)	Splunk Affiliate Distributors. Splunk has appointed certain Splunk Affiliates as its non-exclusive distributors of the Offerings (each, a “Splunk Affiliate Distributor”). Each Splunk Affiliate Distributor is authorized by Splunk to negotiate and enter into Orders with Customers.  Where a purchase from Splunk is offered by a Splunk Affiliate Distributor, Customer will issue Orders, and make payments, to the Splunk Affiliate Distributor which issued the quote for the Offering. Each Order will be deemed a separate contract between Customer and the relevant Splunk Affiliate Distributor and will be subject to these General Terms.  For the avoidance of doubt, Customer agrees that: (i) the total liability of Splunk under these General Terms as set forth in Section 22 (Limitation of Liability) states the overall combined liability of Splunk and Splunk Affiliate Distributors; (ii) the entering into Orders by a Splunk Affiliate Distributor will not be deemed to expand Splunk and its Affiliates’ overall responsibilities or liability under these General Terms; and (iii) Customer will have no right to recover more than once from the same event.
-
-3.	Your Contractors and Third-Party Providers
-You may permit your authorized consultants, contractors, and agents (“Third-Party Providers”) to access and use your Purchased Offerings, but only on your behalf in connection with providing services to you, and subject to the terms and conditions of these General Terms. Any access or use by a Third-Party Provider will be subject to the same limitations and restrictions that apply to you under these General Terms, and you will be responsible for any Third-Party Provider’s actions relating to their use of the Offering. The aggregate use by you and all of your Third-Party Providers must not exceed the Capacity purchased, and nothing in this Section is intended to or will be deemed to increase such Capacity.
-
-4.	Hosted Services and Specific Offering Terms
-(A)	Service Levels. When you purchase Hosted Services as a Purchased Offering, we will make the applicable Hosted Services available to you during the Term in accordance with these General Terms.  The Service Level Schedules (as identified in the Specific Offering Terms referenced in Section 4(F) below) and associated remedies will apply to the availability and uptime of the applicable Hosted Service. If applicable, service credits will be available for downtime in accordance with the Service Level Schedule.
-
-(B)	Connections. You are responsible for obtaining and maintaining all telecommunications, broadband and computer equipment and services needed to access and use Hosted Services, and for paying all associated charges.
-
-(C)	Your Responsibility for Data Protection. You are responsible for: (i) selecting from the security configurations and security options made available by Splunk in connection with a Hosted Service; (ii) taking additional measures outside of the Hosted Service to the extent the Hosted Service Offering does not provide the controls that may be required or desired by you; and (iii) routine archiving and backing up of Customer Content. You agree to notify Splunk promptly if you believe that an unauthorized third party may be using your accounts or if your account information is lost or stolen.
-
-(D)	Refund Upon Termination for Splunk’s Breach. If a Hosted Service is terminated by you for Splunk’s uncured material breach in accordance with these General Terms, Splunk will refund you any prepaid subscription fees covering the remainder of the Term after the effective date of termination.
-
-(E)	Return of Customer Content. Customer Content may be retrieved by you and removed from the Hosted Services in accordance with the applicable Documentation. We will make the Customer Content available on the Hosted Services for thirty (30) days after termination of a subscription for your retrieval. After that thirty (30) day period, we will have no obligation to maintain the storage of your Customer Content, and you hereby authorize us thereafter to, and we will, unless legally prohibited, delete all remaining Customer Content. If you require assistance in connection with migration of your Customer Content, depending on the nature of the request, we may require a mutually agreed upon fee for assistance.
-
-(F)	Specific Offering Terms. Specific security controls and certifications, data policies, service descriptions, Service Level Schedules and other terms specific to a Hosted Service and other Offerings (“Specific Offering Terms”) are set forth here: www.splunk.com/SpecificTerms, and will apply, and be deemed incorporated herein by reference.
-
-5.	Support and Maintenance
-The specific Support Program included with a Purchased Offering will be identified in the applicable Order. Splunk will provide the purchased level of support and maintenance services in accordance with the terms of the Support Exhibit attached to these General Terms.
-
-6.	Configuration and Implementation Services
-Splunk offers standard services to implement and configure your Purchased Offerings. These services are purchased under an Order and are subject to the payment of the Fees therein and the terms of the Configuration and Implementation Services Exhibit attached to these General Terms.
-
-7.	Data Protection for Personal Data
-Splunk will follow globally recognized data protection principles and industry-leading standards for the security of personal data.  Splunk will comply with the requirements and obligations set forth in Splunk’s Data Protection Addendum (“DPA”), located at https://www.splunk.com/en_us/legal/splunk-dpa.html, which includes standard terms for the processing of personal data (including, as applicable, personal data in a Hosted Service).
-
-8.	Security
-(A)	Security for Hosted Services: Standard Environment. Splunk will implement industry leading security safeguards for the protection of Customer Confidential Information, including Customer Content transferred to and stored within the Hosted Services.  These safeguards include commercially reasonable administrative, technical, and organizational measures to protect Customer Content against destruction, loss, alteration, unauthorized disclosure, or unauthorized access, including such things as information security policies and procedures, security awareness training, threat and vulnerability management, incident response and breach notification, and vendor risk management.  Splunk’s technical safeguards are further described in the Splunk Cloud Platform Security Addendum (“SC-SA”), located at https://www.splunk.com/en_us/legal/splunk-cloud-security-addendum.html, and the Observability Suite Security Addendum (“OS-SA”), located at https://www.splunk.com/en_us/legal/splunk-observability-security-addendum.html, as applicable, and are incorporated herein by reference.
-
-(B)	Security for Hosted Services: Premium HIPAA Environment.  For Hosted Services Offerings provisioned in Splunk Cloud Platform’s Premium HIPAA environment (as specified in an Order), in addition to the protections under the SC-SA and these General Terms, Splunk will comply with the requirements and obligations set forth in Splunk Business Associate Agreement found here: https://www.splunk.com/en_us/legal/splunk-baa.html.
-
-(C)	Additional Security for Other Hosted Services. From time to time, Splunk may offer custom security safeguards for unique Hosted Services offerings.  Any such security safeguards will be as set forth in the applicable Documentation and Specific Offering Terms.
-
-(D)	Security for On Premises Offerings. Splunk will implement industry leading security safeguards for the protection of Splunk’s IT systems, products, facilities and assets, and any Customer Confidential Information accessed or processed therein, e.g., customer account information, support tickets (“Corporate Security Controls”).  Splunk’s Corporate Security Controls include such things as information security policies and procedures, security awareness training, physical and environmental access controls, threat and vulnerability management, incident response and breach notification, and vendor risk management. Splunk’s Corporate Security Controls are further described in Splunk’s Information Security Addendum (“ISA”), located at https://www.splunk.com/en_us/legal/information-security-addendum.html and are incorporated herein by reference.
-
-(E)	Product Development Security. Splunk will follow secure software development practices and applies an industry standard, risk-based approach to its software development lifecycle (“SDLC”), which includes, as applicable, such things as performing security architecture reviews, open source security scans, virus detection, dynamic application security testing, network vulnerability scans and external penetration testing in the development environment.  Product-specific information about the SDLC in our Offerings is detailed more fully in the ISA.  Splunk’s Product Security Portal, located at  https://www.splunk.com/en_us/product-security.html, contains detailed information about Splunk’s program for managing and communicating product vulnerabilities.  Splunk categorizes product vulnerabilities in accordance with the Common Vulnerability Scoring System (“Medium,” “High,” or “Critical”) and uses commercially reasonable efforts to remediate vulnerabilities depending on their severity level in accordance with industry standards.
-
-(F)	Maintaining Protections. Notwithstanding anything to contrary in these General Terms, or any policy or terms referenced herein via hyperlink (or any update thereto), Splunk may not, during a Term materially diminish the security protections set forth in these General Terms, any Specific Offering Terms, or the applicable security addendum.
-
-9.	Use Restrictions
-Except as expressly permitted in an Order, these General Terms or our Documentation, you agree not to (nor allow any user or Third Party Provider to): (a) reverse engineer (except to the extent specifically permitted by statutory law), decompile, disassemble or otherwise attempt to discover source code or underlying structures, ideas or algorithms of any Offering; (b) modify, translate or create derivative works based on the Offerings; (c) use an Offering for service bureau purposes, or for any purpose other than your own Internal Business Purposes; (d) resell, transfer or distribute any Offering; (e) access or use any Offering in order to monitor its availability, performance, or functionality for competitive purposes; (f) attempt to disable or circumvent any license key or other technological mechanisms or measures intended to prevent, limit or control use or copying of, or access to, Offerings; (g) separately use any of the applicable features and functionalities of the Offerings with external applications or code not furnished by Splunk or any data not processed by the Offering; (h) exceed the Capacity purchased or (i) use any Offering in violation of all applicable laws and regulations (including but not limited to any applicable privacy and intellectual property laws).
-
-10.	Our Ethics, Compliance and Corporate Responsibility
-(A)	Ethics and Corporate Responsibility. Splunk is committed to acting ethically and in compliance with applicable law, and we have policies and guidelines in place to provide awareness of, and compliance with, the laws and regulations that apply to our business globally. We are committed to ethical business conduct, and we use diligent efforts to perform in accordance with the highest global ethical principles, as described in the Splunk Code of Conduct and Ethics found here: https://investors.splunk.com/code-business-conduct-and-ethics-1.
-
-(B)	Anti-Corruption. We implement and maintain programs for compliance with applicable anti-corruption and anti-bribery laws. Splunk policy prohibits the offering or soliciting of any illegal or improper bribe, kickback, payment, gift, or thing of value to or from any of your employees or agents in connection with these General Terms. If we learn of any violation of the above, we will use reasonable efforts to promptly notify you at the main contact address provided by you to Splunk.
-
-(C)	Export. We certify that Splunk is not on any of the relevant U.S. or EU government lists of prohibited persons, including the Treasury Department’s List of Specially Designated Nationals and the Commerce Department’s List of Denied Persons or Entity List. Export information regarding our Offerings, including our export control classifications for our Offerings, is found here: https://www.splunk.com/en_us/legal/export-controls.html.
-
-11.	Usage Data
-From time to time, Splunk may collect Usage Data generated as a by-product of your use of Offerings (e.g., technical information about your operating environment and sessions, systems architecture, page loads and views, product versions, number and type of searches, number of users, source type and format). Usage Data does not include Customer Content. We collect Usage Data for a variety of reasons, such as to identify, understand, and anticipate performance issues and the factors that affect them, to provide updates and personalized experiences to customers, and to improve the Splunk Offerings.  Details on Splunk’s Usage Data collection practices are set forth in Splunk's Privacy Policy found here: https://www.splunk.com/en_us/legal/privacy/privacy-policy.html.
-
-12.	Capacity and Usage Verification
-(A)	Certification and Verification. At Splunk’s request, you will furnish Splunk a certification signed by your authorized representative verifying that your use of the Purchased Offering is in accordance with these General Terms and the applicable Order. For On-Premises Products, we may also ask you from time to time, but not more frequently than once per calendar period, to cooperate with us to verify usage and adherence to purchased Capacities. If Splunk requests a verification process, you agree to provide Splunk reasonable access to the On-Premises Product installed at your facility (or as hosted by your Third-Party Provider). If Splunk does any verification, it will be performed with as little interference as possible to your use of the On-Premises Product and your business operations. Splunk will comply with your (or your Third-Party Providers’) reasonable security procedures.
-
-(B)	Overages. If a verification or usage report reveals that you have exceeded the purchased Capacity or usage rights for your Purchased Offering (e.g., used as a service bureau) during the period reviewed, then we will have the right to invoice you using the applicable Fees at list price then in effect, which will be payable in accordance with these General Terms.  Without limiting Splunk’s foregoing rights, with respect to Hosted Services, Splunk may work with you to reduce usage so that it conforms to the applicable usage limit, and we will in good faith discuss options to right size your subscription as appropriate. Notwithstanding anything to the contrary herein, Splunk will have the right to directly invoice you for overages, regardless of whether you purchased the Purchased Offering from an authorized reseller or Digital Marketplace. See the Specific Offering Terms for any additional information related to overages for a Hosted Service.
-
-13.	Our Use of Open Source
-Certain Offerings may contain Open Source Software. Splunk makes available in the applicable Documentation a list of Open Source Software incorporated in our On-Premises Products as required by the respective Open Source Software licenses.  Any Open Source Software that is delivered as part of your Offering and which may not be removed or used separately from the Offering is covered by the warranty, support and indemnification provisions applicable to the Offering.  Some of the Open Source Software may have additional terms that apply to the use of the Offering (e.g., the obligation for us to provide attribution of the specific licensor), and those terms will be included in the Documentation; however, these terms will not (a) impose any additional restrictions on your use of the Offering, or (b) negate or amend any of our responsibilities with respect to the Offering.
-
-14.	Splunk Developer Tools and Customer Extensions
-Splunk makes Splunk Developer Tools available to you so you can develop Extensions for use with your Purchased Offerings (Extensions that you develop, “Customer Extensions”).
-
-You have a nonexclusive, worldwide, nontransferable, nonsublicensable right, subject to the terms of these General Terms, to use Splunk Developer Tools to develop your Customer Extensions, including to support interoperability between the Offering and your system or environment.  Splunk proprietary legends or notices contained in the Splunk Developer Tools may not be removed or altered when used in or with your Customer Extension.  You retain title to your Customer Extensions, subject to Splunk’s ownership in our Offerings and any materials and technology provided by Splunk in connection with the Splunk Developer Tools.  You agree to assume full responsibility for the performance and distribution of Customer Extensions.
-
-15.	Third Party Products, Third-Party Extensions, Third-Party Content and Unsupported Splunk Extensions
-(A)	Third-Party Extensions on Splunkbase. Splunk makes Extensions developed and/or made available by a third-party on Splunkbase (“Third-Party Extension”) available for download or access as a convenience to its customers. Splunk makes no promises or guarantees related to any Third-Party Extension, including the accuracy, integrity, quality, or security of the Third-Party Extension. Nothing in these General Terms or on Splunkbase will be deemed to be a representation or warranty by Splunk with respect to any Third-Party Extension, even if a particular Third-Party Extension is identified as “certified” or “validated” for use with an Offering. We may, in our reasonable discretion, block or disable access to any Third-Party Extension at any time. Your use of a Third-Party Extension is at your own risk and may be subject to any additional terms, conditions, and policies applicable to that Third-Party Extension (such as license terms, terms of service, or privacy policies of the providers of such Third-Party Extension). Third-Party Extensions may be installed on Hosted Services pursuant to our instructions.
-
-(B)	Third-Party Content. Hosted Services may contain features or functions that enable interoperation with Third-Party Content that you, in your sole discretion, choose to add to a Hosted Service. You may be required to obtain access separately to such Third-Party Content from the respective providers, and you may be required to grant Splunk access to your accounts with such providers to the extent necessary for Splunk to allow the interoperation with the Hosted Service. By requesting or allowing Splunk to enable access to such Third-Party Content in connection with the Hosted Services, you certify that you are authorized under the provider’s terms to allow such access.  If you install or enable (or direct or otherwise authorize Splunk to install or enable) Third-Party Content for use with a Hosted Service where the interoperation includes access by the third-party provider to your Customer Content, you hereby authorize Splunk to allow the provider of such Third-Party Content to access Customer Content as necessary for the interoperation. You agree that Splunk is not responsible or liable for disclosure, modification or deletion of Customer Content resulting from access to Customer Content by such Third-Party Content, nor is Splunk liable for any damages or downtime that you may incur or any impact on your experience of the Hosted Service, directly or indirectly, as a result of your use of and/or reliance upon, any Third-Party Content, sites or resources.
-
-(C)	Splunk As a Reseller. When you purchase third party products ("Third Party Products") from Splunk as specified in an Order (which products shall include third party software, but not any support which Splunk itself has contracted to provide), the following provision applies. Splunk acts solely as a reseller of Third Party Products, which are fulfilled by the relevant third party vendor ("Third Party Vendor"), and the purchase and use of Third Party Products is subject solely to the terms, conditions and policies made available by such Third Party Vendor. Consequently, Splunk makes no representation or warranty of any kind regarding the Third Party Products, whether express, implied, statutory or otherwise, and specifically disclaims all implied terms, conditions and warranties (including as to quality, performance, availability, fitness for a particular purpose or non-infringement) to the maximum extent permitted by applicable law. You will bring any claim in relation to Third Party Products against the applicable Third Party Vendor directly. In no event will Splunk be liable to you for any claim, loss or damage arising out of the use, operation or availability of Third Party Product (whether such liability arises in contract, negligence, tort, or otherwise).
-
-(D)	Unsupported Splunk Extensions. The Service Level Schedule commitments for any applicable Hosted Services will not apply to Splunk Extensions labeled on Splunkbase as “Not Supported.” You agree that Splunk is not responsible for any impact on your experience of a Hosted Service, as a result of your installation and/or use of any “Not Supported” Splunk Extensions, and that your sole remedy will be to remove the “Not Supported” Splunk Extension from the applicable Hosted Service. Further, some Splunk Extensions may not be compatible or certified for use with that Hosted Service (e.g., only specific Splunk Extensions are validated for our FedRAMP authorized environment for Splunk Cloud Platform). Please refer to the applicable Documentation for more information related to the Splunk Extensions compatible with your specific Purchased Offering.
-
-16.	Your Compliance
-(A)	Lawful Use of Offerings. When you access and use an Offering, you are responsible for complying with all laws, rules, and regulations applicable to your access and use. This includes being responsible for your Customer Content and users, for your users’ compliance with these General Terms, and the accuracy, lawful use of, and the means by which you acquired your Customer Content. You may not transmit and/or store PHI Data, PCI Data or ITAR Data within a Hosted Services unless you have specifically purchased a Purchased Offering for that applicable regulated Hosted Services environment (as identified in an Order).
-
-(B)	Registration. You agree to provide accurate and complete information when you register for and use any Offering and agree to keep this information current. Each person who uses any Offering must have a separate username and password. For Hosted Services, you must provide a valid email address for each person authorized to use your Hosted Services, and you may only have one person per username and password. Splunk may reasonably require additional information in connection with certain Offerings (e.g., technical information necessary for your connection to a Hosted Service), and you will provide this information as reasonably requested by Splunk. You are responsible for securing, protecting, and maintaining the confidentiality of your account usernames, passwords and access tokens.
-
-(C)	Export Compliance. You will comply with all applicable export laws and regulations of the United States and any other country (“Export Laws”) where your users use any of the Offerings. You certify that you are not on any of the relevant U.S. government lists of prohibited persons, including the Treasury Department’s List of Specially Designated Nationals and the Commerce Department’s List of Denied Persons or Entity List. You will not export, re-export, ship, transfer or otherwise use the Offerings in any country subject to an embargo or other sanction by the United States, including, without limitation, Iran, Syria, Cuba, the Crimea Region of Ukraine, Sudan and North Korea, and you will not use any Offering for any purpose prohibited by the Export Laws.
-
-(D)	GovCloud Services. If you access or use any Hosted Services in the specially isolated Amazon Web Services (“AWS”) GovCloud (US) region (including without limitation any Hosted Services that are provisioned in a FedRAMP authorized environment), you  represent and warrant that users will only access the Hosted Services in the AWS GovCloud (US) region if users: (i) are “US Person(s)” as defined under ITAR (see 22 CFR part 120.15); (ii) have and will maintain a valid Directorate of Defense Trade Controls registration, if required by ITAR; (iii) are not subject to export control restrictions under US export control laws and regulations (i.e., users are not denied or debarred parties or otherwise subject to sanctions); and (iv) maintain an effective compliance program to ensure compliance with applicable US export control laws and regulations, including ITAR, as applicable. If you access or use any Hosted Services in an IL5 authorized environment, you further represent and warrant that only users who are US citizens will access the Hosted Services.  You are responsible for verifying that any user accessing Customer Content in the Hosted Services in the AWS GovCloud (US) region is eligible to access such Customer Content.  The Hosted Services in the AWS GovCloud (US) region may not be used to process or store classified data.  You will be responsible for all sanitization costs incurred by Splunk if users introduce classified data into the Hosted Services in the AWS GovCloud (US) region. For selected FedRAMP authorized regions, you may be required to execute additional addendums to this agreement prior to provisioning of Hosted Services.
-
-(E)	Acceptable Use. Without limiting any terms under these General Terms, you will also abide by our Hosted Services acceptable use policy: https://www.splunk.com/view/SP-CAAAMB6.
-
-17.	Confidentiality
-(A)	Confidential Information. Each party will protect the Confidential Information of the other. Accordingly, Receiving Party agrees to: (i) protect the Disclosing Party’s Confidential Information using the same degree of care (but in no event less than reasonable care) that it uses to protect its own Confidential Information of a similar nature; (ii) limit use of Disclosing Party’s Confidential Information for purposes consistent with these General Terms, and (iii) use commercially reasonable efforts to limit access to Disclosing Party’s Confidential Information to its employees, contractors and agents or those of its Affiliates who have a bona fide need to access such Confidential Information for purposes consistent with these General Terms and who are subject to confidentiality obligations no less stringent than those herein.
-
-(B)	Compelled Disclosure of Confidential Information. Notwithstanding the foregoing terms, the Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law enforcement agencies or regulators to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a Party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.
-
-18.	Payment
-The payment terms below only apply when you purchase Offerings directly from Splunk. When you purchase from an authorized reseller or Digital Marketplace, the payment terms are between you and the authorized reseller or Digital Marketplace. However, a breach of your payment obligations for an Offering with a Digital Marketplace will be deemed a breach of this Section 18.
-
-(A)	Fees. You agree to pay all Fees specified in the Orders. Fees are non-cancelable and non-refundable, except as otherwise expressly set forth in these General Terms. Without limiting any of our other rights or remedies herein, overdue charges may accrue interest monthly at the rate of 1.5% of the then-outstanding unpaid balance, or the maximum rate permitted by law, whichever is lower. Fees are due and payable either within 30 days from the date of Splunk’s invoice or as otherwise stated in the Order.
-
-(B)	Credit Cards. If you pay by credit, or debit card you: (i) will provide Splunk or its designated third-party payment processor with valid credit or debit card information; and (i) hereby authorize Splunk or its designated third-party payment processor to charge such credit or debit card for all items listed in the applicable Order. Such charges must be paid in advance or in accordance with any different billing frequency stated in the applicable Order. You are responsible for providing complete and accurate billing and contact information and notifying Splunk in a timely manner of any changes to such information.
-
-(C)	Taxes. All Fees quoted are exclusive of applicable taxes and duties, including any applicable sales and use tax. You are responsible for paying any taxes or similar government assessments (including, without limitation, value-added, sales, use or withholding taxes).  We will be solely responsible for taxes assessable against us based on our net income, property, and employees.
-
-19.	Splunk’s Warranties
-(A)	Relationship to Applicable Law. We will not seek to limit our liability, or any of your warranties, rights and remedies, to the extent the limits are not permitted by applicable law (e.g., warranties, remedies or liabilities that cannot be excluded by applicable law).
-
-(B)	General Corporate Warranty. Splunk warrants that it has the legal power and authority to enter into these General Terms.
-
-(C)	Hosted Services Warranty. Splunk warrants that during the applicable Term: (i) Splunk will not materially decrease the overall functionality of the Hosted Services; and (ii) the Hosted Services will perform materially in accordance with the applicable Documentation. Our sole and exclusive liability, and your sole and exclusive remedy for any breach of these warranties, will be your right to terminate the applicable Hosted Services Purchased Offering, and we will refund to you any prepaid but unused Fees for the remainder of the Term.
-
-(D)	On-Premises Product Warranty. Splunk warrants that for a period of ninety (90) days from the Delivery of an On-Premises Product, the On-Premises Product will substantially perform the material functions described in the applicable Documentation for such On-Premises Product, when used in accordance with the applicable Documentation. Splunk’s sole liability, and your sole remedy, for any failure of the On-Premises Product to conform to the foregoing warranty, is for Splunk to do one of the following (at Splunk’s sole option and discretion) (i) modify, or provide an Enhancement for, the On-Premises Product so that it conforms to the foregoing warranty, (ii) replace your copy of the On-Premises Product with a copy that conforms to the foregoing warranty, or (iii) terminate the Purchased Offering with respect to the non-conforming On-Premises Product and refund the Fees paid by you for such non-conforming On-Premises Product.
-
-(E)	Disclaimer of Implied Warranties.  Except as expressly set forth above, the Offerings are provided “as is” with no warranties or representations whatsoever express or implied.  Splunk and its suppliers and licensors disclaim all warranties and representations, including any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, noninfringement, or quiet enjoyment, and any warranties arising out of course of dealing or trade usage. Splunk does not warrant that use of Offerings will be uninterrupted, error free or secure, or that all defects will be corrected.
-
-20.	Ownership
-(A)	Offerings. As between you and Splunk, Splunk owns and reserves all right, title, and interest in and to the Offerings, developer tools and other Splunk materials, including all intellectual property rights therein. We retain rights in anything delivered or developed by us or on our behalf under these General Terms. No rights are granted to you other than as expressly set forth in these General Terms.
-
-(B)	Customer Content. You own and reserve all right, title and interest in your Customer Content. By sending Customer Content to a Hosted Service, you grant us a worldwide, royalty free, non-exclusive license to access and use the Customer Content for purposes of providing you the Hosted Service.
-
-(C)	Feedback. You have no obligation to provide us with ideas for improvement, suggestions, or other feedback (collectively, “Feedback”) in connection with an Offering, unless otherwise expressly set forth in the applicable Order. If, however, you provide any Feedback, you hereby grant to Splunk a non-exclusive, transferable, irrevocable, worldwide, royalty-free license (with rights to sublicense) to make, use, sell, offer to sell, reproduce, modify, distribute, make available, publicly display and perform, disclose and otherwise commercially exploit the Feedback.
-
-21.	Term and Termination
-(A)	Term and Renewal. These General Terms will commence upon the Effective Date and will remain in effect until the expiration of all applicable Purchased Offerings, unless earlier terminated pursuant to this Section. Termination of a specific Purchased Offering will not affect the Term of any other Purchased Offering. Termination of these General Terms will have the effect of terminating all Purchased Offerings. Grounds for terminating a Purchased Offering (e.g., for non-payment), that are specific to the Purchased Offering, will not be grounds to terminate Purchased Offerings where no breach exists. Unless indicated otherwise in an Order, the Term of a Purchased Offering (and these General Terms) will automatically renew for an additional period of time equal to the length of the preceding Term, unless one party notifies the other of its intent not to renew at least one (1) day in advance of the expiration of the Term or then-current renewal period.
-
-(B)	Termination. Either party may terminate these General Terms, or any Purchased Offering, by written notice to the other party in the event of a material breach of these General Terms, or the specific terms associated with that Purchased Offering, that is not cured within thirty (30) days of receipt of the notice. Upon any expiration or termination of a Purchased Offering, the rights and licenses granted to you for that Purchased Offering will automatically terminate, and you agree to immediately (i) cease using and accessing the Offering, (ii) return or destroy all copies of any On-Premises Products and other Splunk materials and Splunk Confidential Information in your possession or control, and (iii) upon our request, certify in writing the completion of such return or destruction. Upon termination of these General Terms or any Purchased Offering, Splunk will have no obligation to refund any Fees or other amounts received from you during the Term. Notwithstanding any early termination above, except for your termination for our uncured material breach, you will still be required to pay all Fees payable under an Order.
-
-(C)	Survival. The termination or expiration of these General Terms will not affect any provisions herein which by their nature survive termination or expiration, including the provisions that deal with the following subject matters: definitions, ownership of intellectual property, confidentiality, payment obligations, effect of termination, limitation of liability, privacy, and the “Miscellaneous” section in these General Terms.
-
-(D)	Suspension of Service. In the event of a material breach or threatened material breach of this Agreement, Splunk may, without limiting its other rights and remedies, suspend your use of the Hosted Service until such breach is cured or Splunk reasonably believes there is no longer a threat, provided that, we will give you at least five (5) days’ prior notice before suspension. Suspension of a Hosted Service will have no impact on the duration of the Term of the Purchased Offering, or the associated Fees owed.
-
-22.	Limitation of Liability
-In no event will the aggregate liability of either party, together with any of its Affiliates, arising out of or related to any Purchased Offering exceed the total amount paid by you for that Purchased Offering in the twelve (12) months preceding the first incident out of which the liability arose.  However, the foregoing limitation will not limit your obligations under the “Payment” section above and will not be deemed to limit your rights to any service level credits under any applicable Service Level Schedule. Furthermore, the cap above will not be deemed to limit Splunk’s right to recover amounts for your use of an Offering in excess of the Capacity purchased or use outside of Internal Business Purposes.
-
-In no event will either party or its Affiliates have any liability arising out of or related to these General Terms for any lost profits, revenues, goodwill, or indirect, special, incidental, consequential, cover, business interruption or punitive damages.
-
-The foregoing limitations will apply whether the action is in contract or tort and regardless of the theory of liability, even if a party or its Affiliates have been advised of the possibility of such damages or if a party’s or its Affiliates’ remedy otherwise fails of its essential purpose.
-
-The limitation of liability herein will not apply to a party’s infringement of the other party’s intellectual property rights, indemnification obligations, or the fraud, gross negligence or willful misconduct of a party.
-
-The foregoing disclaimers of damages will also not apply to the extent prohibited by law. Some jurisdictions do not allow the exclusion or limitation of certain damages. To the extent such a law applies to you, some or all of the exclusions or limitations set forth above may not apply to you, and you may have additional rights.
-
-23.	Indemnity
-(A)	Our Indemnification to You. Splunk will defend and indemnify you, and pay all damages (including attorneys’ fees and costs) awarded against you, or that are agreed to in a settlement, to the extent a claim, demand, suit or proceeding is made or brought against you or your Affiliates by a third party (including those brought by a government entity) alleging that a Purchased Offering infringes or misappropriates such third party’s patent, copyright, trademark or trade secret (a “Customer Claim”). Splunk will have no obligation under the foregoing provision to the extent a Customer Claim arises from your breach of these General Terms, your Customer Content, Third-Party Extension, or the combination of the Offering with: (i) Customer Content; (ii) Third-Party Extensions; (iii) any software other than software provided by Splunk; or (iv) any hardware or equipment. However, Splunk will indemnify against combination claims to the extent (y) the combined software is necessary for the normal operation of the Purchased Offering (e.g., an operating system), or (z) the Purchased Offering provides substantially all the essential elements of the asserted infringement or misappropriation claim. Splunk may in its sole discretion and at no cost to you: (1) modify any Purchased Offering so that it no longer infringes or misappropriates a third party right, (2) obtain a license for your continued use of the Purchased Offering, in accordance with these General Terms, or (3) terminate the Purchased Offering and refund to you any prepaid fees covering the unexpired Term.
-
-(B)	Your Indemnification to Us. Unless expressly prohibited by applicable law, you will defend and indemnify us, and pay all damages (including attorneys’ fees and costs) awarded against Splunk, or that are agreed to in a settlement, to the extent a claim, demand, suit or proceeding is made or brought against Splunk or its Affiliates by a third party (including those brought by a government entity) that: (i) alleges that your Customer Content or Customer Extensions infringes or misappropriates such third party’s patent, copyright, trademark or trade secret, or violates another right of a third party; or (ii) alleges that your Customer Content or your use of any Offering violates applicable law or regulation.
-
-(C)	Mutual Indemnity. Each party will defend, indemnify and pay all damages (including attorneys’ fees and costs) awarded against the other party, or that are agreed to in a settlement to the extent that an action brought against the other party by a third party  is based upon a claim for bodily injury (including death) to any person, or damage to tangible property resulting from the negligent acts or willful misconduct of the indemnifying party or its personnel hereunder, and will pay any reasonable, direct, out-of-pocket costs, damages and reasonable attorneys’ fees attributable to such claim that are awarded against the indemnified party (or are payable in settlement by the indemnified party).
-
-(D)	Process for Indemnification. The indemnification obligations above are subject to the party seeking indemnification to: (i) provide the other party with prompt written notice of the specific claim; (ii) give the indemnifying party sole control of the defense and settlement of the claim (except that the indemnifying party may not settle any claim that requires any action or forbearance on the indemnified party’s part without their prior consent, which will not unreasonably withhold or delay); and (iii) gives the indemnifying party all reasonable assistance, at such party’s expense.
-
-24.	Updates to Offerings
-Our Offerings and policies may be updated over the course of our relationship. From time to time, Splunk may update or modify an Offering and our policies, provided that: (a) the change and modification applies to all customers generally, and are not targeted to any particular customer; (b) no such change or modification will impose additional fees on you during the applicable Term or additional restrictions on your use of the Offering, (c) no such change will override or supersede the  allocation of risk between us under these General Terms, including without limitation the terms under Sections 22 (Limitation of Liability) and 23 (Indemnity); (d) no such change or modification will materially reduce the security protections or overall functionality of the applicable Offering; and (e) any such change or modification will apply only prospectively, and will not apply to any breach or dispute that arose between the parties prior to the effective date of the change or modification. In the event of any conflict between these General Terms and the policies incorporated herein by reference, these General Terms will control.
-
-25.	Governing Law
-These General Terms will be governed by and construed in accordance with the laws of the State of California, as if performed wholly within the state and without giving effect to the principles of conflict of law. Any legal action or proceeding arising under these General Terms will be brought exclusively in the federal or state courts located in the Northern District of California and the parties hereby consent to personal jurisdiction and venue therein. Splunk may seek injunctive or other relief in any state, federal, or national court of competent jurisdiction for any actual or alleged infringement of intellectual property or other proprietary rights of Splunk, its Affiliates, or any third party.
-
-Neither the Uniform Computer Information Transactions Act nor the United Nations Convention for the International Sale of Goods will apply to these General Terms.
-
-26.	Use of Customer Name
-You agree that we may add your name to our customer list and identify you as a Splunk customer on Splunk’s websites. Any further public use of your name in connection with Splunk marketing activities (e.g., press releases) will require your prior approval.
-
-27.	Miscellaneous
-(A)	Different Terms. Splunk expressly rejects terms or conditions in any Customer purchase order or other similar document that are different from or additional to the terms and conditions set forth in these General Terms. Such different or additional terms and conditions will not become a part of the agreement between the parties notwithstanding any subsequent acknowledgement, invoice or license key that Splunk may issue.
-
-(B)	No Future Functionality. You agree that your purchase of any Offering is not contingent on the delivery of any future functionality or features, or dependent on any oral or written statements made by Splunk regarding future functionality or features.
-
-(C)	Notices. Except as otherwise specified in these General Terms, all notices related to these General Terms will be sent in writing to the addresses set forth in the applicable Order, or to such other address as may be specified by either party to the other party, and will be effective upon (i) personal delivery, (ii) the second business day after mailing, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant system administrator designated by Customer.
-
-(D)	Assignment. Neither party may assign, delegate, or transfer these General Terms, in whole or in part, by agreement, operation of law or otherwise without the prior written consent of the other party, however Splunk may assign these General Terms in whole or in part to an Affiliate or in connection with an internal reorganization or a merger, acquisition, or sale of all or substantially all of Splunk’s assets to which these General Terms relates. Any attempt to assign these General Terms other than as permitted herein will be null and void. Subject to the foregoing, these General Terms will bind and inure to the benefit of the parties’ permitted successors and assigns.
-
-(E)	U.S. Government Use Terms. Splunk provides Offerings for U.S. federal government end use solely in accordance with the following: Government technical data and rights related to Offerings include only those rights customarily provided to the public as defined in these General Terms. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software) and, for Department of Defense transactions, DFARS 252.227-7015 (Technical Data–Commercial Items) and DFARS 227.7202-3 (Rights in Commercial Computer Software or Commercial Computer Software Documentation). If a government agency has a need for rights not conveyed under these terms, it must negotiate with Splunk to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.
-
-(F)	Waiver; Severability. The waiver by either party of a breach of or a default under these General Terms will not be effective unless in writing. The failure by either party to enforce any provisions of these General Terms will not constitute a waiver of any other right hereunder or of any subsequent enforcement of that or any other provisions. If a court of competent jurisdiction holds any provision of these General Terms invalid or unenforceable, the remaining provisions of these General Terms will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law.
-
-(G)	Integration; Entire Agreement. These General Terms along with any additional terms incorporated herein by reference, constitute the complete and exclusive understanding and agreement between the parties and supersedes any and all prior or contemporaneous agreements, communications and understandings, written or oral, relating to their subject matter. Except as otherwise expressly set forth herein, any waiver, modification, or amendment of any provision of these General Terms will be effective only if in writing and signed by duly authorized representatives of both parties.
-
-(H)	Force Majeure. Neither party or its Affiliates, subsidiaries, officers, directors, employees, agents, partners and licensors will (except for the obligation to make any payments) be liable for any delay or failure to perform any obligation under these General Terms where the delay or failure results from any cause beyond their reasonable control, including, without limitation, acts of God, labor disputes or other industrial disturbances, electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockades, embargoes, riots, acts or orders of government, acts of terrorism, or war.
-
-(I)	Independent Contractors; No Third-Party Beneficiaries. The parties are independent contractors. These General Terms do not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries of these General Terms. Neither party has the authority to bind or act on behalf of the other party in any capacity or circumstance whether by contract or otherwise.
-
-General Terms Definitions Exhibit
-
-“Affiliates” means a corporation, partnership or other entity controlling, controlled by or under common control with such party, but only so long as such control continues to exist. For purposes of this definition, “control” means ownership, directly or indirectly, of greater than fifty percent (50%) of the voting rights in such entity (or, in the case of a noncorporate entity, equivalent rights).
-
-“Capacity” means the measurement of usage of an Offering (e.g., aggregate daily volume of data indexed, specific source type rights, number of search and compute units, number of monitored accounts, virtual CPUs, user seats, use cases, storage capacity, etc.) that is purchased for an Offering, as set forth in the applicable Order. The Capacities for each of our Offerings can be found here: https://www.splunk.com/en_us/legal/licensed-capacity.html.
-
-“CCPA” means the California Consumer Privacy Act of 2018.
-
-“Confidential Information” means all nonpublic information disclosed by a party ("Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as “confidential” or that, given the nature of the information or circumstances surrounding its disclosure, should reasonably be understood to be confidential. Notwithstanding the foregoing, “Confidential Information” does not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.
-
-“Content Subscription” means the right of Customer to receive content applicable to an Offering (e.g., models, templates, searches, playbooks, rules and configurations, as described in the relevant Documentation) on a periodic basis over the applicable Term.  Content Subscriptions are purchased as an add-on service and are identified in an Order.
-
-“Customer Content” means any data that is ingested by or on behalf of you into an Offering from your internal data sources.
-
-“Delivery” means the date of Splunk’s initial delivery of the license key for the applicable Offering or, for Hosted Services, the date Splunk makes the applicable Offering available to you for access and use.
-
-“Digital Marketplace” means an online or electronic marketplace operated or controlled by a third party where Splunk has authorized the marketing and distribution of its Offerings.
-
-“Documentation” means the online user guides, documentation and help and training materials published on Splunk’s website (such as at https://docs.splunk.com/Documentation) or accessible through the applicable Offering, as may be updated by Splunk from time to time.
-
-“Enhancements” means any updates, upgrades, releases, fixes, enhancements, or modifications to a Purchased Offering made generally commercially available by Splunk to its customers under the terms and conditions in the Support Exhibit.
-
-“Extension” means any separately downloadable or accessible suite, configuration file, add-on, technical add-on, plug-in, example module, command, function, playbook, content or application that extends the features or functionality of the applicable Offering.
-
-“Fees” means the fees that are applicable to an Offering, as identified in the Order.
-
-“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) as updated, amended or replaced from time to time.
-
-“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended, and supplemented by the Health Information Technology for Economic and Clinical Health Act.
-
-“Hosted Service” means a technology service hosted by or on behalf of Splunk and provided to you.
-
-“Internal Business Purpose” means your use of an Offering for your own internal business operations, based on the analysis, monitoring or processing of your data from your systems, networks, and devices. Such use does not include use on a service bureau basis or otherwise to provide services to, or process data for, any third party, or otherwise use to monitor or service the systems, networks and devices of third parties.
-
-“ITAR Data” means information protected by the International Traffic in Arms Regulations.
-“Nonprofit” means a U.S. Federal 501(c)(3), tax-exempt, nonprofit corporation or association (or other nonprofit entity organized in accordance with the laws of where your nonprofit entity is registered) that has qualified for a free, donated Offering in connection with a Splunk donation program.
-
-“Offerings” means the products, services, and other offerings that Splunk makes generally available, including without limitation On-Premises Products, Hosted Services, Support Programs, Content Subscriptions and Configuration and Implementation Services.
-
-“On-Premises Product” means the Splunk software that is delivered to you and deployed and operated by you or on your behalf on hardware designated by you, and any Enhancements made available to you by Splunk.
-
-“Open Source Software” means software that is licensed under a license approved by the Open Source Initiative or similar freeware license, with terms requiring that such software code be (i) disclosed or distributed in source code or object code form, (ii) licensed for the purpose of making derivative works, and/or (iii) redistributed under the same license terms.
-
-“Orders” means Splunk’s quote or ordering document (including online order form) accepted by you via your purchase order or other ordering document submitted to Splunk (directly or indirectly through an authorized reseller or Digital Marketplace) to order Offerings, which references the Offering, Capacity, pricing and other applicable terms set forth in an applicable Splunk quote or ordering document. Orders do not include the terms of any preprinted terms on your purchase order or other terms on a purchase order that are additional or inconsistent with the terms of these General Terms.
-
-“PCI Data” means credit card information within the scope of the Payment Card Industry Data Security Standard.
-
-“PHI Data” means any protected health data, as defined under HIPAA.
-
-“Purchased Offerings” means the services, subscriptions and licenses to Offerings that are acquired by you under Orders, whether directly or through an authorized reseller or Digital Marketplace.
-
-“Service Level Schedule” means a Splunk policy that applies to the availability and uptime of a Hosted Service and which, if applicable, offers service credits as set forth therein.
-
-“Splunkbase” means Splunk’s online directory of or platform for Extensions, currently located at https://splunkbase.splunk.com and any and all successors, replacements, new versions, derivatives, updates and upgrades and any other similar platform(s) owned and/or controlled by Splunk.
-
-“Splunk Developer Tool” means the standard application programming interface, configurations, software development kits, libraries, command line interface tools, other tooling (including scaffolding and data generation tools), integrated development environment plug-ins or extensions, code examples, tutorials, reference guides and other related materials identified and provided by Splunk to facilitate or enable the creation of Extensions or otherwise support interoperability between the Software and your system or environment.
-
-“Splunk Extensions” means Extensions made available through Splunkbase that are identified on Splunkbase as built by Splunk (and not by any third party).
-
-“Support Programs” are the Support Programs offered by Splunk and identified here: https://www.splunk.com/en_us/support-and-services/support-programs.html.
-
-“Term” means the duration of your subscription or license to the applicable Offering that starts and ends on the date listed on the applicable Order. If no start date is specified in an Order, the start date will be the Delivery date of the Offering.
-
-“Third-Party Content” means information, data, technology, or materials made available to you by any third party that you license and add to a Hosted Service or direct Splunk to install in connection with a Hosted Service. Third-Party Content includes but is not limited to, Third-Party Extensions, web-based or offline software applications, data service or content that are provided by third parties.
-
-“Usage Data” means data generated from the usage, configuration, deployment, access, and performance of an Offering. For example, this may include such things as information about your operating environment, such as your network and systems architecture, or sessions, such as page loads and session views, duration, or interactions, errors, number of searches, source types and format (e.g., json, xml, csv), ingest volume, number of active and licensed users, or search concurrency. Usage Data does not include Customer Content.
-
-Support Exhibit to Splunk General Terms
-
-This Support Exhibit forms a part of the Splunk General Terms and governs your purchase, and Splunk’s provision of Support Services.
-
-1.	Support Programs
-Support Programs purchased as part of a Purchased Offering will be identified in your applicable Order. Splunk will provide you the level of Support Services described under the purchased Support Program, subject to your payment of applicable Fees. “Support Programs” are the Support Programs offered by Splunk and identified here: https://www.splunk.com/en_us/support-and-services/support-programs.html.
-
-2.	Support Services
-“Support Services” include technical support for your Purchased Offerings, and, when available, the provision of Enhancements for your Purchased Offerings, subject to the Support Policy described below. Technical support under a Support Program is available via web portal, and certain Support Programs also make support available via telephone. Support Services will be delivered by a member of Splunk’s technical support team during the regional hours of operation applicable under the Support Program. Support Services are delivered in English unless you are in a location where we have made localized Support Services available.
-
-3.	Support Policy
-Our Support Policy, provided here: https://www.splunk.com/en_us/legal/splunk-software-support-policy.html (“Support Policy”) describes the duration of our Support Services for certain Splunk On-Premises Products and other policies associated with our Support Services.
-
-As we release new versions for our Offerings, we discontinue Support Services for certain older versions.  Our Support Policy sets forth the schedule for the duration of support, and end of support, for Offering versions.  The current versions of our Offerings that are supported under our Support Policy and will be our “Supported Versions” herein. The Support Policy may not apply to Hosted Services, and the product and services version we make available as our Hosted Services will be deemed Supported Versions herein.
-
-4.	Case Priority
-Each Support Program offers different support levels for your case priority levels. When submitting a case, you will select the priority for initial response by logging the case online, in accordance with the priority guidelines set forth under your Support Program. When the case is received, we may in good faith change the priority if the issue does not conform to the criteria for the selected priority. When that happens, we will provide you with notice (electronic or otherwise) of such change.
-
-5.	Exclusions
-We will have no obligation to provide support for issues caused by any of the following (each, a “Customer Generated Error”): (i) modifications to an Offering not made by Splunk; (ii) use of an Offering other than as authorized in the General Terms or as provided in the applicable Documentation; (iii) damage to the machine on which an On-Premises Product is installed; (iv) use of a version of an Offering other than the Supported Version; (vi) third-party products that are not expressly noted in the Documentation as supported by Splunk; or (vi) conflicts related to replacing or installing hardware, drivers, and software that are not expressly supported by Splunk and described in the applicable Documentation. If we determine that support requested by you is for an issue caused by a Customer Generated Error, we will notify you of that fact as soon as reasonably possible under the circumstances. If you agree that we should provide support for the Customer Generated Error via a confirming email, then we will have the right to invoice you at our then-current time and materials rates for any such support provided by us.
-
-6.	Support for Splunk Extensions
-Only Splunk Extensions that are labeled as “Splunk Supported” on Splunkbase, or other Splunk-branded marketplace, are eligible for support, and this support is limited. For those labeled Splunk Supported, we will provide an initial response and acknowledgement in accordance with the P3 terms that are applicable in the applicable Support Program, and Enhancements may be made available. No other terms of a Support Program will apply to a Splunk Application. For those labeled as “Not Supported,” Splunk will have no support obligations.
-
-7.	Authorized Support Contacts
-You are entitled to have a certain number of Support Contacts under each Support Program. “Support Contacts” means the individual(s) specified by you that are authorized to submit support cases.
-
-The number of Support Contacts will be based on the Capacity of the Offering purchased, and the applicable Support Program. The number of Support Contacts will be set forth in customer’s entitlement information on the Splunk support portal.
-
-We only take support requests from, and communicate with, your Support Contacts in connection with support cases. We strongly recommend that your Support Contact(s) are trained on the applicable Offering.  In order to designate Support Contacts, you must provide the individual’s primary email address and Splunk.com login ID.
-
-8.	Defect Resolution
-Should we determine that an Offering has a defect, we will, at our sole option, repair the defect in the version of the Offering that you are then currently using or instruct you to install a newer version of the Offering with that defect repaired. We reserve the right to provide you with a workaround in lieu of fixing a defect should we in our sole judgment determine that it is more effective to do so.
-
-9.	Your Assistance
-Should you report a purported defect or error in an Offering, we may require you to provide us with the following information: (a) a general description of your operating environment; (b) a list of all hardware components, operating systems and networks; (c) a reproducible test case; and (d) any log files, trace and systems files. Your failure to provide this information may prevent us from identifying and fixing that purported defect.
-
-10.	Changes to Support Programs
-You acknowledge that, subject to the Support Policy, and subject to any commitment we have during the Term, we have the right to discontinue the manufacture, development, sale or support of any Offering, at any time, in our sole discretion. We further reserve the right to alter Support Programs from time to time, using reasonable discretion, but in no event will such alterations, during the Term of any Order, result in diminished Support Services from the level of your applicable purchased Support Program.
-
-Configuration and Implementation Services
-Exhibit to Splunk General Terms
-
-This Configuration and Implementation Services Exhibit forms a part of the Splunk General Terms and governs your purchase, and Splunk’s provision of Configuration and Implementation Services.
-
-Capitalized terms below are defined in the General Terms, this Exhibit or in the Definition Exhibit attached to this Exhibit.
-
-1.	Services and Statements of Work
-We will perform the C&I Services for you that are set forth in the applicable Statements of Work.  You will pay the Fees under each Statement of Work in accordance with these General Terms, or otherwise as we may expressly agree in the applicable Statement of Work.
-
-In each Statement of Work, we will designate our primary point of contact for you for all matters relating to the applicable C&I Services (which we may change from time to time upon notice).
-
-2.	Our Personnel
-(A)	Qualifications. The Personnel we assign to perform the C&I Services will be qualified, skilled, experienced and otherwise fit for the performance of the C&I Services. If you, in your reasonable judgement, determine that Personnel assigned to your project are unfit, we will in good faith discuss alternatives, and we will replace Personnel as reasonably necessary. You acknowledge that any replacement may cause delay in the performance of the C&I Services.
-
-(B)	Personnel Conduct. Our Personnel are subject to our Splunk Code of Conduct and Ethics https://investors.splunk.com/code-business-conduct-and-ethics-1, which includes, without limitation, an obligation to comply with our policies on protecting customer information, prohibitions on illegal drugs and any impaired job performance, avoiding conflicts of interest, and acting ethically at all times. We also background check our employees, per the Section below.
-
-(C)	Use of Subcontractors. We reserve the right to use subcontractors in performance of the C&I Services, provided: (a) any subcontractor we use meets the requirements herein and conditions of these General Terms and the Statement of Work; (b) we will be responsible for the subcontractor’s compliance with the terms herein and the Statement of Work; and (c) upon your request or inquiry, we will identify any subcontractor that we are using, or plan to use, for C&I Services, and will cooperate in good faith to provide you with all relevant information regarding such subcontractors.
-
-(D)	No Employee Benefits. We acknowledge and agree that our Personnel are not eligible for or entitled to receive any compensation, benefits, or other incidents of employment that you make available to your employees.  We are solely responsible for all employment related taxes, expenses, withholdings, and other similar statutory obligations arising out of the relationship between us and our Personnel and the performance of C&I Services by such Personnel.
-
-3.	Our Background Checks, Security and Compliance Obligations
-(A)	Compliance with Your Security Program. While on your premises, our Personnel will comply with your security practices and procedures generally prescribed by you for onsite visitors and service providers. However, any requirement that is in addition to the compliance requirements set forth in this Schedule (e.g., background checks that are different from the background checks described herein) must be expressly set forth in a Statement of Work. We agree to discuss in good faith any condition or requirement you may have for our Personnel that are different from standard policies, however any additional requirement may delay C&I Services and must be vetted and implemented by mutual agreement of the parties and expressly set forth in a Statement of Work.  Splunk does not guarantee that it will be able to meet any additional requested requirements.
-
-(B)	Our Security Practices. We implement and follow an enterprise security program, with the policies, plans, and procedures set forth here www.splunk.com/prof-serv-isa. Our Personnel will be subject to the data protection and confidentiality obligations set forth in these General Terms with respect to any of your data that we may have access to in connection with the C&I Services.
-
-(C)	Background Checks. For U.S.-based projects, we will not assign an employee to perform C&I Services under a Statement of Work unless we have run the following background check on the employee:  Criminal Felony & Misdemeanor; SSN Validation; Federal Criminal; SSN Trace; Employment Report – Three (3) Employers; Education Report – One (1) Institution; Global Sanctions & Enforcement; Prohibited Parties; Widescreen Plus National Criminal Search.
-
-(D)	Permissions for Access. In the event you require any Personnel to sign any waivers, releases, or other documents as a condition to gain access to your premises for performance of the C&I Services (“Access Documents”),  you agree: (a) that Personnel who will be required to sign Access Documents will sign on behalf of Splunk; (b) that any additional or conflicting terms in Access Documents with these General Terms will have no effect; and (c) you will pursue any claims for breach of any terms in the Access Documents against Splunk and not the individual signing.
-
-4.	Your Materials
-We will have no rights in or to any Customer Materials, however you grant us the right to use Customer Materials in order to provide the C&I Services. Nothing in these General Terms will deemed to transfer to us any ownership of Customer Materials.
-
-5.	C&I Services Materials and Customizations Unique to You
-(A)	C&I Services Materials. The C&I Services we perform (e.g., configuration of our Offerings), and the C&I Services Materials we offer, create, and deliver to you in connection with the C&I Services, are generally applicable to our business, and therefore we require the right to be able to re-use the C&I Services Materials we create for one customer in connection with all of our customers.  For the avoidance of doubt, our use of the C&I Services Materials created for you in connection with C&I Services will comply with our ongoing obligations and restrictions with respect to your Customer Materials and your Confidential Information, and we will not identify you in any way in connection with our further use of such C&I Services Materials.
-
-(B)	Customer Owned Work Product. However, in the unlikely event that the parties agree that C&I Services Materials for a project are custom work product unique to your business, and not applicable to other customers generally, we will transfer ownership to those agreed C&I Services Materials to you under the applicable Statement of Work. C&I Services Materials must be expressly identified as “Customer Owned Work Product” under a Statement of Work for ownership to pass to you. Subject to payment of applicable Fees under the Statement of Work, we hereby assign to you all rights, title and interest (including all Intellectual Property Rights therein) in and to all C&I Services Materials identified as Customer Owned Work Product (but excluding all Splunk Preexisting IP incorporated into the Customer Owned Work Product).  At your request and expense, we will assist and cooperate with you in all reasonable respects and will execute documents and take such further acts reasonably requested by you to enable you to acquire, transfer, maintain, perfect, and enforce your ownership rights in such Customer Owned Work Product.
-
-(C)	Our Ownership. Subject to your ownership rights in Customer Owned Work Product and Customer Materials, we will own all rights in and to all C&I Services Materials.
-
-(D)	License Rights. For those C&I Services Materials that are not Customer Owned Work Product, you will have the right to access and use those C&I Services Materials in connection with your applicable Offerings, and those rights will be of the same scope and duration as your rights to the underlying Offering.
-
-6.	C&I Services Warranty
-We warrant that the C&I Services will be performed in a good and workmanlike manner consistent with applicable industry standards.  This warranty will be in effect for a period of thirty (30) days from the completion of any C&I Services.  As your sole and exclusive remedy and our entire liability for any breach of the foregoing warranty, we will, at our option and expense, promptly re-perform any C&I Services that fail to meet this warranty or refund to you the fees paid for the non-conforming C&I Services.
-
-7.	Your Cooperation
-You acknowledge that your timely provision of (and our access to) your facilities, equipment, assistance, cooperation, data, information and materials from your officers, agents, and employees (the “Cooperation”) is essential to Splunk’s performance of the C&I Services.  We will not be liable for any delay or deficiency in performing the C&I Services if you do not provide the necessary Cooperation.  As part of the Cooperation, you will (1) designate a project manager or technical lead to liaise with us while we perform the C&I Services; (2) allocate and engage additional resources as may be required to assist us in performing the C&I Services; and (3) making available to us any data, information and any other materials reasonably required by us to perform the C&I Services, including any data, information or materials specifically identified in the Statement of Work.
-
-8.	Insurance
-Throughout any period of C&I Services we perform for you, we will maintain insurance policies in the types and amounts described below at our own expense:
-
-(i)	Commercial General Liability Insurance with a limit of not less than $1,000,000 per occurrence and a general aggregate limit of not less than $2,000,000.
-(ii)	Business Auto Insurance with a limit of not less than $1,000,000 combined single limit.  Such Insurance will cover liability arising out of “hired and non-owned” automobiles.
-(iii)	Worker’s Compensation Insurance as required by workers’ compensation, occupational disease and occupational health and safety laws, statutes, and regulations.
-(iv)	Technology Errors & Omissions Insurance with a limit of not less than $3,000,000 per occurrence and general aggregate.
-(v)	Umbrella/Excess Insurance with a limit of not less than $3,000,000 per occurrence and general aggregate.
-
-9.	Change Order Process
-You may submit written requests to us to change the scope of C&I Services described in a Statement of Work (each such request, a “Change Order Request”).  If we elect to consider a Change Order Request, then we will promptly notify you if we believe that the Change Order Request requires an adjustment to the fees or to the schedule for the performance of the C&I Services.  In such event, the parties will negotiate in good faith a reasonable and equitable adjustment to the fees and/or schedule, as applicable.  We will continue to perform C&I Services pursuant to the existing Statement of Work and will have no obligation to perform any Change Order Request unless and until the parties have agreed in writing to such an equitable adjustment.
-
-10.	Expenses
-Unless otherwise specified in the Statement of Work, we will not charge you for our expenses we incur in connection with a Statement of Work. Our daily C&I Services rates are inclusive of any expenses. In the event the parties agree that expenses are reimbursable under a Statement of Work, we will mutually agree on any travel policy and any required documentation for reimbursement.
-
-11.	Prepaid C&I Services
-Unless otherwise expressly stated in a Statement of Work, all prepaid C&I Services must be redeemed within twelve (12) months from the date of purchase/invoice. At the end of the twelve (12) month term, any remaining pre-paid unused C&I Services will expire; no refunds will be provided for any remaining pre-paid unused C&I Services. Unless otherwise specifically stated in a Statement of Work, Education is invoiced and payable in advance.
-
-Configuration and Implementation Services Definitions Exhibit
-
-“C&I Services” means the services outlined in the Statement of Work.
-
-“C&I Services Materials” means the materials and other deliverables that are provided to you as part of the C&I Services, and any materials, technology, know-how and other innovations of any kind that we or our Personnel may create or reduce to practice in the course of performing the C&I Services, including without limitation all improvements or modifications to our proprietary technology, and all Intellectual Property Rights therein.
-
-“Customer Materials” means the data, information, and materials you provide to us in connection with your use of the C&I Services.
-
-“Fees” means the fees that are applicable to the C&I Services, as identified in the Statement of Work.
-
-“Intellectual Property Rights” means all worldwide intellectual property rights, including copyrights and other rights in works of authorship; rights in trademarks, trade names, and other designations of source or origin; rights in trade secrets and confidential information; and patents and patent applications.
-
-“Personnel” means any employee, consultant, contractor, or subcontractor of Splunk.
-
-“Splunk Preexisting IP” means, with respect to any C&I Services Materials, all associated Splunk technology and all Intellectual Property Rights created or acquired: (a) prior to the date of the Statement of Work that includes such C&I Services Materials, or (b) after the date of such Statement of Work but independently of the C&I Services provided under such Statement of Work.
-
-“Statement of Work” means the statements of work and/or any and all applicable Orders, that describe the specific services to be performed by Splunk, including any materials and deliverables to be delivered by Splunk.
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README.txt b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README.txt
deleted file mode 100644
index f5f01df1..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Splunk Add-on for Unix and Linux
-Copyright (C) 2024 Splunk Inc. All Rights Reserved.
-
-For documentation, see: https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README/restmap.conf.spec b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README/restmap.conf.spec
deleted file mode 100644
index 44ddf4ee..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/README/restmap.conf.spec
+++ /dev/null
@@ -1,12 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-[script:<uniqueName>]
-python.version = {default|python|python2|python3}
-* For Splunk 8.0.x and Python scripts only, selects which Python version to use.
-* Either "default" or "python" select the system-wide default Python version.
-* Optional.
-* Default: not set; uses the system-wide Python version.
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/THIRDPARTY b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/THIRDPARTY
deleted file mode 100644
index 3c4aff4e..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/THIRDPARTY
+++ /dev/null
@@ -1,61 +0,0 @@
-================================================================================
-================================================================================
-
-           Third-Party Software for splunk-add-on-for-unix-and-linux
-
---------------------------------------------------------------------------------
-
-The following 3rd-party software packages may be used by or distributed with splunk-add-on-for-unix-and-linux. Any information relevant to third-party vendors listed below are collected using common, reasonable means.
-
-Date generated: 2024-7-5
-
-Revision ID: a08b431842df3cfc234ba3f0675de8898f9ef6ac
-
-================================================================================
-================================================================================
-
-
-
-
-================================================================================
-
-                                Declared License
-
-================================================================================
-
-No declared license found for splunk-add-on-for-unix-and-linux
-
-
-
-
-================================================================================
-
-                              First Party Licenses
-
-================================================================================
-
-No licenses found
-
-
-
-
-
-================================================================================
-
-                                  Dependencies
-
-================================================================================
-
-
-
-
-================================================================================
-                                    License
-
-================================================================================
-
-
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
-
-Report Generated by FOSSA on 2024-7-5
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/VERSION b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/VERSION
deleted file mode 100644
index 3267917d..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/VERSION
+++ /dev/null
@@ -1,2 +0,0 @@
-9.2.0
-9.2.0
\ No newline at end of file
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/app.manifest b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/app.manifest
deleted file mode 100644
index 05b18b70..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/app.manifest
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-    "dependencies": null,
-    "incompatibleApps": null,
-    "info": {
-        "author": [
-            {
-                "company": "Splunk, Inc.",
-                "email": "support@splunk.com",
-                "name": "Splunk, Inc."
-            }
-        ],
-        "classification": {
-            "categories": [
-                "IT Operations",
-                "Utilities"
-            ],
-            "developmentStatus": "Production/Stable",
-            "intendedAudience": "IT"
-        },
-        "commonInformationModels": {
-            "Authentication": "=4.20.2",
-            "Change": "=4.20.2",
-            "Endpoint": "=4.20.2",
-            "Inventory": "=4.20.2",
-            "Network Sessions": "=4.20.2",
-            "Performance": "=4.20.2"
-        },
-        "description": "Splunk Add-on for Unix and Linux",
-        "id": {
-            "group": null,
-            "name": "Splunk_TA_nix",
-            "version": "9.2.0"
-        },
-        "license": {
-            "name": "Splunk Software License Agreement",
-            "text": "LICENSES/LicenseRef-Splunk-8-2021.txt",
-            "uri": "http://www.splunk.com/view/SP-CAAAAFA"
-        },
-        "privacyPolicy": {
-            "name": null,
-            "text": null,
-            "uri": null
-        },
-        "releaseDate": null,
-        "releaseNotes": {
-            "name": "README",
-            "text": "./README.txt",
-            "uri": "https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Releasenotes"
-        },
-        "title": "Splunk Add-on for Unix and Linux"
-    },
-    "inputGroups": null,
-    "platformRequirements": null,
-    "schemaVersion": "2.0.0",
-    "supportedDeployments": [
-        "_standalone",
-        "_distributed",
-        "_search_head_clustering"
-    ],
-    "targetWorkloads": [
-        "_search_heads",
-        "_forwarders",
-        "_indexers"
-    ],
-    "tasks": null
-}
\ No newline at end of file
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/appIcon.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/appIcon.png
deleted file mode 100644
index 88f67e7257157937dd747b21af2c7af4d3432386..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3348
zcma)<2{=@HAIGO|3uDQ?moauRW5!r!EEzL)(?znh&=`Y>S<H;>RYdl!8)Zv)O(+#g
zWeN4h;963WrLIC_DM?ACYw*rUx9(H#a-QdZ&j0++@B8^J|K)j3it}Du5ugGP004;C
z+hJXKPc?oM*v7k$1M>2Ck4+3$TPr}-eWjPY7eShx7XttglH|8dfPz9f0ANcT$<34L
ziE}~`sALG<kLpW=M38AbYXHD30>$f+iA+2wf*ed?pd!q{>lP?ppFa!*gVs%$LFQmj
zoHGbRr4vDh5ClXYYykv;KxTA5f0QfMW<$<<GY1DUnKTp>8Xg`F2{(XH=>bp}5{ZQB
z!=Z4v9?wFL5lLa<BlIW?)i02*94wJRpp$4!5|sktbMd~^P^LK;%y;zHwGk(ohQs~k
zio)2)i<coZ0#Ad&Ao@@;8TvCNgXv2A7UWNr47W%c5$Z~0P($eiBF|j)XCNlY|37f}
zU)DqTnT%KO{~q^WHQ}Xf#<RxZP*@_J6h`#3p;O80g`wf;3?e^BbMV(FzgO{v>uI7$
z6b2JdArS4c7CaJ!MDjx+;0A_<L<B+)hQQ<X5HL7W&&1cjM2~1fz!MGqktW6nLo?_P
z^1sc&2HlTJ2qhCK%niC9k8Xo8wt>Nn5&Fh(eIpYX3=K2FV6aGxwK38dV}n3^C4VRV
zMmB@~knZ{-`!e@mYw@E~0~0Hl3DO3Qurfr#VAh5va5&c5NZ$sIHa37EOnB*RaKA~v
zbNc0*{g0K}z#{(__B-hh*k9?S01^csjQ!@CKN0_5slG(^6U29J_-hTtGvQ4Gp1*M{
zU}n%C#=f)XF;N&g5znO3-Kf-H3pD>c067OznN&s~l?K9KKyZB+0;Gk*6G#;Pp!RzC
z{wCVsnL+ux^t)aA<w#f`<(&x@K%VmJ`C<VqA0g%d00O)1v1m6>LALwBV5I=*)v4>X
zwX+{a+pA^=!tAn#heIF~)nLr4j6lcD*ks4uodkOl8WbXKC$KeTyIOpNB~Zf7%x!X$
zbQdNvFy7%}mYl#<R@)KNOx&ws`@);Gw{LxdN97Amb88KDnTnR~*xOOG(pR{)-1m8^
z&|rG4teQJPx}68bJlb!U6~AMGuC%=@PO#bG<blq!_$x9h#$C>C@+H47Lp2)Du10fg
zde`di-%{fATaQ~kzNd3$oBaOJM#n%FJ88l1oKY|^UcuEea<dvRUH8qH;x%qGBy()p
zt2Q%SDurtxZaK*f$@$})UvX<=8>OkD<Td8_zpNwkdRaT(Z<U=N=HybsN*4+%#0Xn^
z+MBu$Pg!gwQlsC`;Ehh93ynJ(Kb+84DF|V4th*An$!-xLC-ubEymU`ax0B!VR&V5%
zz|%036(6G&VHc@nv5MdonRh}{j-CsZ<7j_n#Qe+Vkl7DP!W!(B`Dzt^xu$r%{z#)p
zPS7v9OO^nt$jL25?Vz@sV{8A=CJeptn5syh?L4ggnl?RU+oiGcP)bm@d+}gHd?qor
z>_gKDeF=ij>}J;ON~^pKfzzsO(Sp#_0@Jc1q!ErIK4{>gZodm;R6RbYq*FLt=_xz`
z?|-RNCH5vcdr;f?f|yc@yO3~{cy)WrFS*@kR`i3;aZNNFGxw#4g*t%QQTg^U99J=d
z(3WsjEJdhH80n_I{~>$U6Z=H#s<^gDfvfu9WRKc$y@Cq~rB12$u!;H7*26mwd1GT=
zAGlDO;*i*RRxR~OnwV^Od4%l90zzRCBXId~lduZ1r+SOL3fxDdMZyh?7LmCQ?h<3u
zMPJ^N!p}P2GRSnVv?bS%;;)|}L?29z7wm?(c(~)e)EBZX-N<n|FDG_S3urHAh85ic
zp0KhIF~|sr^0}K5OI69$I|4x_7SMM4&#&0il|-O>-b*qOOh;LNZ}z=cw*ymOw-05m
z$u+vA)s^>+akBTcPH(@Hi8<d<)^k9-uK$JWh>mY>y}EivH};A`<AJ2$5cyLBuhC7@
zk;CQj2QS%oPU>j29iH;d(w-mj%^EfWN6*M5?nobdalE4@FF($u$Je7(Fra2uD1v*9
za>H<rHZ?@S$8<B~X3TV$k53<H(qD2s28os^sKozjd+L3EK+CDB#MZsK192Vais^}{
zme`|LrOU3zKJUHbczOWV1kEh>RE*vewYA)9N`ZN1m36qHJ2B(NXVHn#ikdpsj=Ef#
z2Zx@=#W)?puCZ+2_NOS1-F>6!B6*p8^OMGdU32V9zsAU#n=XrsCcq40L|T_$*i}7i
z9WS28;Jh*16he(7JTa=snmZOE{4t}X_LAa|tVYQ7Pu(W<L1J@yJ10~lN*iR|(e2F>
zx?7VRYTV!#O=5TKxi0(o;nA*&gg*<mE!MGN^tbyauEs1+RiF08sZ@H5XDhGhy4PM_
zYCTvD_UUA491uF3c0@Z;HvjhBo2CRUDIvehGUVR5PQ^&4(Y&$Ff8L%0CH^@vd?y?r
zZl3z4%3EotNv5qL>Nle*S6qK?@%=kVRRyXu&qlT<q`Kuu&)|1rnu|*&_PdnRsyJEB
z()~d$e^yGJ>2_0WkOGejls&ctH)svUP&w9>tZFM(=V-k-?xR!>^#1s(9#erJyxijE
zzVpcRp;ayr-XMH`bxx$|Sh;L&fXzb*#qxy;1qb==nF}>9{kX5$#`+77j_2i{v)MPA
z^tLa><)1O{+QPLu;AM<mx$RJ2+aS%B#UAa{_*hOC+<VU_pmk$1HTqqW$sfk)cYGR7
zFkZx{ZQgd=OQzXV;Bvk+2PofD9^2Nn^U9U7wkHgG6fCRg{uO771-E4qCv@ht*3^8@
zc>khL$x}x=-N~6=${2TG)=tgU)3dPSDS_&{FeP1Bd`u)?T5^cGcf6Vq0L!h<Ok4Xb
z?LVF43>mIptQK18ZJ_>gE7K32k<!rZ=~=|i*xD$WJyTh!ktI5EC*|{`yqQdD?5t;+
z%f9GUTjkmz8KK_@>S{obhwh<(Yc$C>{vD?)EFO9r#Gkv&vUABWOo;vSEv10kese%;
zhLeI48K`Y^Q6#mxeta&6)2zv+nP*^18z5JTY(pb74e!h4FkS>^h*)ZFPM{~k4H8k!
z%8jmRXD1C2Z!U%is>=>KKa!LD-~t!=gWG9|y>QV9*OlFH@?cp0l-|(-@rQKeq=upC
zU{YX4<%2<VeHJNM&w3xLROQJ9A#Hq(c{eQOibHYBw(Mi?G>dW44{opu!lItZ&)jm7
zOw0~hM%}C_B@5(-gIl{6?&8k*FDdVRwop?Q7n2rNgfe2)L({HW>71cw*0tZbI8^_L
zGl-4-X!_1+l}$mf9C}TBwh5OfE)+js!r5*2mbj@z+2b0z_qI-7a%?pB_f+p5;1*U>
zbNWZovzv;nBs8}vD@rX{o3YTyWWlao{_o}5mf*{>#<t0$^_oTspYvWcd>B_tKL5lc
zIDw|woFCd$@y_OX@_dq3)FzeRRjj1Lj%kd)w^tvY-CgJ7n=5*r9kF;ySxMbO6gc;h
zF+7GA^IcP`4>&5Z<j80`6EdYdF<G9@&F*t>F+hUZ3iHu<@$u9!r}(@CpUFc<s#aC{
zRXn6cm4uCnYA|uMe~{I)>2B=Fg_FrqdA%=kBAy$Mgrzk)B^`T~cd-KKdJyu|Mjc69
zJ7iSpg*e@kExF_R!reX#xw;ZAD2JC!y<w5_rKesu=18=G#zDEpQ#VvEXiMp*zTGYk
jrax`GyestT{v~MTSw^BnV~!X9SH<3XFSg3+NZh{xjo5?@

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/common.js b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/common.js
deleted file mode 100644
index 62ac0c91..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/common.js
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
- * SPDX-License-Identifier: LicenseRef-Splunk-8-2021
- *
- */
-
-define([], function () {
-  var utils_namespaceFromProperties = function (props) {
-    return {
-      owner: props.acl.owner,
-      app: props.acl.app,
-      sharing: props.acl.sharing
-    }
-  }
-
-  return {
-    utils_namespaceFromProperties: utils_namespaceFromProperties
-  }
-})
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/monitor_inputs.js b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/monitor_inputs.js
deleted file mode 100644
index 5821fa31..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/monitor_inputs.js
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
- * SPDX-License-Identifier: LicenseRef-Splunk-8-2021
- *
- */
-
-define([
-  'splunkjs/ready!', // for splunkjs global
-  './common'
-], function (mvc, sdkx_common) {
-  var root = {
-    Entity: splunkjs.Service.Entity,
-    Collection: splunkjs.Service.Collection
-  }
-
-  var utils_namespaceFromProperties = sdkx_common.utils_namespaceFromProperties
-
-  // -------------------------------------------------------------------------
-  // JS SDK Extension: Monitor Inputs
-
-  var Paths = {
-    monitorInputs: 'data/inputs/monitor'
-  }
-
-  root.MonitorInput = root.Entity.extend({
-    path: function () {
-      return Paths.monitorInputs + '/' + encodeURIComponent(this.name)
-    },
-
-    init: function (service, name, namespace) {
-      this.name = name
-      this._super(service, this.path(), namespace)
-    }
-  })
-
-  root.MonitorInputs = root.Collection.extend({
-    path: function () {
-      return Paths.monitorInputs
-    },
-
-    instantiateEntity: function (props) {
-      var entityNamespace = utils_namespaceFromProperties(props)
-      return new root.MonitorInput(this.service, props.name, entityNamespace)
-    },
-
-    init: function (service, namespace) {
-      this._super(service, this.path(), namespace)
-    }
-  })
-
-  // -------------------------------------------------------------------------
-
-  return root
-})
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/scripted_inputs.js b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/scripted_inputs.js
deleted file mode 100644
index 47337cef..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/components/js_sdk_extensions/scripted_inputs.js
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
- * SPDX-License-Identifier: LicenseRef-Splunk-8-2021
- *
- */
-
-define([
-  'splunkjs/ready!', // for splunkjs global
-  './common'
-], function (mvc, sdkx_common) {
-  var root = {
-    Entity: splunkjs.Service.Entity,
-    Collection: splunkjs.Service.Collection
-  }
-
-  var utils_namespaceFromProperties = sdkx_common.utils_namespaceFromProperties
-
-  // -------------------------------------------------------------------------
-  // JS SDK Extension: Scripted Inputs
-
-  var Paths = {
-    scriptedInputs: 'data/inputs/script'
-  }
-
-  root.ScriptedInput = root.Entity.extend({
-    path: function () {
-      // Approximate path - accepts reads only
-      // ex: data/inputs/script/%2FApplications%2Fsplunk_622light_unix%2Fetc%2Fapps%2FSplunk_TA_nix%2Fbin%2Fcpu.sh
-      return Paths.monitorInputs + '/' + encodeURIComponent(this.name)
-    },
-
-    init: function (service, name, namespace) {
-      this.name = name
-      this._super(service, this.path(), namespace)
-    },
-
-    _load: function (properties) {
-      this._super(properties)
-
-      // HACK: Patch path to be canonical version to enable updates
-      //
-      // Canonical path - accepts reads and updates
-      // ex: data/inputs/script/.%252Fbin%252Fcpu.sh
-      if (this.state().id) {
-        this.qualifiedPath = this.state().id.match(/\/servicesNS\/.*$/)[0]
-      }
-    }
-  })
-
-  root.ScriptedInputs = root.Collection.extend({
-    path: function () {
-      return Paths.scriptedInputs
-    },
-
-    instantiateEntity: function (props) {
-      var entityNamespace = utils_namespaceFromProperties(props)
-      return new root.ScriptedInput(this.service, props.name, entityNamespace)
-    },
-
-    init: function (service, namespace) {
-      this._super(service, this.path(), namespace)
-    }
-  })
-
-  // -------------------------------------------------------------------------
-
-  return root
-})
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.css b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.css
deleted file mode 100644
index bbd6116c..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.css
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
-SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
-SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-
-*/
-
-/* Hide Simple XML dashboard controls: Edit, Export PDF, Print */
-.dashboard-view-controls {
-  display: none !important;
-}
-
-#overview {
-  max-width: 500px;
-  text-align: justify;
-}
-
-.error-box {
-  display: none;
-  color: white;
-  background-color: #d85d3c; /* red */
-  padding: 0.5em;
-  margin-bottom: 1em;
-}
-
-.input-table th {
-  text-align: left;
-}
-
-.input-table th,
-.input-table td {
-  padding: 0 10px 0 10px;
-}
-
-.input-table input[type='radio'] {
-  margin: 4px; /* override with symmetric margins */
-}
-
-.input-table .interval-field {
-  width: 4em; /* narrower than default */
-  text-align: right; /* make the numbers line up */
-  padding: 2px; /* reduce from default of 4 */
-  height: 30px; /* reduce height */
-  margin-top: 12.5px; /* inline with index dropdown */
-}
-
-#btn-bar {
-  margin-top: 1em; /* separate from table */
-}
-
-#btn-bar #save-btn {
-  padding-left: 3em;
-  padding-right: 3em; /* made it wider */
-}
-
-#index-selection .splunk-dropdown {
-  max-width: 50%; /* fix the width of dropdown */
-  width: 300px; /* default width of dropdown */
-  margin-left: 0; /* remove left margin for inlinement */
-  height: 30px; /* reduce height */
-}
-
-.table-header {
-  width: 150px;
-}
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.js b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.js
deleted file mode 100644
index cfca2cfb..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup.js
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
- * SPDX-License-Identifier: LicenseRef-Splunk-8-2021
- *
- */
-
-require([
-  'splunkjs/ready!',
-  'splunkjs/mvc/simplexml/ready!',
-  'underscore',
-  'jquery',
-  '../app/Splunk_TA_nix/components/js_sdk_extensions/scripted_inputs',
-  '../app/Splunk_TA_nix/components/js_sdk_extensions/monitor_inputs'
-], function (mvc, ignored, _, $, sdkx_scripted_inputs, sdkx_monitor_inputs) {
-  var ScriptedInputs = sdkx_scripted_inputs.ScriptedInputs
-  var MonitorInputs = sdkx_monitor_inputs.MonitorInputs
-
-  var service = mvc.createService()
-  var cleaned_data = {}
-
-  // -------------------------------------------------------------------------
-  // Prerequisite Checks
-
-  // Error if running on unrecognized unix
-  //
-  service.get('/services/SetupService', cleaned_data, function (err, response) {
-    if (err) {
-      console.error('Problem fetching data', err)
-    } else if (response.status === 200) {
-      var isRecognizedUnix = JSON.parse(response.data)
-      if (!isRecognizedUnix) {
-        $('#not-unix-error').show()
-        $('#save-btn').addClass('disabled')
-      }
-    } else {
-      console.error('Problem checking whether splunkweb is running on Unix.')
-    }
-  })
-
-  // -------------------------------------------------------------------------
-  // Populate Tables
-
-  var INPUT_ROW_TEMPLATE = _.template(
-    '<tr class="input" data-fullname="<%- fullname %>">\n' +
-      '    <td><%- name %></td>\n' +
-      '    <td><input class="enable-btn"  type="radio" name="<%- name %>" <% if (enabled)  { %>checked="checked"<% } %> /></td>\n' +
-      '    <td><input class="disable-btn" type="radio" name="<%- name %>" <% if (!enabled) { %>checked="checked"<% } %> /></td>\n' +
-      '<% if (interval != -1) { %>\n' +
-      '    <td><input class="interval-field" type="number" value="<%- interval %>" /></td>\n' +
-      '<% } %>\n' +
-      '<% if (index != -1) { %>\n' +
-      '   <% if (index == "") { %>\n' +
-      '       <td>' +
-      '       <splunk-search-dropdown name="metric_index_selector" id="index-selection" label-field="title" value-field="title" search="| rest services/data/indexes  datatype=metric | dedup title | search title!=_*  | table title"/>' +
-      '       </td>\n' +
-      '   <% }else { %>\n' +
-      '       <td>' +
-      '       <splunk-search-dropdown name="metric_index_selector" id="index-selection" label-field="title" value-field="title" value="<%- index %>" search="| rest services/data/indexes  datatype=metric | dedup title | search title!=_*  | table title"/>' +
-      '       </td>\n' +
-      '   <% } %>\n' +
-      '<% } %>\n' +
-      '</tr>\n'
-  )
-
-  // Populate monitor input table
-  var monitorInputs = {}
-  new MonitorInputs(service, {
-    owner: '-',
-    app: 'Splunk_TA_nix',
-    sharing: 'app'
-  }).fetch(function (err, inputs) {
-    var inputsList = _.filter(inputs.list(), function (input) {
-      return input.namespace.app === 'Splunk_TA_nix'
-    })
-
-    _.each(inputsList, function (input) {
-      $('#monitor-input-table').append(
-        $(
-          INPUT_ROW_TEMPLATE({
-            fullname: input.name,
-            name: input.name,
-            enabled: !input.properties().disabled,
-            interval: -1,
-            index: -1
-          })
-        )
-      )
-      monitorInputs[input.name] = input
-    })
-  })
-
-  // Populate scripted Event inputs table
-  var scriptedMetricInputs = {}
-  new ScriptedInputs(service, {
-    owner: '-',
-    app: 'Splunk_TA_nix',
-    sharing: 'app'
-  }).fetch(function (err, inputs) {
-    var inputsList = _.filter(inputs.list(), function (input) {
-      var input_name = input.name
-        .substring(input.name.lastIndexOf('/') + 1)
-        .split('_')
-      return (
-        input.namespace.app === 'Splunk_TA_nix' &&
-        input_name[input_name.length - 1] === 'metric.sh'
-      )
-    })
-
-    _.each(inputsList, function (input) {
-      $('#scripted-metric-input-table').append(
-        $(
-          INPUT_ROW_TEMPLATE({
-            fullname: input.name,
-            name: input.name.substring(input.name.lastIndexOf('/') + 1),
-            enabled: !input.properties().disabled,
-            interval: input.properties().interval,
-            index:
-              input.properties().index === 'default'
-                ? ''
-                : input.properties().index
-          })
-        )
-      )
-      scriptedMetricInputs[input.name] = input
-    })
-  })
-
-  // Populate scripted Event inputs table
-  var scriptedEventInputs = {}
-  new ScriptedInputs(service, {
-    owner: '-',
-    app: 'Splunk_TA_nix',
-    sharing: 'app'
-  }).fetch(function (err, inputs) {
-    var inputsList = _.filter(inputs.list(), function (input) {
-      var input_name = input.name
-        .substring(input.name.lastIndexOf('/') + 1)
-        .split('_')
-      return (
-        input.namespace.app === 'Splunk_TA_nix' &&
-        input_name[input_name.length - 1] !== 'metric.sh'
-      )
-    })
-
-    _.each(inputsList, function (input) {
-      $('#scripted-event-input-table').append(
-        $(
-          INPUT_ROW_TEMPLATE({
-            fullname: input.name,
-            name: input.name.substring(input.name.lastIndexOf('/') + 1),
-            enabled: !input.properties().disabled,
-            interval: input.properties().interval,
-            index: -1
-          })
-        )
-      )
-      scriptedEventInputs[input.name] = input
-    })
-  })
-
-  // -------------------------------------------------------------------------
-  // Buttons
-
-  // Enable All button
-  $('.enable-all-btn').click(function (e) {
-    e.preventDefault()
-    var table = $(e.target).closest('.input-table')
-    $('.input .enable-btn', table).prop('checked', true)
-  })
-
-  // Disable All button
-  $('.disable-all-btn').click(function (e) {
-    e.preventDefault()
-    var table = $(e.target).closest('.input-table')
-    $('.input .disable-btn', table).prop('checked', true)
-  })
-
-  // Save button
-  $('#save-btn').click(function (e) {
-    e.preventDefault()
-    if ($('#save-btn').hasClass('disabled')) {
-      return
-    }
-
-    var savesPending = 0
-    var saveErrors = []
-
-    // Save monitor inputs
-    _.each($('#monitor-input-table .input'), function (inputElem) {
-      var fullname = $(inputElem).data('fullname')
-      var enabled = $('.enable-btn', inputElem).prop('checked')
-
-      var input = monitorInputs[fullname]
-
-      savesPending += 1
-      input.update(
-        {
-          disabled: !enabled
-        },
-        saveDone
-      )
-    })
-
-    var invalidIndex = 0 // invalid index flag
-    var invalidInterval = 0 // invalid interval flag
-    var numbers = /^[0-9]+$/
-    // Save scripted Metric inputs
-    _.each($('#scripted-metric-input-table .input'), function (inputElem) {
-      var fullname = $(inputElem).data('fullname')
-      var enabled = $('.enable-btn', inputElem).prop('checked')
-      var interval = $('.interval-field', inputElem).val()
-      var index = $('#index-selection', inputElem)[0].innerText
-      // Handling internationalization transalation due to ticket ADDON-30736
-      if (
-        index.includes('...') ||
-        index.includes('Search produced no results.')
-      ) {
-        index = enabled === true ? index : '' // Setting index="" if input is disable, so it allows to save.
-        if (enabled) {
-          invalidIndex = 1
-        }
-      }
-      if (!interval.match(numbers)) {
-        // Check for the interval, Interval must contain only numeric values
-        if (interval.charAt(0) === '-' || interval.includes('.')) {
-          interval = 'invalid'
-        }
-        invalidInterval = 1
-      }
-      var input = scriptedMetricInputs[fullname]
-      savesPending += 1
-      input.update(
-        {
-          disabled: !enabled,
-          interval: interval,
-          index: index
-        },
-        saveDone
-      )
-    })
-
-    // Save scripted Event inputs
-    _.each($('#scripted-event-input-table .input'), function (inputElem) {
-      var fullname = $(inputElem).data('fullname')
-      var enabled = $('.enable-btn', inputElem).prop('checked')
-      var interval = $('.interval-field', inputElem).val()
-      if (!interval.match(numbers)) {
-        if (interval.charAt(0) === '-' || interval.includes('.')) {
-          interval = 'invalid'
-        }
-        invalidInterval = 1
-      }
-      var input = scriptedEventInputs[fullname]
-      savesPending += 1
-      input.update(
-        {
-          disabled: !enabled,
-          interval: interval
-        },
-        saveDone
-      )
-    })
-
-    //Set is_configured=true in app.conf
-    service.post('/services/SetupService', cleaned_data, function (
-      err,
-      response
-    ) {
-      if (err) {
-        console.log('Error saving configuration in app.conf')
-      }
-    })
-
-    // After saves are completed...
-    function saveDone (err) {
-      $('#index-not-selected-error').hide()
-      $('#generic-save-error').hide()
-      $('#invalid-interval-error').hide()
-      if (err) {
-        saveErrors.push(err)
-      }
-
-      savesPending -= 1
-      if (savesPending > 0) {
-        return
-      }
-      if (saveErrors.length === 0) {
-        // Save successful. Provide feedback in form of page reload.
-        window.location.reload()
-      } else {
-        // invalid index or interval failure
-        if (invalidIndex || invalidInterval) {
-          if (invalidInterval) {
-            invalidInterval = 0
-            // invalid interval failure
-            $('#invalid-interval-error').show()
-          }
-          if (invalidIndex) {
-            invalidIndex = 0
-            // invalid index failure
-            $('#index-not-selected-error').show()
-          }
-        } else {
-          // Unexpected failure.
-          $('#generic-save-error').show()
-        }
-
-        // (Allow Support to debug if necessary.)
-        console.log('Errors while saving inputs:')
-        console.log(saveErrors)
-      }
-    }
-  })
-})
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup_cloud.js b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup_cloud.js
deleted file mode 100644
index b3eed760..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/appserver/static/setup_cloud.js
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
- * SPDX-License-Identifier: LicenseRef-Splunk-8-2021
- *
- */
-
-require([
-    'splunkjs/ready!',
-    'jquery'
-], function (mvc, $) {
-    var service = mvc.createService()
-    var cleaned_data = {}
-    // Save button
-    $('#save-btn').click(function (e) {
-        e.preventDefault()
-        if ($('#save-btn').hasClass('disabled')) {
-            return
-        }
-
-        //Set is_configured=true in app.conf
-        service.post('/services/SetupService', cleaned_data, function (
-            err,
-            response
-        ) {
-            if (err) {
-                console.log('Error saving configuration in app.conf')
-            }
-            else {
-                // Save successful. Provide feedback in form of page reload.
-                window.location.reload()
-            }
-        })
-    })
-})
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/bandwidth.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/bandwidth.sh
deleted file mode 100755
index e5a1364d..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/bandwidth.sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# jscpd:ignore-start
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='Name    rxPackets_PS txPackets_PS rxKB_PS txKB_PS'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='{printf "%s    %s  %s  %s  %s\n", Name, rxPackets_PS, txPackets_PS, rxKB_PS, txKB_PS}'
-
-# Note: For FreeBSD, bsdsar package needs to be installed. Output matches linux equivalent
-if [ "$KERNEL" = "Linux" ] ; then
-    CMD='sar -n DEV 1 2'
-    # shellcheck disable=SC2016
-    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2 ~ "lo|IFACE") {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$4; rxKB_PS=$5; txKB_PS=$6}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-    if [ "$SOLARIS_10" = "true" ] ; then
-        CMD='netstat -i 1 2'
-        FILTER='(NR==2||NR==3){next}'
-        # shellcheck disable=SC2016
-        EXTRACT_NAME='NR==1 {for (i=0; i< NF/3 -1; i++) { name[i]=$(i*3 + 2); location[name[i]]=i }}'
-        # shellcheck disable=SC2016
-        EXTRACT_FIELDS=' NR==4 { for (each in name){ printf "%s     %s     %s      %s      %s\n",name[each], $(5*location[name[each]]+1), $(5*location[name[each]]+3), "<n/a>","<n/a>"; }}'
-        PRINTF=''
-        FORMAT="$EXTRACT_NAME $EXTRACT_FIELDS"
-
-    elif [ "$SOLARIS_11" = "true" ] ; then
-		if ! dlstat 1 1 > /dev/null 2>&1 ; then
-			CMD='netstat -i 1 2'
-			FILTER='(NR==2||NR==3){next}'
-            # shellcheck disable=SC2016
-			EXTRACT_NAME='NR==1 {for (i=0; i< NF/3 -1; i++) { name[i]=$(i*3 + 2); location[name[i]]=i }}'
-            # shellcheck disable=SC2016
-			EXTRACT_FIELDS=' NR==4 { for (each in name){ printf "%s     %s     %s      %s      %s\n",name[each], $(5*location[name[each]]+1), $(5*location[name[each]]+3), "<n/a>","<n/a>"; }}'
-			PRINTF=''
-			FORMAT="$EXTRACT_NAME $EXTRACT_FIELDS"
-		else
-			CMD='dlstat 1 2'
-			FILTER='(NR==1||NR==2){next}'
-            # shellcheck disable=SC2016
-			FORMAT='
-				function to_kbps(KBPS_param){
-					if(KBPS_param ~ /[Kk]$/){ sub(/[A-Za-z]/,"",KBPS_param); return(KBPS_param); }
-					else if(KBPS_param ~ /[Gg]$/){ sub(/[A-Za-z]/,"",KBPS_param); return(KBPS_param*1024*1024); }
-					else if(KBPS_param ~ /[Mm]$/){ sub(/[A-Za-z]/,"",KBPS_param); return(KBPS_param*1024); }
-					sub(/[a-zA-Z]/,"",KBPS_param); return(KBPS_param/1024);
-				}
-				{Name=$1; rxPackets_PS=$2; txPackets_PS=$4; rxKB_PS=to_kbps($3); txKB_PS=to_kbps($5);}'
-		fi
-    else
-        CMD='sar -n DEV 1 2'
-        # shellcheck disable=SC2016
-        FILTER='($0 ~ "Time|sar| lo") {next}'
-        # shellcheck disable=SC2016
-        FORMAT='{Name=$2; rxPackets_PS=$5; txPackets_PS=$6; rxKB_PS=$3; txKB_PS=$4}'
-    fi
-elif [ "$KERNEL" = "AIX" ] ; then
-    # Sample output: http://www-01.ibm.com/support/knowledgecenter/ssw_aix_61/com.ibm.aix.performance/nestat_in.htm
-    CMD='eval netstat -i -Z; sleep 1; netstat -in'
-    # shellcheck disable=SC2016
-    FILTER='($0 ~ "Name|sar|lo") {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS="?"; txKB_PS="?"}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-    CMD='sar -n DEV 1 2'
-    # shellcheck disable=SC2016
-    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2~/lo[0-9]|IFACE/) {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$5; rxKB_PS=$4/1024; txKB_PS=$6/1024}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    # Sample output: http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c02263324
-    CMD='netstat -i 1 2'
-    # shellcheck disable=SC2016
-    FILTER='($0 ~ "Name|sar| lo") {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS=?; txKB_PS=?}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-    CMD='sar -n DEV 1 2'
-    # shellcheck disable=SC2016
-    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2 ~ "lo|IFACE") {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$4; rxKB_PS=$5; txKB_PS=$6}'
-fi
-
-assertHaveCommand "$CMD"
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
-# jscpd:ignore-end
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/common.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/common.sh
deleted file mode 100755
index adbbe521..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/common.sh
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1000-SC9999 # Reason: This script is used in all the scripts and any change in this script would require a higher effort in testing all the scripts. Hence ignoring whole file.
-# # # we don't want to point OS's utilities -- e.g. ntpdate(1) -- to libraries which Splunk bundles in SPLUNK_HOME/lib/
-unset LD_PRELOAD LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
-
-# # # NIX-203 - set LANG env variable set to en_US to avoid parsing problems in other locales
-EngLocale=`locale -a | grep -i "en_US.utf"`
-if [ ! -z "$EngLocale" ]; then
-    LC_ALL=`echo $EngLocale | awk 'NR==1 {printf $1}'`
-    export LC_ALL
-fi
-
-# # # are we in debug mode?
-if [ $# -ge 1 -a "x$1" = "x--debug" ] ; then
-    DEBUG=1
-    TEE_DEST=`dirname $0`/debug--`basename $0`--`date | sed 's/ /_/g;s/:/-/g'`
-else
-    DEBUG=0
-    TEE_DEST=/dev/null
-fi
-
-DMESG_FILE=/var/log/dmesg
-OS_FILE=/etc/os-release
-# # # what OS is this?
-KERNEL=`uname -s`
-# # # what is the Kernel version?
-KERNEL_RELEASE=`uname -r`
-
-# # # assert we are in a supported OS
-AWK=awk
-case "x$KERNEL" in
-    "xLinux")
-        if [ -e $OS_FILE ]; then
-            UBUNTU_MAJOR_VERSION=`awk -F'[".]' '/VERSION_ID=/ {print $2} ' $OS_FILE`;
-            OS_ID=$(awk -F'=' ' /ID_LIKE=/ {print $2}' $OS_FILE)
-        else
-            UBUNTU_MAJOR_VERSION="";
-            echo "$OS_FILE does not exist. UBUNTU_MAJOR_VERSION will be empty." > $TEE_DEST
-        fi
-        # # # enable check for OS versions, if needed later
-        if [ -e /etc/debian_version ]; then DEBIAN=true; else DEBIAN=false; fi
-
-        # # # /sbin/ is often absent in non-root users' PATH, and we want it for ifconfig(8)
-        PATH=$PATH:/sbin/
-        ;;
-    "xSunOS")
-        # # # enable check for OS versions, if needed later
-        if [ `uname -r` = "5.8" ]; then SOLARIS_8=true; else SOLARIS_8=false; fi
-        if [ `uname -r` = "5.9" ]; then SOLARIS_9=true; else SOLARIS_9=false; fi
-        if [ `uname -r` = "5.10" ]; then SOLARIS_10=true; else SOLARIS_10=false; fi
-        if [ `uname -r` = "5.11" ]; then SOLARIS_11=true; else SOLARIS_11=false; fi
-
-        # # # eschew the antedeluvial awk
-        AWK=nawk
-        ;;
-    "xDarwin")
-        OSX_MINOR_VERSION=`sw_vers | sed -En '/ProductVersion/ s/^[^.]+\.([0-9]+)(\.[^.])?$/\1/p'`
-        OSX_MAJOR_VERSION=`sw_vers | sed -En '/ProductVersion/ s/^[^0-9]+([0-9]+)\.[0-9]+(\.[^.]+)?$/\1/p'`
-
-        # OSX_GE_SNOW_LEOPARD is for backward compatiblity.
-        # Recommend that new code just use $OSX_MINOR_VERSION directly.
-        if [ "$OSX_MAJOR_VERSION" == 10 ] && [ "$OSX_MINOR_VERSION" -ge 6 ]; then
-            OSX_GE_SNOW_LEOPARD=true;
-        else
-            OSX_GE_SNOW_LEOPARD=false;
-        fi
-
-        ;;
-    "xFreeBSD")
-        ;;
-    "xAIX")
-        ;;
-    "xHP-UX")
-        ;;
-    *)
-        echo "UNIX flavor [$KERNEL] unsupported for Splunk *NIX App, quitting" > $TEE_DEST
-        exit 1
-        ;;
-esac
-
-# # # check for presence of required commands; we do not assume that which(1) exists, and roll our own
-queryHaveCommand () # returns 0 if found, 1 if not
-{
-    [ "x$1" = "xeval" ] && shift
-    for directory in `echo $PATH | sed 's/:/ /g'`
-    do
-        [ -x $directory/$1 ] && return 0
-    done
-    return 1
-}
-
-failLackCommand ()
-{
-    echo "Not found command [$1] on this host, quitting" > $TEE_DEST
-    exit 1
-}
-
-failLackMultipleCommands ()
-{
-    echo "Not found any of commands [$*] on this host, quitting" > $TEE_DEST
-    exit 1
-}
-
-assertHaveCommand ()
-{
-    queryHaveCommand $1
-    if [ $? -eq 1 ] ; then
-        failLackCommand $1
-    fi
-}
-
-assertHaveCommandGivenPath ()
-{
-    [ "x$1" = "xeval" ] && shift
-    [ -x $1 ] && return
-    echo "Not found commandGivenPath [$1] on this host, quitting" > $TEE_DEST
-    exit 1
-}
-
-failUnsupportedScript ()
-{
-    echo "UNIX flavor [$KERNEL] unsupported for this script, quitting" > $TEE_DEST
-    exit 0
-}
-
-assertInvokerIsSuperuser ()
-{
-    [ `id -u` -eq 0 ] && return
-    echo "Must be superuser to run this script, quitting" > $TEE_DEST
-    exit 1
-}
-
-# # # check for presence of a few basic commands ubiquitous in our scripts
-assertHaveCommand $AWK
-assertHaveCommand egrep
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu.sh
deleted file mode 100755
index 4657a72d..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu.sh
+++ /dev/null
@@ -1,184 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='CPU    pctUser    pctNice  pctSystem  pctIowait    pctIdle'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='{printf "%-3s  %9s  %9s  %9s  %9s  %9s\n", cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-    queryHaveCommand sar
-    FOUND_SAR=$?
-    queryHaveCommand mpstat
-    FOUND_MPSTAT=$?
-    if [ $FOUND_SAR -eq 0 ] ; then
-        CMD='sar -P ALL 1 1'
-        # shellcheck disable=SC2016
-        FORMAT='{cpu=$(NF-6); pctUser=$(NF-5); pctNice=$(NF-4); pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$NF}'
-    elif [ $FOUND_MPSTAT -eq 0 ] ; then
-        CMD='mpstat -P ALL 1 1'
-        # shellcheck disable=SC2016
-        FORMAT='{cpu=$(NFIELDS-10); pctUser=$(NFIELDS-9); pctNice=$(NFIELDS-8); pctSystem=$(NFIELDS-7); pctIowait=$(NFIELDS-6); pctIdle=$NF}'
-    else
-        failLackMultipleCommands sar mpstat
-    fi
-    # shellcheck disable=SC2016
-    FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){  NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-    if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
-        CMD='eval mpstat -a -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -p 1 2 | tail -r'
-    else
-        CMD='eval mpstat -aq -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -q -p 1 2 | tail -r'
-    fi
-    assertHaveCommand "$CMD"
-    # shellcheck disable=SC2016
-    FILTER='($1=="CPU") {exit 1}'
-    # shellcheck disable=SC2016
-    FORMAT='{cpu=$1; pctUser=$(NF-4); pctNice="0"; pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$(NF-1)}'
-elif [ "$KERNEL" = "AIX" ] ; then
-    queryHaveCommand mpstat
-    queryHaveCommand lparstat
-    FOUND_MPSTAT=$?
-    FOUND_LPARSTAT=$?
-    if [ $FOUND_MPSTAT -eq 0 ] && [ $FOUND_LPARSTAT -eq 0 ] ; then
-        # Get extra fields from lparstat
-        COUNT=$(lparstat | grep " app" | wc -l)
-        if [ $COUNT -gt 0 ] ; then
-            # Fetch value from "app" column of lparstat output
-            FETCH_APP_COL_NUM='BEGIN {app_col_num = 8}
-            {
-                if($0 ~ /System configuration|^$/) {next}
-                if($0 ~ / app/)
-                {
-                    for(i=1; i<=NF; i++)
-                    {
-                        if($i == "app")
-                        {
-                            app_col_num = i;
-                            break;
-                        }
-                    }
-                    print app_col_num;
-                    exit 0;
-                }
-            }'
-            APP_COL_NUM=$(lparstat | awk "$FETCH_APP_COL_NUM")
-            CPUPool=$(lparstat | tail -1 | awk -v APP_COL_NUM=$APP_COL_NUM -F " " '{print $APP_COL_NUM}')
-        else
-            CPUPool=0
-        fi
-        # Fetch other required fields from lparstat output
-        OnlineVirtualCPUs=$(lparstat -i | grep "Online Virtual CPUs" | awk -F " " '{print $NF}')
-        EntitledCapacity=$(lparstat -i | grep "Entitled Capacity  " | awk -F " " '{print $NF}')
-        DEFINE="-v CPUPool=$CPUPool -v OnlineVirtualCPUs=$OnlineVirtualCPUs -v EntitledCapacity=$EntitledCapacity"
-
-        # Get cpu stats using mpstat command and manipulate the output for adding extra fields
-        CMD='mpstat -a 1 1'
-        # shellcheck disable=SC2016
-        FORMAT='BEGIN {flag = 0}
-        {
-            if($0 ~ /System configuration|^$/) {next}
-            if(flag == 1)
-            {
-                # Prepend extra field values from lparstat
-                for(i=NF+4; i>=4; i--)
-                {
-                    $i = $(i-3);
-                }
-                if($0 ~ /ALL/)
-                {
-                    $1 = CPUPool;
-                    $2 = OnlineVirtualCPUs;
-                    $3 = EntitledCapacity;
-                }
-                else
-                {
-                    $1 = "-";
-                    $2 = "-";
-                    $3 = "-";
-                }
-            }
-            if($0 ~ /cpu /)
-            {
-                # Prepend extra field headers from lparstat
-                for(i=NF+4; i>=4; i--)
-                {
-                    $i = $(i-3);
-                }
-                $1 = "CPUPool";
-                $2 = "OnlineVirtualCPUs";
-                $3 = "EntitledCapacity";
-                flag = 1;
-            }
-            for(i=1; i<=NF; i++)
-            {
-                printf "%17s ", $i;
-            }
-            print "";
-        }'
-    fi
-    $CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FORMAT"
-    echo "Cmd = [$CMD];  | $AWK $DEFINE '$FORMAT'" >> "$TEE_DEST"
-    exit
-elif [ "$KERNEL" = "Darwin" ] ; then
-    HEADER='CPU    pctUser  pctSystem    pctIdle'
-    HEADERIZE="BEGIN {print \"$HEADER\"}"
-    PRINTF='{printf "%-3s  %9s  %9s  %9s \n", cpu, pctUser, pctSystem, pctIdle}'
-    # top command here is used to get a single instance of cpu metrics
-    CMD='top -l 1'
-    assertHaveCommand "$CMD"
-    # FILTER here skips all the rows that doesn't match "CPU".
-    # shellcheck disable=SC2016
-    FILTER='($1 !~ "CPU") {next;}'
-    # FORMAT here removes '%'in the end of the metrics.
-    # shellcheck disable=SC2016
-    FORMAT='function remove_char(string, char_to_remove) {
-                                    sub(char_to_remove, "", string);
-                                    return string;
-                            }
-                            {
-                                cpu="all";
-                                pctUser = remove_char($3, "%");
-                                pctSystem = remove_char($5, "%");
-                                pctIdle = remove_char($7, "%");
-                                }'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-    CMD='eval top -P -d2 c; top -d2 c'
-    assertHaveCommand "$CMD"
-    # shellcheck disable=SC2016
-    FILTER='($1 !~ "CPU") { next; }'
-    # shellcheck disable=SC2016
-    FORMAT='function remove_char(string, char_to_remove) {
-				sub(char_to_remove, "", string);
-				return string;
-			}
-			{
-				if ($1 == "CPU:") {
-					cpu = "all";
-				} else {
-					cpu = remove_char($2, ":");
-				}
-			}
-			{
-				pctUser = remove_char($(NF-9), "%");
-				pctNice = remove_char($(NF-7), "%");
-				pctSystem = remove_char($(NF-5), "%");
-				pctIdle = remove_char($(NF-1), "%");
-				pctIowait = "0.0";
-			}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    queryHaveCommand sar
-    FOUND_SAR=$?
-    if [ $FOUND_SAR -eq 0 ] ; then
-        CMD='sar -M 1 1 ALL'
-    fi
-    FILTER='/HP-UX|^$|%/ {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{k=0; if(5<NF) k=1} {cpu=$(1+k); pctUser=$(2+k); pctNice="0"; pctSystem=$(3+k); pctIowait=$(4+k); pctIdle=$(5+k)}'
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu_metric.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu_metric.sh
deleted file mode 100755
index 04d73df3..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/cpu_metric.sh
+++ /dev/null
@@ -1,211 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='CPU    pctUser    pctNice  pctSystem  pctIowait    pctIdle    OSName                                   OS_version  IP_address'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='{printf "%-3s  %9s  %9s  %9s  %9s  %9s    %-35s %15s  %-16s\n", cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address}'
-FILL_DIMENSIONS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-    queryHaveCommand sar
-    FOUND_SAR=$?
-    queryHaveCommand mpstat
-    FOUND_MPSTAT=$?
-    if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1)"
-    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1)"
-    fi
-    if [ $FOUND_SAR -eq 0 ] ; then
-        CMD='sar -P ALL 1 1'
-        # shellcheck disable=SC2016
-        FORMAT='{cpu=$(NF-6); pctUser=$(NF-5); pctNice=$(NF-4); pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$NF;OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-    elif [ $FOUND_MPSTAT -eq 0 ] ; then
-        CMD='mpstat -P ALL 1 1'
-        # shellcheck disable=SC2016
-        FORMAT='{cpu=$(NFIELDS-10); pctUser=$(NFIELDS-9); pctNice=$(NFIELDS-8); pctSystem=$(NFIELDS-7); pctIowait=$(NFIELDS-6); pctIdle=$NF;OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-    else
-        failLackMultipleCommands sar mpstat
-    fi
-    # shellcheck disable=SC2016
-    FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){  NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-    if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
-        CMD='eval mpstat -a -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -p 1 2 | tail -r'
-    else
-        CMD='eval mpstat -aq -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -q -p 1 2 | tail -r'
-    fi
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    assertHaveCommand "$CMD"
-    # shellcheck disable=SC2016
-    FILTER='($1=="CPU") {exit 1}'
-    # shellcheck disable=SC2016
-    FORMAT='{cpu=$1; pctUser=$(NF-4); pctNice="0"; pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$(NF-1);OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-elif [ "$KERNEL" = "AIX" ] ; then
-    queryHaveCommand mpstat
-    queryHaveCommand lparstat
-    FOUND_MPSTAT=$?
-    FOUND_LPARSTAT=$?
-    DEFINE="-v OSName=$(uname -s) -v OSVersion=$(oslevel -r |  cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    if [ $FOUND_MPSTAT -eq 0 ] && [ $FOUND_LPARSTAT -eq 0 ] ; then
-        # Get extra fields from lparstat
-        COUNT=$(lparstat | grep " app" | wc -l)
-        if [ $COUNT -gt 0 ] ; then
-            # Fetch value from "app" column of lparstat output
-            FETCH_APP_COL_NUM='BEGIN {app_col_num = 8}
-            {
-                if($0 ~ /System configuration|^$/) {next}
-                if($0 ~ / app/)
-                {
-                    for(i=1; i<=NF; i++)
-                    {
-                        if($i == "app")
-                        {
-                            app_col_num = i;
-                            break;
-                        }
-                    }
-                    print app_col_num;
-                    exit 0;
-                }
-            }'
-            APP_COL_NUM=$(lparstat | awk "$FETCH_APP_COL_NUM")
-            CPUPool=$(lparstat | tail -1 | awk -v APP_COL_NUM=$APP_COL_NUM -F " " '{print $APP_COL_NUM}')
-        else
-            CPUPool=0
-        fi
-        # Fetch other required fields from lparstat output
-        OnlineVirtualCPUs=$(lparstat -i | grep "Online Virtual CPUs" | awk -F " " '{print $NF}')
-        EntitledCapacity=$(lparstat -i | grep "Entitled Capacity  " | awk -F " " '{print $NF}')
-        DEFINE_LPARSTAT_FIELDS="-v CPUPool=$CPUPool -v OnlineVirtualCPUs=$OnlineVirtualCPUs -v EntitledCapacity=$EntitledCapacity"
-
-        # Get cpu stats using mpstat command and manipulate the output for adding extra fields
-        CMD='mpstat -a 1 1'
-        # shellcheck disable=SC2016
-        FORMAT='BEGIN {flag = 0}
-        {
-            if($0 ~ /System configuration|^$/) {next}
-            if(flag == 1)
-            {
-                for(i=NF+7; i>=7; i--)
-                {
-                    $i = $(i-6);
-                }
-                # Prepend OSName, OS_version, IP_address values
-                $1 = OSName;
-                $2 = OSVersion/1000;
-                $3 = IP_address;
-                # Prepend lparstat field values
-                if($0 ~ /ALL/)
-                {
-                    $4 = CPUPool;
-                    $5 = OnlineVirtualCPUs;
-                    $6 = EntitledCapacity;
-                }
-                else
-                {
-                    $4 = "-";
-                    $5 = "-";
-                    $6 = "-";
-                }
-            }
-            if($0 ~ /cpu /)
-            {
-                for(i=NF+7; i>=7; i--)
-                {
-                    $i = $(i-6);
-                }
-                # Prepend OSName, OS_version, IP_address headers
-                $1 = "OSName";
-                $2 = "OS_version";
-                $3 = "IP_address";
-                # Prepend lparstat field headers
-                $4 = "CPUPool";
-                $5 = "OnlineVirtualCPUs";
-                $6 = "EntitledCapacity";
-                flag = 1;
-            }
-            for(i=1; i<=NF; i++)
-            {
-                printf "%17s ", $i;
-            }
-            print "";
-        }'
-    fi
-    $CMD | tee "$TEE_DEST" | $AWK $DEFINE $DEFINE_LPARSTAT_FIELDS "$FORMAT $FILL_DIMENSIONS"
-    echo "Cmd = [$CMD];  | $AWK $DEFINE $DEFINE_LPARSTAT_FIELDS '$FORMAT $FILL_DIMENSIONS'" >>"$TEE_DEST"
-    exit
-elif [ "$KERNEL" = "Darwin" ] ; then
-    HEADER='CPU    pctUser  pctSystem    pctIdle    OSName                                   OS_version  IP_address'
-    HEADERIZE="BEGIN {print \"$HEADER\"}"
-    PRINTF='{printf "%-3s  %9s  %9s  %9s    %-35s %15s  %-16s\n", cpu, pctUser, pctSystem, pctIdle, OSName, OS_version, IP_address}'
-    # top command here is used to get a single instance of cpu metrics
-    CMD='top -l 1'
-    assertHaveCommand "$CMD"
-    # FILTER here skips all the rows that doesn't match "CPU".
-    # shellcheck disable=SC2016
-    FILTER='($1 !~ "CPU") {next;}'
-
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    # FORMAT here removes '%'in the end of the metrics.
-    # shellcheck disable=SC2016
-    FORMAT='function remove_char(string, char_to_remove) {
-                                    sub(char_to_remove, "", string);
-                                    return string;
-                            }
-                            {
-                                cpu="all";
-                                pctUser = remove_char($3, "%");
-                                pctSystem = remove_char($5, "%");
-                                pctIdle = remove_char($7, "%");
-                                OSName=OSName;
-                                OS_version=OS_version;
-                                IP_address=IP_address;
-                                }'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-    CMD='eval top -P -d2 c; top -d2 c'
-    assertHaveCommand "$CMD"
-    # shellcheck disable=SC2016
-    FILTER='($1 !~ "CPU") { next; }'
-    # shellcheck disable=SC2016
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    # shellcheck disable=SC2016
-    FORMAT='function remove_char(string, char_to_remove) {
-				sub(char_to_remove, "", string);
-				return string;
-			}
-			{
-				if ($1 == "CPU:") {
-					cpu = "all";
-				} else {
-					cpu = remove_char($2, ":");
-				}
-			}
-			{
-				pctUser = remove_char($(NF-9), "%");
-				pctNice = remove_char($(NF-7), "%");
-				pctSystem = remove_char($(NF-5), "%");
-				pctIdle = remove_char($(NF-1), "%");
-				pctIowait = "0.0";
-                OSName=OSName;
-                OS_version=OS_version;
-                IP_address=IP_address;
-			}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    queryHaveCommand sar
-    FOUND_SAR=$?
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    if [ $FOUND_SAR -eq 0 ] ; then
-        CMD='sar -M 1 1 ALL'
-    fi
-    FILTER='/HP-UX|^$|%/ {next}'
-    # shellcheck disable=SC2016
-    FORMAT='{k=0; if(5<NF) k=1} {cpu=$(1+k); pctUser=$(2+k); pctNice="0"; pctSystem=$(3+k); pctIowait=$(4+k); pctIdle=$(5+k); OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-fi
-# shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $FILTER $FORMAT $FILL_DIMENSIONS $PRINTF" header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK $DEFINE '$HEADERIZE $FILTER $FORMAT $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >>"$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df.sh
deleted file mode 100755
index a2ab71c9..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df.sh
+++ /dev/null
@@ -1,318 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# jscpd:ignore-start
-if [ "$KERNEL" = "Linux" ] ; then
-	assertHaveCommand df
-	CMD='df -h --output=source,fstype,size,used,avail,pcent,itotal,iused,iavail,ipcent,target'
-	# shellcheck disable=SC2016
-	BEGIN='BEGIN { OFS = "\t" }'
-	# shellcheck disable=SC2016
-	FILTER_POST='/(devtmpfs|tmpfs)/ {next}'
-	# shellcheck disable=SC2016
-	PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-			sub("Mounted on","MountedOn",$0);
-		}
-		match($0,/^(.*[^ ]) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+%|-) +(.*)$/,a);
-		if (length(a) != 0)
-		{ printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", a[1],a[2],a[3],a[4],a[5],a[6],a[7],a[8],a[9],a[10],a[11];}
-	}'
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-	assertHaveCommandGivenPath /usr/bin/df
-	CMD_1='eval /usr/bin/df -n ; /usr/bin/df -g'
-	CMD_2='/usr/bin/df -h'
-
-	# shellcheck disable=SC2016
-	BEGIN='BEGIN { OFS = "\t" }'
-	#Filters out Inode info from df -g output -> inodes = Value just before "total files" & ifree = Value just before "free files"
-	# shellcheck disable=SC2016
-	INODE_FILTER='
-	/^\// {key=$1}
-	{
-		for(i=1;i<=NF;i++)
-		{
-			if($i == "total" && $(i+1) == "files")
-			{
-				inodes=$(i-1)
-			}
-			if($i == "free" && $(i+1) == "files")
-			{
-				ifree=$(i-1)
-			}
-		}
-	}
-	{if(NR%5==0) sub("\\(.*\\)?", "", key); print "INODE:" key, inodes, ifree}'
-
-	CMD="${CMD_1} | ${AWK} '${INODE_FILTER}'; ${CMD_2}"
-	FILTER_PRE='/libc_psr/ {next}'
-
-	#Maps fsType and inode info from the output of INODE_FILTER
-	# shellcheck disable=SC2016
-	MAP_FS_TO_TYPE='/INODE:/ {MoInodes[$1] = $2; MoIFree[$1] = $3;} /: / {
-		for(i=1;i<=NF;i++){
-			if($i ~ /^\/.*/)
-				keyCol=i;
-			else if($i ~ /[a-zA-Z0-9]/)
-				valueCol=i;
-		}
-		if($keyCol ~ /^\/.*:/)
-			fsTypes[substr($keyCol,1,length($keyCol)-1)] = $valueCol;
-		else
-			fsTypes[$keyCol]=$valueCol;
-	}'
-
-	#Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-	# shellcheck disable=SC2016
-	PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-			for(i=1;i<=NF;i++){
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-					sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-			$(NF+1)="IUsed";
-			$(NF+1)="IFree";
-			$(NF+1)="IUsePct";
-
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-			if($i ~ /^\/\S*/ && i==mountedCol && !(fsTypes[$mountedCol]~/(devfs|ctfs|proc|mntfs|objfs|lofs|fd|tmpfs)/) && !($0 ~ /.*\/proc.*/)){
-				$(NF+1)=fsTypes[$mountedCol];
-				$(NF+1)=MoInodes["INODE:"$mountedCol];
-				$(NF+1)=MoInodes["INODE:"$mountedCol]-MoIFree["INODE:"$mountedCol];
-				$(NF+1)=MoIFree["INODE:"$mountedCol];
-
-				if(MoInodes["INODE:"$mountedCol]>0)
-				{
-					$(NF+1)=int(((MoInodes["INODE:"$mountedCol]-MoIFree["INODE:"$mountedCol])*100)/MoInodes["INODE:"$mountedCol])"%";
-				}
-				else
-				{
-					$(NF+1)="0";
-				}
-
-				print $0;
-			}
-		}
-	}'
-
-elif [ "$KERNEL" = "AIX" ] ; then
-	assertHaveCommandGivenPath /usr/bin/df
-	CMD='eval /usr/sysv/bin/df -n ; /usr/bin/df -kP -F %u %f %z %l %n %p %m'
-
-	# Normalize Size, Used and Avail columns
-	# shellcheck disable=SC2016
-	NORMALIZE='
-	function fromKB(KB) {
-		MB = KB/1024;
-		if (MB<1024) return MB "M";
-		GB = MB/1024;
-		if (GB<1024) return GB "G";
-		TB = GB/1024; return TB "T"
-	}
-	{
-		if($0 ~ /^Filesystem.*/){
-			for(i=1;i<=NF;i++){
-				if($i=="1024-blocks") {sizeCol=i; sizeFlag=1;}
-				if($i=="Used") {usedCol=i; usedFlag=1;}
-				if($i=="Available") {availCol=i; availFlag=1;}
-			}
-		}
-		if(!($0 ~ /^Filesystem.*/) && sizeFlag==1)
-			$sizeCol=fromKB($sizeCol);
-		if(!($0 ~ /^Filesystem.*/) && usedFlag==1)
-			$usedCol=fromKB($usedCol);
-		if(!($0 ~ /^Filesystem.*/) && availFlag==1)
-			$availCol=fromKB($availCol);
-	}'
-
-	#Maps fsType
-	# shellcheck disable=SC2016
-	MAP_FS_TO_TYPE='/: / {
-		for(i=1;i<=NF;i++){
-			if($i ~ /^\/.*/)
-				keyCol=i;
-			else if($i ~ /[a-zA-Z0-9]/)
-				valueCol=i;
-		}
-		if($keyCol ~ /^\/.*:/)
-			fsTypes[substr($keyCol,1,length($keyCol)-1)] = $valueCol;
-		else
-			fsTypes[$keyCol]=$valueCol;
-	}'
-
-	# shellcheck disable=SC2016
-	BEGIN='BEGIN { OFS = "\t" }'
-	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-	# shellcheck disable=SC2016
-	PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-			sub("%Iused","IUsePct",$0);
-			for(i=1;i<=NF;i++){
-				if($i=="Iused") iusedCol=i;
-				if($i=="Ifree") ifreeCol=i;
-
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-					sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-			if($i ~ /^\/\S*/ && i==mountedCol && !(fsTypes[$mountedCol]~/(devfs|ctfs|proc|mntfs|objfs|lofs|fd|tmpfs)/) && !($0 ~ /.*\/proc.*/)){
-				$(NF+1)=fsTypes[$mountedCol];
-				$(NF+1)=$iusedCol+$ifreeCol;
-				print $0;
-			}
-		}
-	}'
-
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand df
-    assertHaveCommand fstyp
-    CMD='df -Pk'
-	# shellcheck disable=SC2016
-    MAP_FS_TO_TYPE='{c="fstyp " $1; c | getline ft; close(c);}'
-    # shellcheck disable=SC2016
-	HEADER='Filesystem\tType\tSize\tUsed\tAvail\tUsePct\tINodes\tIUsed\tIFree\tIUsePct\tMountedOn'
-	# shellcheck disable=SC2016
-	HEADERIZE='/^Filesystem/ {print header; next}'
-	# shellcheck disable=SC2016
-    FORMAT='{size=$2; used=$3; avail=$4; usePct=$5; mountedOn=$6; $2=ft; $3=size; $4=used; $5=avail; $6=usePct; $7=mountedOn}'
-	# shellcheck disable=SC2016
-    FILTER_POST='($2 ~ /^(tmpfs)$/) {next}'
-	# shellcheck disable=SC2016
-	PRINTF='{printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand mount
-	assertHaveCommand df
-	CMD='eval mount -t nocddafs,autofs,devfs,fdesc,nfs; df -h -T nocddafs,autofs,devfs,fdesc,nfs'
-	# shellcheck disable=SC2016
-	BEGIN='BEGIN { OFS = "\t" }'
-	#Maps fsType
-	# shellcheck disable=SC2016
-	MAP_FS_TO_TYPE='/ on / {
-		for(i=1;i<=NF;i++){
-			if($i=="on" && $(i+1) ~ /^\/.*/)
-			{
-				key=$(i+1);
-			}
-			if($i ~ /^\(/)
-				value=substr($i,2,length($i)-2);
-		}
-		fsTypes[key]=value;
-	}'
-	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-	# shellcheck disable=SC2016
-	PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-			sub("%iused","IUsePct",$0);
-
-			for(i=1;i<=NF;i++){
-				if($i=="iused") iusedCol=i;
-				if($i=="ifree") ifreeCol=i;
-
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-					sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-			if($i ~ /^\/dev\/.*s[0-9]+$/){
-				sub("^/dev/", "", $i);
-				sub("s[0-9]+$", "", $i);
-			}
-			if($i ~ /^\/\S*/ && i==mountedCol){
-				$(NF+1)=fsTypes[$mountedCol];
-				$(NF+1)=$iusedCol+$ifreeCol;
-				print $0;
-			}
-		}
-	}'
-
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	assertHaveCommand mount
-	assertHaveCommand df
-	CMD='eval mount -t nodevfs,nonfs,noswap,nocd9660; df -ih -t nodevfs,nonfs,noswap,nocd9660'
-	# shellcheck disable=SC2016
-	BEGIN='BEGIN { OFS = "\t" }'
-	#Maps fsType
-	# shellcheck disable=SC2016
-	MAP_FS_TO_TYPE='/ on / {
-		for(i=1;i<=NF;i++){
-			if($i=="on" && $(i+1) ~ /^\/.*/)
-			{
-				key=$(i+1);
-			}
-			if($i ~ /^\(/)
-				value=substr($i,2,length($i)-2);
-		}
-		fsTypes[key]=value;
-	}'
-	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-	# shellcheck disable=SC2016
-	PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-			sub("%iused","IUsePct",$0);
-
-			for(i=1;i<=NF;i++){
-				if($i=="iused") iusedCol=i;
-				if($i=="ifree") ifreeCol=i;
-
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-					sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-			if($i ~ /^\/\S*/ && i==mountedCol){
-				$(NF+1)=fsTypes[$mountedCol];
-				$(NF+1)=$iusedCol+$ifreeCol;
-				print $0;
-			}
-		}
-	}'
-
-fi
-# jscpd:ignore-end
-
-$CMD | tee "$TEE_DEST" | $AWK "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df_metric.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df_metric.sh
deleted file mode 100755
index 9f0d0209..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/df_metric.sh
+++ /dev/null
@@ -1,364 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# shellcheck disable=SC2016
-FILL_DIMENSIONS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?";length(IPv6_Address) || IPv6_Address = "?"}'
-
-# jscpd:ignore-start
-if [ "$KERNEL" = "Linux" ] ; then
-    assertHaveCommand df
-    CMD='df -k --output=source,fstype,size,used,avail,pcent,itotal,iused,iavail,ipcent,target'
-    if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
-    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
-    fi
-    BEGIN='BEGIN { OFS = "\t" }'
-    FORMAT='{OSName=OSName;OS_version=OS_version;IP_address=IP_address;IPv6_Address=IPv6_Address}'
-	# shellcheck disable=SC2016
-	FILTER_POST='/(devtmpfs|tmpfs)/ {next}'
-    # shellcheck disable=SC2016
-    PRINTF='
-    function rem_pcent(val)
-    {
-        if(substr(val, length(val), 1)=="%")
-        {val=substr(val, 1, length(val)-1); return val}
-    }
-    {
-		if($0 ~ /^Filesystem.*/){
-            sub("Mounted on","MountedOn",$0);
-            $(NF+1)="OSName";
-            $(NF+1)="OS_version";
-            $(NF+1)="IP_address";
-            $(NF+1)="IPv6_Address";
-            print $0;
-		}
-
-       match($0,/^(.*[^ ]) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+%|-) +(.*)$/,a);
-
-       if (length(a) != 0)
-       { printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", a[1], a[2], a[3], a[4], a[5], rem_pcent(a[6]), a[7], a[8], a[9], rem_pcent(a[10]), a[11], OSName, OS_version, IP_address, IPv6_Address}
-
-	}'
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-    assertHaveCommandGivenPath /usr/bin/df
-    CMD_1='eval /usr/bin/df -n; /usr/bin/df -g'
-    CMD_2='/usr/bin/df -k'
-    #Filters out Inode info from df -g output -> inodes = Value just before "total files" & ifree = Value just before "free files"
-    # shellcheck disable=SC2016
-	INODE_FILTER='
-	/^\// {key=$1}
-	{
-		for(i=1;i<=NF;i++)
-		{
-			if($i == "total" && $(i+1) == "files")
-			{
-				inodes=$(i-1)
-			}
-			if($i == "free" && $(i+1) == "files")
-			{
-				ifree=$(i-1)
-			}
-		}
-	}
-	{if(NR%5==0) sub("\\(.*\\)?", "", key); print "INODE:" key, inodes, ifree}'
-	CMD="${CMD_1} | ${AWK} '${INODE_FILTER}'; ${CMD_2}"
-    # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    FILTER_PRE='/libc_psr/ {next}'
-    BEGIN='BEGIN { OFS = "\t" }'
-	#Maps fsType and inode info from the output of INODE_FILTER
-    # shellcheck disable=SC2016
-    MAP_FS_TO_TYPE='/INODE:/ {MoInodes[$1] = $2; MoIFree[$1] = $3;} /: / {
-		for(i=1;i<=NF;i++){
-			if($i ~ /^\/.*/)
-				keyCol=i;
-			else if($i ~ /[a-zA-Z0-9]/)
-				valueCol=i;
-		}
-		if($keyCol ~ /^\/.*:/)
-			fsTypes[substr($keyCol,1,length($keyCol)-1)] = $valueCol;
-		else
-			fsTypes[$keyCol]=$valueCol;
-	}'
-	#Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-    # shellcheck disable=SC2016
-    PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-			for(i=1;i<=NF;i++){
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-                    sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-			$(NF+1)="IUsed";
-			$(NF+1)="IFree";
-			$(NF+1)="IUsePct";
-            $(NF+1)="OSName";
-            $(NF+1)="OS_version";
-            $(NF+1)="IP_address";
-            $(NF+1)="IPv6_Address";
-
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-            if($i ~ /.*\%$/)
-                $i=substr($i, 1, length($i)-1);
-
-			if($i ~ /^\/\S*/ && i==mountedCol && !(fsTypes[$mountedCol]~/(devfs|ctfs|proc|mntfs|objfs|lofs|fd|tmpfs)/) && !($0 ~ /.*\/proc.*/)){
-				$(NF+1)=fsTypes[$mountedCol];
-				$(NF+1)=MoInodes["INODE:"$mountedCol];
-				$(NF+1)=MoInodes["INODE:"$mountedCol]-MoIFree["INODE:"$mountedCol];
-				$(NF+1)=MoIFree["INODE:"$mountedCol];
-                if(MoInodes["INODE:"$mountedCol]>0)
-				{
-					$(NF+1)=int(((MoInodes["INODE:"$mountedCol]-MoIFree["INODE:"$mountedCol])*100)/MoInodes["INODE:"$mountedCol]);
-				}
-				else
-				{
-					$(NF+1)="0";
-				}
-				$(NF+1)=OSName;
-                $(NF+1)=OS_version;
-                $(NF+1)=IP_address;
-                $(NF+1)=IPv6_Address;
-
-				print $0;
-			}
-		}
-	}'
-
-elif [ "$KERNEL" = "AIX" ] ; then
-    assertHaveCommandGivenPath /usr/bin/df
-	CMD='eval /usr/sysv/bin/df -n ; /usr/bin/df -kP -F %u %f %z %l %n %p %m'
-    # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-    DEFINE="-v OSName=$(uname -s) -v OSVersion=$(oslevel -r | cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    BEGIN='BEGIN { OFS = "\t" }'
-	#Maps fsType
-    # shellcheck disable=SC2016
-    MAP_FS_TO_TYPE='/: / {
-		for(i=1;i<=NF;i++){
-			if($i ~ /^\/.*/)
-				keyCol=i;
-			else if($i ~ /[a-zA-Z0-9]/)
-				valueCol=i;
-		}
-		if($keyCol ~ /^\/.*:/)
-			fsTypes[substr($keyCol,1,length($keyCol)-1)] = $valueCol;
-		else
-			fsTypes[$keyCol]=$valueCol;
-	}'
-	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-    # shellcheck disable=SC2016
-    PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-            sub("%Iused","IUsePct",$0);
-
-			for(i=1;i<=NF;i++){
-				if($i=="Iused") iusedCol=i;
-				if($i=="Ifree") ifreeCol=i;
-
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-                    sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-            $(NF+1)="OSName";
-            $(NF+1)="OS_version";
-            $(NF+1)="IP_address";
-            $(NF+1)="IPv6_Address";
-
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-            if($i ~ /.*\%$/)
-                $i=substr($i, 1, length($i)-1);
-
-			if($i ~ /^\/\S*/ && i==mountedCol && !(fsTypes[$mountedCol]~/(devfs|ctfs|proc|mntfs|objfs|lofs|fd|tmpfs)/) && !($0 ~ /.*\/proc.*/)){
-				$(NF+1)=fsTypes[$mountedCol];
-                $(NF+1)=$iusedCol+$ifreeCol;
-                $(NF+1)=OSName;
-                OS_version=OSVersion/1000;
-                $(NF+1)=OS_version;
-                $(NF+1)=IP_address;
-                $(NF+1)=IPv6_Address;
-
-                print $0;
-			}
-		}
-	}'
-
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand df
-    assertHaveCommand fstyp
-    CMD='df -Pk'
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	# shellcheck disable=SC2016
-	HEADER='Filesystem\tType\tSize\tUsed\tAvail\tUsePct\tINodes\tIUsed\tIFree\tIUsePct\tOSName\tOS_version\tIP_address\tMountedOn'
-	# shellcheck disable=SC2016
-	HEADERIZE='/^Filesystem/ {print header; next}'
-    # shellcheck disable=SC2016
-    MAP_FS_TO_TYPE='{c="fstyp " $1; c | getline ft; close(c);}'
-    # shellcheck disable=SC2016
-    FORMAT='{size=$2; used=$3; avail=$4; usePct=$5; mountedOn=$6; $2=ft; $3=size; $4=used; $5=avail; if(substr(usePct,length(usePct),1)=="%") $6=substr(usePct, 1, length(usePct)-1); else $6=usePct; $7=mountedOn; OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-    # shellcheck disable=SC2016
-    FILTER_POST='($2 ~ /^(tmpfs)$/) {next}'
-    # shellcheck disable=SC2016
-    PRINTF='{printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, OSName, OS_version, IP_address, $11}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-    assertHaveCommand mount
-    assertHaveCommand df
-    CMD='eval mount -t nocddafs,autofs,devfs,fdesc,nfs; df -k -T nocddafs,autofs,devfs,fdesc,nfs'
-    # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    # shellcheck disable=SC2016
-    BEGIN='BEGIN { OFS = "\t" }'
-	#Maps fsType
-	# shellcheck disable=SC2016
-	MAP_FS_TO_TYPE='/ on / {
-		for(i=1;i<=NF;i++){
-			if($i=="on" && $(i+1) ~ /^\/.*/)
-			{
-				key=$(i+1);
-			}
-			if($i ~ /^\(/)
-				value=substr($i,2,length($i)-2);
-		}
-		fsTypes[key]=value;
-	}'
-	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-    # shellcheck disable=SC2016
-    PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-            sub("%iused","IUsePct",$0);
-
-			for(i=1;i<=NF;i++){
-				if($i=="iused") iusedCol=i;
-				if($i=="ifree") ifreeCol=i;
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-                    sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-            $(NF+1)="OSName";
-            $(NF+1)="OS_version";
-            $(NF+1)="IP_address";
-            $(NF+1)="IPv6_Address";
-
-
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-            if($i ~ /.*\%$/)
-                $i=substr($i, 1, length($i)-1);
-
-            if($i ~ /^\/dev\/.*s[0-9]+$/){
-				sub("^/dev/", "", $i);
-				sub("s[0-9]+$", "", $i);
-			}
-
-			if($i ~ /^\/\S*/ && i==mountedCol){
-				$(NF+1)=fsTypes[$mountedCol];
-                $(NF+1)=$iusedCol+$ifreeCol;
-                $(NF+1)=OSName;
-                $(NF+1)=OS_version;
-                $(NF+1)=IP_address;
-                $(NF+1)=IPv6_Address;
-                print $0;
-			}
-		}
-	}'
-
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-    assertHaveCommand mount
-    assertHaveCommand df
-    CMD='eval mount -t nodevfs,nonfs,noswap,nocd9660; df -ik -t nodevfs,nonfs,noswap,nocd9660'
-    # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    # shellcheck disable=SC2016
-    BEGIN='BEGIN { OFS = "\t" }'
-	#Maps fsType
-	# shellcheck disable=SC2016
-	MAP_FS_TO_TYPE='/ on / {
-		for(i=1;i<=NF;i++){
-			if($i=="on" && $(i+1) ~ /^\/.*/)
-			{
-				key=$(i+1);
-			}
-			if($i ~ /^\(/)
-				value=substr($i,2,length($i)-2);
-		}
-		fsTypes[key]=value;
-	}'
-	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
-    # shellcheck disable=SC2016
-    PRINTF='
-	{
-		if($0 ~ /^Filesystem.*/){
-            sub("%iused","IUsePct",$0);
-
-			for(i=1;i<=NF;i++){
-				if($i=="iused") iusedCol=i;
-				if($i=="ifree") ifreeCol=i;
-				if($i=="Mounted" && $(i+1)=="on"){
-					mountedCol=i;
-                    sub("Mounted on","MountedOn",$0);
-				}
-			}
-			$(NF+1)="Type";
-			$(NF+1)="INodes";
-            $(NF+1)="OSName";
-            $(NF+1)="OS_version";
-            $(NF+1)="IP_address";
-            $(NF+1)="IPv6_Address";
-
-			print $0;
-		}
-	}
-	{
-		for(i=1;i<=NF;i++)
-		{
-            if($i ~ /.*\%$/)
-                $i=substr($i, 1, length($i)-1);
-
-			if($i ~ /^\/\S*/ && i==mountedCol){
-				$(NF+1)=fsTypes[$mountedCol];
-                $(NF+1)=$iusedCol+$ifreeCol;
-                $(NF+1)=OSName;
-                $(NF+1)=OS_version;
-                $(NF+1)=IP_address;
-                $(NF+1)=IPv6_Address;
-                print $0;
-			}
-		}
-	}'
-
-fi
-# jscpd:ignore-end
-
-# shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $FILL_DIMENSIONS $PRINTF" header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK $DEFINE '$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >>"$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/hardware.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/hardware.sh
deleted file mode 100755
index db40484f..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/hardware.sh
+++ /dev/null
@@ -1,225 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-# shellcheck disable=SC2016
-FORMAT='{key = $1; if (NF == 1) {value = "<notAvailable>"} else {value = $2; for (i=3; i <= NF; i++) value = value " " $i}}'
-PRINTF='{printf("%-20s  %-s\n", key, value)}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_hardware_error_tmpfile # For filtering out lshw warning from stderr
-	queryHaveCommand ip
-	FOUND_IP=$?
-	# CPUs
-	CPU_TYPE=$(awk -F: '/model name/ {print $2; exit}' /proc/cpuinfo   2>>"$TEE_DEST")
-	CPU_CACHE=$(awk -F: '/cache size/ {print $2; exit}' /proc/cpuinfo  2>>"$TEE_DEST")
-	CPU_COUNT=$(grep -c processor /proc/cpuinfo                        2>>"$TEE_DEST")
-	# HDs
-	# shellcheck disable=SC2010
-	for deviceBasename in $(ls /sys/block | grep -E -v '^(dm|md|ram|sr|loop)')
-	do
-		DEVICE="/sys/block/$deviceBasename"   HARD_DRIVES="$HARD_DRIVES $deviceBasename"
-		if [ -e "$DEVICE"/device/model ] ; then HARD_DRIVES="$HARD_DRIVES ($(sed 's/ *$//' "$DEVICE"/device/model))"; fi
-		if [ -e "$DEVICE"/size         ] ; then HARD_DRIVES="$HARD_DRIVES $((($(cat "$DEVICE"/size)*512)/(1024*1024*1024))) GB; "; fi
-	done
-	# NICs
-	# For Ubuntu version >= 20, we use cat to read the dmseg file. Otherwise we use dmesg cmd.
-	OS_FILE=/etc/os-release
-
-	if [ -f /proc/sys/kernel/dmesg_restrict ]; then
-		DMESG_RESTRICT_VALUE=$(cat "/proc/sys/kernel/dmesg_restrict" 2>/dev/null)
-	else
-		DMESG_RESTRICT_VALUE=1
-	fi
-
-	if echo "$OS_ID" | grep -qi suse; then
-		assertHaveCommandGivenPath /usr/sbin/hwinfo
-		NIC_TYPE=$(/usr/sbin/hwinfo --netcard --short | awk '{$1=""; sub(/^ */, "", $0); print $0}')
-	elif [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-		NIC_TYPE=$(cat "$DMESG_FILE" | awk '/Ethernet/ {sub("[^a-zA-Z]*Ethernet.*$", ""); sub("^[^:]*: ", ""); print; exit}')
-	elif [ $DMESG_RESTRICT_VALUE -eq 0 ] ; then
-		NIC_TYPE=$(dmesg | awk '/Ethernet/ {sub("[^a-zA-Z]*Ethernet.*$", ""); sub("^[^:]*: ", ""); print; exit}')
-	else
-		NIC_TYPE=""
-	fi
-
-	if [ -z "$NIC_TYPE" ] ; then
-        assertHaveCommand lshw
-		PARSE_1='/^\s+product: / {
-			product = $2;
-			for (i=3; i<=NF; i++) product = product " " $i
-		}
-		/^\s+vendor: / {
-			vendor = $2;
-			for (i=3; i<=NF; i++) vendor = vendor " " $i
-			printf "%s, %s\n", vendor, product;
-			exit
-		}'
-		NIC_TYPE=$(lshw -class network 2>$TMP_ERROR_FILTER_FILE | awk "$PARSE_1")
-		# shellcheck disable=SC2086
-        grep -v "you should run this program as super-user" < $TMP_ERROR_FILTER_FILE 1>&2
-        # shellcheck disable=SC2086
-        rm $TMP_ERROR_FILTER_FILE 2>/dev/null
-	fi
-	if [ $FOUND_IP -eq 0 ]; then
-		NIC_COUNT=$(ip a | awk  '!length() || $2 ~/lo/ || /^ / {next} {ct++} END {print ct}')
-	else
-		assertHaveCommand ifconfig
-		NIC_COUNT=$(ifconfig | awk '!length() || /^( |lo)/ {next} {ct++} END {print ct}')
-	fi
-	# memory
-	MEMORY_REAL=$(awk -F: '/MemTotal/ {print $2; exit}' /proc/meminfo  2>>"$TEE_DEST")
-	MEMORY_SWAP=$(awk -F: '/SwapTotal/ {print $2; exit}' /proc/meminfo 2>>"$TEE_DEST")
-elif [ "$KERNEL" = "SunOS" ] ; then
-	UNAME_PLATFORM=$(uname -i)
-	assertHaveCommand mpstat
-	assertHaveCommand iostat
-	assertHaveCommand dmesg
-	assertHaveCommandGivenPath /usr/sbin/prtconf
-	assertHaveCommandGivenPath /usr/sbin/swap
-	# CPUs and NIC count
-	if [ -x /usr/sbin/prtdiag ] ; then
-		if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then
-			# shellcheck disable=SC2016
-			CPU_TYPE=$(/usr/sbin/prtdiag | $AWK 'BEGIN {leftToSkip=-1} /Processor Sockets/ {leftToSkip=3; next} (leftToSkip>0) {leftToSkip-=1; next} (!leftToSkip) {sub("[0-9]$", "", $0); sub(" CPU socket #$", "", $0); print $0; exit}')
-		else
-			# shellcheck disable=SC2016
-			CPU_TYPE=$(/usr/sbin/prtdiag | $AWK 'BEGIN {leftToSkip=-1} /Processor Sockets/ {leftToSkip=3; next} (leftToSkip>0) {leftToSkip-=1; next} (!leftToSkip) {sub("[0-9]$", "", $0); sub(" [A-Za-z]+ ?$", "", $0); print $0; exit}')
-		fi
-		NIC_COUNT=$(/usr/sbin/prtdiag | grep -c NIC)
-	elif [ -x /usr/platform/"$UNAME_PLATFORM"/sbin/prtdiag ]; then
-		# shellcheck disable=SC2016
-		CPU_TYPE=$(/usr/platform/"$UNAME_PLATFORM"/sbin/prtdiag | $AWK 'BEGIN {leftToSkip=-1} /Processor Sockets/ {leftToSkip=3; next} (leftToSkip>0) {leftToSkip-=1; next} (!leftToSkip) {sub("[0-9]$", "", $0); sub(" [A-Za-z]+ ?$", "", $0); print $0; exit}')
-		NIC_COUNT=$(/usr/platform/"$UNAME_PLATFORM"/sbin/prtdiag | grep -c NIC)
-	else
-		echo "Not found commandGivenPath [ /usr/sbin/prtdiag or /usr/platform/$UNAME_PLATFORM/sbin/prtdiag ] on this host, quitting" >> "$TEE_DEST"
-		exit 1
-	fi
-	# shellcheck disable=SC2016
-	CPU_CACHE=$(/usr/sbin/prtconf -v | $AWK 'function hexToDecKB (hex, digitsAll, idx, curDigit, dec) {sub("^value=", "", hex); for (idx=1; idx<=length(hex); idx++) {curDigit = index("0123456789abcdef", substr(hex,idx,1)); dec=(16*dec)+curDigit-1} if (debug) printf "hexToDec:%s->%d ", hex, dec; dec /= 1024; return dec} BEGIN {L2=L1i=L1d=0} (L2) {strL2=$1; L2=0} /l2-cache-size/ {L2=1} (L1i) {strL1i=$1; L1i=0} /l1-icache-size/ {L1i=1} (L1d) {strL1d=$1; L1d=0} /l1-dcache-size/ {L1d=1} END {if (debug) printf "strL2:%s strL1i:%s strL1d:%s ", strL2, strL1i, strL1d; nL2=hexToDecKB(strL2); nL1=hexToDecKB(strL1i)+hexToDecKB(strL1d); printf "L1:%dKB L2:%dKB", nL1, nL2}' debug="$DEBUG")
-	if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
-		CPU_COUNT=$(mpstat    | grep -cv CPU)
-	else
-		CPU_COUNT=$(mpstat -q | grep -cv CPU)
-	fi
-	# # # that gives # of cores; `/usr/sbin/psrinfo -p` gives # of chips
-	# HDs
-	# shellcheck disable=SC2016
-	HARD_DRIVES=$(iostat -E | $AWK '/Soft Errors:/ {name=$1} /^Vendor:/ {info = $2 " " $4} /^Size:/ {sizeGB=0+$2; if (sizeGB>0) drives[name]=info " " $2} END {for (d in drives) printf("%s %s; ", d, drives[d])}')
-	# NICs
-	NIC_TYPE=$(dmesg | grep 'mac address' | sed -n 's/^.*] [a-z]*[0-9]*: //;s/mac address .*$//;p' | uniq)
-	# memory
-	MEMORY_REAL=$(/usr/sbin/prtconf | awk '/^Memory size:/ {print $3 " MB"; exit}')
-	# shellcheck disable=SC2016
-	MEMORY_SWAP=$(/usr/sbin/swap -s | $AWK '{used=0+$(NF-3); free=0+$(NF-1); total=(used+free)/1024; print int(total) " MB"}')
-elif [ "$KERNEL" = "AIX" ] ; then
-	assertHaveCommandGivenPath /usr/sbin/prtconf
-	assertHaveCommandGivenPath /usr/sbin/lsattr
-	assertHaveCommandGivenPath /usr/sbin/lsdev
-	assertHaveCommandGivenPath /usr/sbin/lscfg
-	assertHaveCommandGivenPath /usr/sbin/lspv
-	assertHaveCommandGivenPath /usr/sbin/lsps
-	# CPUs
-	# shellcheck disable=SC2016
-	CPU_TYPE=$(/usr/sbin/prtconf | $AWK -F: '/^Processor Type:/{type=$2} /^Processor Clock Speed:/ {clock=$2}END {printf("%s %s",type,clock)}')
-	# shellcheck disable=SC2016
-	CPU_CACHE=$(/usr/sbin/lsattr -EHl L2cache0 | $AWK '/^size/{print "L2:" $2 " KB" }')
-	CPU_COUNT=$(/usr/sbin/lsdev -Cc processor | grep -c proc)
-	# HDs
-        HDD_NAME=$(/usr/sbin/lsdev -Cc disk | awk '{print $1}')
-        HARD_DRIVES=""
-        for disk in $HDD_NAME
-        do
-		# shellcheck disable=SC2016
-		HARD_INFO=$(/usr/sbin/lscfg -vpl "$disk" | $AWK -F . '/Manufacturer/ {name = $NF } /Machine Type and Model/ {info = $(NF)} END {printf("%s %s", name, info)}')
-		ACTIVE_STATUS=$(/usr/sbin/lspv | awk -v pat="$disk" '$0~pat{print $NF}')
-		VOLUME_GROUP=$(/usr/sbin/lspv | awk -v pat="$disk" '$0~pat{print $3}')
-
-		if [ "${ACTIVE_STATUS}" != "active" ] || [ "${VOLUME_GROUP}" = "None" ]; then # lspv cannot get disk-size as disk is inactive or not in any volume group
-			HARD_MB=$(getconf DISK_SIZE /dev/"$disk")" MB"
-		else
-			HARD_MB=$(/usr/sbin/lspv -L "$disk" | awk -F \( '{print $2}'| awk '/VG DESCRIPTORS/{print $1" MB"}')
-		fi
-                HARD_DRIVES="$HARD_DRIVES$disk $HARD_INFO $HARD_MB; "
-        done
-	# NICs
-	NIC_TYPE=$(/usr/sbin/lsdev -Cc adapter | grep ent | awk -F"    " '{print $1" "$3"; "}')
-	NIC_COUNT=$(/usr/sbin/lsdev -Cc adapter | grep -c ent)
-	# memory
-	# shellcheck disable=SC2016
-	MEMORY_REAL=$(/usr/sbin/lsattr -EHl mem0 | $AWK '/^size/ {print $2 " MB"}')
-	# shellcheck disable=SC2016
-	MEMORY_SWAP=$(/usr/sbin/lsps -s | $AWK -F MB '/MB/ {print $1" MB"}')
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand sysctl
-	assertHaveCommand df
-	assertHaveCommand system_profiler
-	assertHaveCommand ifconfig
-	# CPUs
-	CPU_TYPE=$(sysctl machdep.cpu.brand_string | sed -E 's/^.*: //;s/[ ]+/ /g')
-	CPU_CACHE=$(sysctl hw.cachesize | awk '{L1=$3/1024; L2=$4/(1024*1024); printf "L1:%d KB; L2:%d MB", L1, L2}')
-	CPU_COUNT=$(sysctl hw.ncpu | sed 's/^.*: //')
-	# HDs
-	HARD_DRIVES=$(df -h | awk '/^\/dev/ {sub("^.*\134/", "", $1); drives[$1] = $2} END {for(d in drives) printf("%s: %s; ", d, drives[d])}')
-	# NICs
-	NIC_TYPE=$(system_profiler SPNetworkDataType | awk '/Media Subtype:/ {print $3; exit}')
-	NIC_COUNT=$(ifconfig | grep -c 'supported media:.*baseT')
-	# memory
-	MEMORY_REAL=$(sysctl hw.memsize | awk '{print $2/(1024*1024) " MB"}')
-	MEMORY_SWAP=$(sysctl vm.swapusage | awk '{print 0+$4 " MB"}')
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand ioscan
-    assertHaveCommand iostat
-    assertHaveCommand lanscan
-    assertHaveCommand machinfo
-    assertHaveCommand swapinfo
-    OUTPUT=$(machinfo)
-    CPU_TYPE=$(echo "$OUTPUT" | awk '/processor family/ { for(i=4; i<=NF; i++) printf("%s ", $i); exit}')
-    CPU_CACHE=$(echo "$OUTPUT" | awk '/L[123]/ {cache+=$5} END {print cache " KB"}')
-    CPU_COUNT=$(echo "$OUTPUT" | awk '/CPUs/ {print $5; exit}')
-    HARD_DRIVES=$(iostat 2 1 | wc -l)
-	# shellcheck disable=SC2307,2003
-    HARD_DRIVES=$(expr "$HARD_DRIVES"-4)
-    NIC_COUNT=$(lanscan -i | wc -l)
-    NIC_TYPE=$(ioscan -u | grep lan | awk 'NF>2 {for(i=3; i<=NF; i++) printf("%s", $i); exit}')
-    OUTPUT=$(swapinfo -tm)
-    MEMORY_REAL=$(echo "$OUTPUT" | awk '$1=="memory" {print $2 " MB"; exit}')
-    MEMORY_SWAP=$(echo "$OUTPUT" | awk '$1=="dev" {print $2 " MB"; exit}')
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	assertHaveCommand sysctl
-	assertHaveCommand df
-	assertHaveCommand ifconfig
-	assertHaveCommand dmesg
-	assertHaveCommand top
-	# CPUs
-	CPU_TYPE=$(sysctl hw.model | sed 's/^.*: //')
-	CPU_CACHE=
-	CPU_COUNT=$(sysctl hw.ncpu | sed 's/^.*: //')
-	# HDs
-	HARD_DRIVES=$(df -h | awk '/^\/dev/ {sub("^.*\134/", "", $1); drives[$1] = $2} END {for(d in drives) printf("%s: %s; ", d, drives[d])}')
-	# NICs
-	IFACE_NAME=$(ifconfig -a | awk '!/^[a-z]/ {next} /LOOPBACK/ {next} {print $1}' | head -1)
-	NIC_TYPE=$(dmesg | awk '(index($0, iface) && index($0, " port ")) {sub("^.*<", ""); sub(">.*$", ""); print $0}' iface="$IFACE_NAME" | head -1)
-	NIC_COUNT=$(ifconfig -a | grep -c media)
-	# memory
-	MEMORY_REAL=$(sysctl hw.physmem | awk '{print $2/(1024*1024) "MB"}')
-	MEMORY_SWAP=$(top -Sb 0 | awk '/^Swap: / {print $2 "B"}')
-fi
-
-formatAndPrint ()
-{
-	# shellcheck disable=SC2086
-	echo $1 | awk "$FORMAT $PRINTF"
-}
-
-formatAndPrint "KEY           VALUE"
-formatAndPrint "CPU_TYPE      $CPU_TYPE"
-formatAndPrint "CPU_CACHE     $CPU_CACHE"
-formatAndPrint "CPU_COUNT     $CPU_COUNT"
-formatAndPrint "HARD_DRIVES   $HARD_DRIVES"
-formatAndPrint "NIC_TYPE      $NIC_TYPE"
-formatAndPrint "NIC_COUNT     $NIC_COUNT"
-formatAndPrint "MEMORY_REAL   $MEMORY_REAL"
-formatAndPrint "MEMORY_SWAP   $MEMORY_SWAP"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces.sh
deleted file mode 100755
index 50a7a0c2..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces.sh
+++ /dev/null
@@ -1,528 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# jscpd:ignore-start
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         TXbytes          TXerrors         Speed        Duplex'
-FORMAT='{mac = length(mac) ? mac : "?"; collisions = length(collisions) ? collisions : "?"; RXbytes = length(RXbytes) ? RXbytes : "?"; RXerrors = length(RXerrors) ? RXerrors : "?"; TXbytes = length(TXbytes) ? TXbytes : "?"; TXerrors = length(TXerrors) ? TXerrors : "?"; speed = length(speed) ? speed : "?"; duplex = length(duplex) ? duplex : "?"}'
-PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	OS_FILE=/etc/os-release
-
-	HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         RXdropped          TXbytes          TXerrors         TXdropped          Speed        Duplex'
-	PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-18s %-16s %-16s %-18s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, RXdropped, TXbytes, TXerrors, TXdropped, speed, duplex}'
-	queryHaveCommand ip
-	FOUND_IP=$?
-	if [ $FOUND_IP -eq 0 ]; then
-		CMD_LIST_INTERFACES="eval ip -s a | tee $TEE_DEST|grep 'state UP' | grep mtu | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f2 | tee -a $TEE_DEST | cut -d '@' -f 1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-		# shellcheck disable=SC2016
-		CMD='eval ip addr show $iface; ip -s link show'
-		# shellcheck disable=SC2016
-		GET_IPv4='{if ($0 ~ /inet /) {split($2, a, " "); IPv4 = a[1]}}'
-		# shellcheck disable=SC2016
-		GET_IPv6='{if ($0 ~ /inet6 /) { IPv6 = $2 }}'
-		# shellcheck disable=SC2016
-		GET_TXbytes='{
-			if($0 ~ /TX: /){
-				tx_row_count=NR+1;
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						TX_bytes_column=i;
-					}
-					else if($i=="errors"){
-						TX_errors_column=i;
-					}
-					else if($i=="dropped"){
-						TX_dropped_column=i;
-					}
-					else if($i=="collsns"){
-						TX_collsns_column=i;
-					}
-				}
-				next;
-			}
-			if(NR==tx_row_count){
-				(TX_bytes_column == "") ? TXbytes = 0  : TXbytes = $(TX_bytes_column - 1);
-				(TX_errors_column == "") ? TXerrors = "<n/a>"  : TXerrors = $(TX_errors_column - 1);
-				(TX_dropped_column == "") ? TXdropped = "<n/a>"  : TXdropped = $(TX_dropped_column - 1);
-				(TX_collsns_column == "") ? collisions = 0  : collisions = $(TX_collsns_column - 1);
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_RXbytes='{
-			if($0 ~ /RX: /){
-				rx_row_count=NR+1;
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						RX_bytes_column=i;
-					}
-					else if($i=="errors"){
-						RX_errors_column=i;
-					}
-					else if($i=="dropped"){
-						RX_dropped_column=i;
-					}
-				}next;
-			}
-			if(NR==rx_row_count){
-				(RX_bytes_column == "") ? RXbytes = 0  : RXbytes = $(RX_bytes_column - 1);
-				(RX_errors_column == "") ? RXerrors = "<n/a>"  : RXerrors = $(RX_errors_column - 1);
-				(RX_dropped_column == "") ? RXdropped = "<n/a>"  : RXdropped = $(RX_dropped_column - 1);
-			}
-		}'
-	else
-		assertHaveCommand ifconfig
-		# shellcheck disable=SC2089
-		CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'Link encap:\|mtu' | grep -Ev lo | tee -a $TEE_DEST | cut -d' ' -f1 | cut -d':' -f1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-		CMD='ifconfig'
-		# shellcheck disable=SC2016
-		GET_IPv4='{if ($0 ~ /inet addr:/) {split($2, a, ":"); IPv4 = a[2]} else if ($0 ~ /inet /) {IPv4 = $2}}'
-		# shellcheck disable=SC2016
-		GET_IPv6='{if ($0 ~ /inet6 addr:/) { IPv6 = $3 } else if ($0 ~ /inet6 /) { IPv6 = $2 }}'
-		# shellcheck disable=SC2016
-		GET_COLLISIONS='{
-			if ($0 ~ /collisions:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /collisions:/){
-						collisions_col_no = i;
-						break;
-					}
-				}
-				if(collisions_col_no==""){
-					collisions=0;
-				}
-				else
-					split($collisions_col_no, a, ":");
-					collisions=a[2];
-			}
-			else if($0 ~ /collisions /){
-				for(i=1;i<=NF;i++){
-					if($i=="collisions"){
-						collisions_column=i+1;
-					}
-				}
-				(collisions_column != "") ? collisions = $collisions_column : collisions = 0;
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_RXbytes='{
-			if ($0 ~ /RX bytes:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /bytes:/){
-						rxbytes_col_no = i;
-						break;
-					}
-				}
-				if(rxbytes_col_no==""){
-					RXbytes=0;
-				}
-				else
-					split($rxbytes_col_no, a, ":");
-					RXbytes=a[2];
-			}
-			else if($0 ~ /RX/ && $0 ~ /bytes/){
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						RXbytes_column=i+1;
-						row = NR;
-					}
-				}
-				if(NR == row){
-					if(RXbytes_column != ""){
-						RXbytes = $RXbytes_column;
-					}
-					else
-						RXbytes = 0;
-				}
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_RXerrors='{
-			if ($0 ~ /RX packets:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /errors:/){
-						rxerrors_col_no = i;
-					}
-					else if($i  ~ /dropped:/){
-						rxdropped_col_no = i;
-					}
-				}
-				if(rxerrors_col_no != ""){
-					split($rxerrors_col_no, a, ":");
-					RXerrors=a[2];
-				}
-				else
-					RXerrors="<n/a>";
-				if(rxdropped_col_no != ""){
-					split($rxdropped_col_no, b, ":");
-					RXdropped=b[2];
-				}
-				else
-					RXdropped="<n/a>";
-			}
-			else if($0 ~ /RX/ && ($0 ~ /errors/)){
-				for(i=1;i<=NF;i++){
-					if($i=="errors"){
-						RXerrors_column=i+1;
-					}
-					if($i=="dropped"){
-						RXdropped_column=i+1;
-					}
-				}
-				(RXerrors_column != "") ? RXerrors=$RXerrors_column : RXerrors = "<n/a>";
-				(RXdropped_column != "") ? RXdropped = $RXdropped_column : RXdropped = "<n/a>";
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_TXbytes='{
-			if ($0 ~ /TX bytes:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /bytes:/){
-						txbytes_col_no = i;
-					}
-				}
-				if(txbytes_col_no==""){
-					TXbytes=0;
-				}
-				else
-					split($txbytes_col_no, a, ":");
-					TXbytes=a[2];
-			}
-			else if($0 ~ /TX/ && $0 ~ /bytes/){
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						TXbytes_column=i+1;
-						row = NR;
-					}
-				}
-				if(NR == row){
-					if(TXbytes_column != ""){
-						TXbytes = $TXbytes_column;
-					}
-					else
-						TXbytes = 0;
-				}
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_TXerrors='{
-			if ($0 ~ /TX packets:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /errors:/){
-						txerrors_col_no = i;
-					}
-					if($i  ~ /dropped:/){
-						txdropped_col_no = i;
-					}
-				}
-				if(txerrors_col_no != ""){
-					split($txerrors_col_no, a, ":");
-					TXerrors=a[2];
-				}
-				else
-					TXerrors="<n/a>";
-				if(txdropped_col_no != ""){
-					split($txdropped_col_no, b, ":");
-					TXdropped=b[2];
-				}
-				else
-					TXdropped="<n/a>";
-			}
-			else if($0 ~ /TX/ && $0 ~ /errors/){
-				for(i=1;i<=NF;i++){
-					if($i=="errors"){
-						TXerrors_column=i+1;
-					}
-					if($i=="dropped"){
-						TXdropped_column=i+1;
-					}
-				}
-				(TXerrors_column != "") ? TXerrors = $TXerrors_column : TXerrors = "<n/a>";
-				(TXdropped_column != "") ? TXdropped = $TXdropped_column : TXdropped = "<n/a>";
-			}
-		}'
-	fi
-	GET_ALL="$GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
-	FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(TXdropped) || TXdropped = "<n/a>";length(RXdropped) || RXdropped = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
-	BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'
-	# shellcheck disable=SC2090
-	out=$($CMD_LIST_INTERFACES)
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		if [ -r /sys/class/net/"$iface"/duplex ]; then
-			DUPLEX=$(cat /sys/class/net/"$iface"/duplex 2>/dev/null || echo 'error')
-			if [ "$DUPLEX" != 'error' ]; then
-				DUPLEX=$(echo "$DUPLEX" | sed 's/./\u&/')
-				if [ -r /sys/class/net/"$iface"/speed ]; then
-					SPEED=$(cat /sys/class/net/"$iface"/speed 2>/dev/null || echo 'error')
-					[ -n "$SPEED" ] && [ "$SPEED" != 'error' ] && SPEED="${SPEED}Mb/s"
-				else
-					# For SLES, making use of ethtool as dmesg requires root privilege.
-					if echo "$OS_ID" | grep -qi suse; then
-						assertHaveCommandGivenPath /usr/sbin/ethtool
-						SPEED=$(/usr/sbin/ethtool $iface 2>/dev/null | awk '/Speed: +[0-9]+Mb\/s/ {print gensub(/[[:space:]]*Speed: +/, "", 1)}')
-					# For Ubuntu version >= 20, we use cat to read the dmseg file. Otherwise we use dmesg cmd.
-					elif [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-						SPEED=$(cat "$DMESG_FILE"*  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-					else
-						assertHaveCommand dmesg
-						SPEED=$(dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-					fi
-				fi
-			else
-				DUPLEX=""
-			fi
-		fi
-		if [ "$DUPLEX" = "" ] || [ "$SPEED" = "" ] ; then
-			if echo "$OS_ID" | grep -qi suse; then
-				assertHaveCommandGivenPath /usr/sbin/ethtool
-				if [ "$DUPLEX" = "" ] ; then
-					DUPLEX=$(/usr/sbin/ethtool $iface 2>/dev/null | awk '/Duplex: +[A-Za-z]+/ {print gensub(/[[:space:]]*Duplex: +/, "", 1)}')
-				fi
-				if [ "$SPEED" = "" ] ; then
-					SPEED=$(/usr/sbin/ethtool $iface 2>/dev/null | awk '/Speed: +[0-9]+Mb\/s/ {print gensub(/[[:space:]]*Speed: +/, "", 1)}')
-				fi
-			else
-				assertHaveCommand dmesg
-				# Get Duplex only if still null
-				if [ "$DUPLEX" = "" ] ; then
-					# For Ubuntu version >= 20, we use cat to read the dmseg file. Otherwise we use dmesg cmd.
-					if [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-						DUPLEX=$(cat "$DMESG_FILE"* | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([-_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d')
-					else
-						DUPLEX=$(dmesg | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([-_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d')
-					fi
-				fi
-				# Get Speed only if still null
-				if [ "$SPEED" = "" ] ; then
-					# For Ubuntu version >= 20, we use cat to read the dmseg file. Otherwise we use dmesg cmd.
-					if [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-						SPEED=$(cat "$DMESG_FILE"*  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-					else
-						SPEED=$(dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-					fi
-				fi
-			fi
-		fi
-		if [ $FOUND_IP -eq 0 ]; then
-			# shellcheck disable=SC2016
-			GET_MAC='{if ($0 ~ /ether /) { mac = $2 }}'
-		elif [ -r /sys/class/net/"$iface"/address ]; then
-			MAC=$(cat /sys/class/net/"$iface"/address)
-		else
-			# shellcheck disable=SC2016
-			GET_MAC='{if ($0 ~ /ether /) { mac = $2; } else if ( NR == 1 ) { mac = $5; }}'
-		fi
-		if [ "$DUPLEX" != 'error' ] && [ "$SPEED" != 'error' ]; then
-			$CMD "$iface" | tee -a "$TEE_DEST" | awk "$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF" name="$iface" speed="$SPEED" duplex="$DUPLEX" mac="$MAC"
-	 		echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX mac=$MAC" >> "$TEE_DEST"
-		else
-			echo "ERROR: cat command failed for interface $iface" >> "$TEE_DEST"
-		fi
-	done
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-	assertHaveCommandGivenPath /usr/sbin/ifconfig
-	assertHaveCommand kstat
-	# shellcheck disable=SC2089
-	CMD_LIST_INTERFACES="eval /usr/sbin/ifconfig -au | tee $TEE_DEST | egrep -v 'LOOPBACK|netmask' | tee -a $TEE_DEST | grep flags | cut -d':' -f1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-	# shellcheck disable=SC2016
-	GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX='($1=="collisions") {collisions=$2} ($1=="duplex" || $1=="link_duplex") {duplex=$2} ($1=="rbytes") {RXbytes=$2} ($1=="obytes") {TXbytes=$2} ($1=="ierrors") {RXerrors=$2} ($1=="oerrors") {TXerrors=$2} ($1=="ifspeed") {speed=$2; speed/=1000000; speed=speed "Mb/s"}'
-	# shellcheck disable=SC2016
-	GET_IP='/ netmask / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
-	# shellcheck disable=SC2016
-    GET_MAC='{if ($1 == "ether") {split($2, submac, ":"); mac=sprintf("%02s:%02s:%02s:%02s:%02s:%02s", submac[1], submac[2], submac[3], submac[4], submac[5], submac[6])}}'
-	FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX $GET_IP $GET_MAC $FILL_BLANKS"
-	# shellcheck disable=SC2090
-	out=$($CMD_LIST_INTERFACES)
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES]" >> "$TEE_DEST"
-		NODE=$(uname -n)
-		# shellcheck disable=SC2050
-		if [ SOLARIS_8 = false ] && [ SOLARIS_9 = false ] ; then
-			CMD_DESCRIBE_INTERFACE="eval kstat -c net -n $iface ; /usr/sbin/ifconfig $iface 2>/dev/null"
-		else
-			CMD_DESCRIBE_INTERFACE="eval kstat -n $iface ; /usr/sbin/ifconfig $iface 2>/dev/null"
-		fi
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
-	done
-elif [ "$KERNEL" = "AIX" ] ; then
-	assertHaveCommandGivenPath /usr/sbin/ifconfig
-	assertHaveCommandGivenPath /usr/bin/netstat
-	# shellcheck disable=SC2089
-	CMD_LIST_INTERFACES="eval /usr/sbin/ifconfig -au | tee $TEE_DEST | egrep -v 'LOOPBACK|netmask|inet6|tcp_sendspace' | tee -a $TEE_DEST | grep flags | cut -d':' -f1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-	# shellcheck disable=SC2016
-	GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX_ERRORS='($1=="Single"){collisions_s=$4} ($1=="Multiple"){collisions=collisions_s+$4} ($1=="Bytes:") {RXbytes=$4 ; TXbytes=$2} ($1=="Media" && $3=="Running:") {speed=$4"Mb/s" ; duplex=$6} ($1="Transmit" && $2="Errors:") {TXerrors=$3 ; RXerrors=$6}'
-	# shellcheck disable=SC2016
-	GET_IP='/ netmask / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
-	# shellcheck disable=SC2016
-	GET_MAC='/^Hardware Address:/{mac=$3}'
-	FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX_ERRORS $GET_IP $GET_MAC $FILL_BLANKS"
-	# shellcheck disable=SC2090
-	out=$($CMD_LIST_INTERFACES)
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES]" >> "$TEE_DEST"
-		NODE=$(uname -n)
-		CMD_DESCRIBE_INTERFACE="eval netstat -v $iface ; /usr/sbin/ifconfig $iface"
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
-	done
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand ifconfig
-	assertHaveCommand netstat
-
-	CMD_LIST_INTERFACES='ifconfig -u'
-	# shellcheck disable=SC2016
-	CHOOSE_ACTIVE='/^[a-z0-9]+: / {sub(":", "", $1); iface=$1} /status: active/ {print iface}'
-	# shellcheck disable=SC2016
-	UNIQUE='sort -u'
-	# shellcheck disable=SC2016
-	GET_MAC='{$1 == "ether" && mac = $2}'
-	# shellcheck disable=SC2016
-	GET_IPv4='{$1 == "inet" && IPv4 = $2}'
-	# shellcheck disable=SC2016
-	GET_IPv6='{if ($1 == "inet6") {sub("%.*$", "", $2);IPv6 = $2}}'
-	# shellcheck disable=SC2016
-	GET_SPEED_DUPLEX='{if ($1 == "media:") {gsub("[^0-9]", "", $3); speed=$3 "Mb/s"; sub("-duplex.*", "", $4); sub("<", "", $4); duplex=$4}}'
-	# shellcheck disable=SC2016
-	GET_RXbytes_TXbytes_COLLISIONS_ERRORS='{
-        if ($0 ~ /Name/)
-        {
-            for (i=1; i<=NF; i++)
-            {
-                if ($i == "Address") {address_column = i;}
-                else if ($i == "Ibytes") {ibytes_column = i;}
-                else if ($i == "Ierrs") {ierrs_column = i;}
-                else if ($i == "Obytes") {obytes_column = i;}
-                else if ($i == "Oerrs") {oerrs_column = i;}
-                else if ($i == "Coll") {coll_column = i;}
-            }
-            flag = 1;
-        }
-
-        if(flag == 1){
-            if ($address_column == mac)
-            {
-				(ibytes_column == "") ? RXbytes = "<n/a>"  : RXbytes = $(ibytes_column);
-				(ierrs_column == "") ? RXerrors = "<n/a>"  : RXerrors = $(ierrs_column);
-				(obytes_column == "") ? TXbytes = "<n/a>"  : TXbytes = $(obytes_column);
-				(oerrs_column == "") ? TXerrors = "<n/a>"  : TXerrors = $(oerrs_column);
-				(coll_column == "") ? collisions = "<n/a>"  : collisions = $(coll_column);
-            }
-        }
-    }'
-	FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_SPEED_DUPLEX $GET_RXbytes_TXbytes_COLLISIONS_ERRORS $FILL_BLANKS"
-	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
-		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk "$GET_ALL $PRINTF" name="$iface"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
-	done
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand ifconfig
-    assertHaveCommand lanadmin
-    assertHaveCommand lanscan
-    assertHaveCommand netstat
-
-    CMD='lanscan'
-	# shellcheck disable=SC2016
-    LANSCAN_AWK='/^Hardware/ {next} /^Path/ {next} {mac=$2; ifnum=$3; ifstate=$4; name=$5; type=$8}'
-	# shellcheck disable=SC2016
-    GET_IP4='{c="netstat -niwf inet | grep "name; c | getline; close(c); if (NF==10) {next} mtu=$2; IPv4=$4; RXbytes=$5; RXerrors=$6; TXbytes=$7; TXerrors=$8; collisions=$9}'
-	# shellcheck disable=SC2016
-    GET_IP6='{c="netstat -niwf inet6 | grep "name" "; c| getline; close(c); IPv6=$3}'
-	# shellcheck disable=SC2016
-    GET_SPEED_DUPLEX='{c="lanadmin -x "ifnum ; c | getline; close(c); if (NF==4) speed=$3"Mb/s"; sub("\-.*", "", $4); duplex=tolower($4)}'
-    PRINTF='{printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex}'
-    FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	out=$($CMD | awk "$LANSCAN_AWK $GET_IP4 $GET_IP6 $GET_SPEED_DUPLEX $PRINTF $FILL_BLANKS")
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-		echo "$out"
-	fi
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	assertHaveCommand ifconfig
-	assertHaveCommand netstat
-
-	CMD_LIST_INTERFACES='ifconfig -a'
-	# shellcheck disable=SC2016
-	CHOOSE_ACTIVE='/LOOPBACK/ {next} !/RUNNING/ {next} /^[a-z0-9]+: / {sub(":$", "", $1); print $1}'
-	UNIQUE='sort -u'
-	# shellcheck disable=SC2016
-	GET_MAC='{$1 == "ether" && mac = $2}'
-	# shellcheck disable=SC2016
-	GET_IP='/ netmask / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
-	# shellcheck disable=SC2016
-	GET_SPEED_DUPLEX='/media: / {sub("\134(", "", $4); speed=$4; sub("-duplex.*", "", $5); sub("<", "", $5); duplex=$5}'
-	# shellcheck disable=SC2016
-	GET_RXbytes_TXbytes_COLLISIONS_ERRORS='{
-        if ($0 ~ /Name/)
-        {
-            for (i=1; i<=NF; i++)
-            {
-                if ($i == "Address") {address_column = i;}
-                else if ($i == "Ibytes") {ibytes_column = i;}
-                else if ($i == "Ierrs") {ierrs_column = i;}
-                else if ($i == "Obytes") {obytes_column = i;}
-                else if ($i == "Oerrs") {oerrs_column = i;}
-                else if ($i == "Coll") {coll_column = i;}
-            }
-            flag = 1;
-        }
-
-        if(flag == 1){
-            if ($address_column == mac)
-            {
-				(ibytes_column == "") ? RXbytes = "<n/a>"  : RXbytes = $(ibytes_column);
-				(ierrs_column == "") ? RXerrors = "<n/a>"  : RXerrors = $(ierrs_column);
-				(obytes_column == "") ? TXbytes = "<n/a>"  : TXbytes = $(obytes_column);
-				(oerrs_column == "") ? TXerrors = "<n/a>"  : TXerrors = $(oerrs_column);
-				(coll_column == "") ? collisions = "<n/a>"  : collisions = $(coll_column);
-            }
-        }
-    }'
-	FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_MAC $GET_IP $GET_SPEED_DUPLEX $GET_RXbytes_TXbytes_COLLISIONS_ERRORS $FILL_BLANKS"
-	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
-		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk "$GET_ALL $PRINTF" name="$iface"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
-	done
-fi
-# jscpd:ignore-end
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces_metric.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces_metric.sh
deleted file mode 100755
index 52c799bf..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/interfaces_metric.sh
+++ /dev/null
@@ -1,547 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# jscpd:ignore-start
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         TXbytes          TXerrors         Speed        Duplex          OSName                                   OS_version  IP_address       IPv6_Address'
-FORMAT='{mac = length(mac) ? mac : "?"; collisions = length(collisions) ? collisions : "?"; RXbytes = length(RXbytes) ? RXbytes : "?"; RXerrors = length(RXerrors) ? RXerrors : "?"; TXbytes = length(TXbytes) ? TXbytes : "?"; TXerrors = length(TXerrors) ? TXerrors : "?"; speed = length(speed) ? speed : "?"; duplex = length(duplex) ? duplex : "?"}'
-PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s    %-35s %15s  %-16s %-42s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex, OSName, OS_version, IP_address, IPv6_Address}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	OS_FILE=/etc/os-release
-
-	HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         RXdropped          TXbytes          TXerrors         TXdropped          Speed        Duplex          OSName                                   OS_version  IP_address       IPv6_Address'
-	PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-18s %-16s %-16s %-18s %-12s %-12s    %-35s %15s  %-16s %-42s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, RXdropped, TXbytes, TXerrors, TXdropped, speed, duplex, OSName, OS_version, IP_address, IPv6_Address}'
-	queryHaveCommand ip
-	FOUND_IP=$?
-	if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
-    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
-    fi
-	if [ $FOUND_IP -eq 0 ]; then
-		CMD_LIST_INTERFACES="eval ip -s a | tee $TEE_DEST|grep 'state UP' | grep mtu | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f2 | tee -a $TEE_DEST | cut -d '@' -f 1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-		# shellcheck disable=SC2016
-		CMD='eval ip addr show $iface; ip -s link show'
-		# shellcheck disable=SC2016
-		GET_IPv4='{if ($0 ~ /inet /) {split($2, a, " "); IPv4 = a[1]}}'
-		# shellcheck disable=SC2016
-		GET_IPv6='{if ($0 ~ /inet6 /) { IPv6 = $2 }}'
-		# shellcheck disable=SC2016
-		GET_TXbytes='{
-			if($0 ~ /TX: /){
-				tx_row_count=NR+1;
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						TX_bytes_column=i;
-					}
-					else if($i=="errors"){
-						TX_errors_column=i;
-					}
-					else if($i=="dropped"){
-						TX_dropped_column=i;
-					}
-					else if($i=="collsns"){
-						TX_collsns_column=i;
-					}
-				}
-				next;
-			}
-			if(NR==tx_row_count){
-				(TX_bytes_column == "") ? TXbytes = 0  : TXbytes = $(TX_bytes_column - 1);
-				(TX_errors_column == "") ? TXerrors = "<n/a>"  : TXerrors = $(TX_errors_column - 1);
-				(TX_dropped_column == "") ? TXdropped = "<n/a>"  : TXdropped = $(TX_dropped_column - 1);
-				(TX_collsns_column == "") ? collisions = 0  : collisions = $(TX_collsns_column - 1);
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_RXbytes='{
-			if($0 ~ /RX: /){
-				rx_row_count=NR+1;
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						RX_bytes_column=i;
-					}
-					else if($i=="errors"){
-						RX_errors_column=i;
-					}
-					else if($i=="dropped"){
-						RX_dropped_column=i;
-					}
-				}next;
-			}
-			if(NR==rx_row_count){
-				(RX_bytes_column == "") ? RXbytes = 0  : RXbytes = $(RX_bytes_column - 1);
-				(RX_errors_column == "") ? RXerrors = "<n/a>"  : RXerrors = $(RX_errors_column - 1);
-				(RX_dropped_column == "") ? RXdropped = "<n/a>"  : RXdropped = $(RX_dropped_column - 1);
-			}
-		}'
-	else
-		assertHaveCommand ifconfig
-		# shellcheck disable=SC2089
-		CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'Link encap:\|mtu' | grep -Ev lo | tee -a $TEE_DEST | cut -d' ' -f1 | cut -d':' -f1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-		CMD='ifconfig'
-		# shellcheck disable=SC2016
-		GET_IPv4='{if ($0 ~ /inet addr:/) {split($2, a, ":"); IPv4 = a[2]} else if ($0 ~ /inet /) {IPv4 = $2}}'
-		# shellcheck disable=SC2016
-		GET_IPv6='{if ($0 ~ /inet6 addr:/) { IPv6 = $3 } else if ($0 ~ /inet6 /) { IPv6 = $2 }}'
-		# shellcheck disable=SC2016
-		GET_COLLISIONS='{
-			if ($0 ~ /collisions:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /collisions:/){
-						collisions_col_no = i;
-						break;
-					}
-				}
-				if(collisions_col_no==""){
-					collisions=0;
-				}
-				else
-					split($collisions_col_no, a, ":");
-					collisions=a[2];
-			}
-			else if($0 ~ /collisions /){
-				for(i=1;i<=NF;i++){
-					if($i=="collisions"){
-						collisions_column=i+1;
-					}
-				}
-				(collisions_column != "") ? collisions = $collisions_column : collisions = 0;
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_RXbytes='{
-			if ($0 ~ /RX bytes:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /bytes:/){
-						rxbytes_col_no = i;
-						break;
-					}
-				}
-				if(rxbytes_col_no==""){
-					RXbytes=0;
-				}
-				else
-					split($rxbytes_col_no, a, ":");
-					RXbytes=a[2];
-			}
-			else if($0 ~ /RX/ && $0 ~ /bytes/){
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						RXbytes_column=i+1;
-						row = NR;
-					}
-				}
-				if(NR == row){
-					if(RXbytes_column != ""){
-						RXbytes = $RXbytes_column;
-					}
-					else
-						RXbytes = 0;
-				}
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_RXerrors='{
-			if ($0 ~ /RX packets:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /errors:/){
-						rxerrors_col_no = i;
-					}
-					else if($i  ~ /dropped:/){
-						rxdropped_col_no = i;
-					}
-				}
-				if(rxerrors_col_no != ""){
-					split($rxerrors_col_no, a, ":");
-					RXerrors=a[2];
-				}
-				else
-					RXerrors="<n/a>";
-				if(rxdropped_col_no != ""){
-					split($rxdropped_col_no, b, ":");
-					RXdropped=b[2];
-				}
-				else
-					RXdropped="<n/a>";
-			}
-			else if($0 ~ /RX/ && ($0 ~ /errors/)){
-				for(i=1;i<=NF;i++){
-					if($i=="errors"){
-						RXerrors_column=i+1;
-					}
-					if($i=="dropped"){
-						RXdropped_column=i+1;
-					}
-				}
-				(RXerrors_column != "") ? RXerrors=$RXerrors_column : RXerrors = "<n/a>";
-				(RXdropped_column != "") ? RXdropped = $RXdropped_column : RXdropped = "<n/a>";
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_TXbytes='{
-			if ($0 ~ /TX bytes:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /bytes:/){
-						txbytes_col_no = i;
-					}
-				}
-				if(txbytes_col_no==""){
-					TXbytes=0;
-				}
-				else
-					split($txbytes_col_no, a, ":");
-					TXbytes=a[2];
-			}
-			else if($0 ~ /TX/ && $0 ~ /bytes/){
-				for(i=1;i<=NF;i++){
-					if($i=="bytes"){
-						TXbytes_column=i+1;
-						row = NR;
-					}
-				}
-				if(NR == row){
-					if(TXbytes_column != ""){
-						TXbytes = $TXbytes_column;
-					}
-					else
-						TXbytes = 0;
-				}
-			}
-		}'
-		# shellcheck disable=SC2016
-		GET_TXerrors='{
-			if ($0 ~ /TX packets:/){
-				for(i=1;i<=NF;i++){
-					if($i  ~ /errors:/){
-						txerrors_col_no = i;
-					}
-					if($i  ~ /dropped:/){
-						txdropped_col_no = i;
-					}
-				}
-				if(txerrors_col_no != ""){
-					split($txerrors_col_no, a, ":");
-					TXerrors=a[2];
-				}
-				else
-					TXerrors="<n/a>";
-				if(txdropped_col_no != ""){
-					split($txdropped_col_no, b, ":");
-					TXdropped=b[2];
-				}
-				else
-					TXdropped="<n/a>";
-			}
-			else if($0 ~ /TX/ && $0 ~ /errors/){
-				for(i=1;i<=NF;i++){
-					if($i=="errors"){
-						TXerrors_column=i+1;
-					}
-					if($i=="dropped"){
-						TXdropped_column=i+1;
-					}
-				}
-				(TXerrors_column != "") ? TXerrors = $TXerrors_column : TXerrors = "<n/a>";
-				(TXdropped_column != "") ? TXdropped = $TXdropped_column : TXdropped = "<n/a>";
-			}
-		}'
-	fi
-	GET_ALL="$GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
-	FILL_BLANKS='{length(TXdropped) || TXdropped = "<n/a>";length(RXdropped) || RXdropped = "<n/a>";length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"; length(IPv6_Address) || IPv6_Address = "?"; length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
-	BEGIN='BEGIN {RXbytes = RXerrors = RXdropped = TXbytes = TXerrors = TXdropped = collisions = 0}'
-
-	# shellcheck disable=SC2090
-	out=$($CMD_LIST_INTERFACES)
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		if [ -r /sys/class/net/"$iface"/duplex ]; then
-			DUPLEX=$(cat /sys/class/net/"$iface"/duplex 2>/dev/null || echo 'error')
-			if [ "$DUPLEX" != 'error' ]; then
-				DUPLEX=$(echo "$DUPLEX" | sed 's/./\u&/')
-				if [ -r /sys/class/net/"$iface"/speed ]; then
-					SPEED=$(cat /sys/class/net/"$iface"/speed 2>/dev/null || echo 'error')
-					[ -n "$SPEED" ] && [ "$SPEED" != 'error' ] && SPEED="${SPEED}Mb/s"
-				else
-					# For SLES, dmesg is accesbile only by the root user, thus using ethtool
-					if echo "$OS_ID" | grep -qi suse; then
-						assertHaveCommandGivenPath /usr/sbin/ethtool
-						SPEED=$(/usr/sbin/ethtool $iface 2>/dev/null | awk '/Speed: +[0-9]+Mb\/s/ {print gensub(/[[:space:]]*Speed: +/, "", 1)}')
-					# For Ubuntu version >= 20, we use cat to read the dmseg file. Otherwise we use dmesg cmd.
-					elif [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-						SPEED=$(cat "$DMESG_FILE"*  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-					else
-						assertHaveCommand dmesg
-						SPEED=$(dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-					fi
-				fi
-			else
-				DUPLEX=""
-			fi
-		fi
-		if [ "$DUPLEX" = "" ] || [ "$SPEED" = "" ] ; then
-			# Get Duplex only if still null
-			if [ "$DUPLEX" = "" ] ; then
-				if echo "$OS_ID" | grep -qi suse; then
-					assertHaveCommandGivenPath /usr/sbin/ethtool
-					DUPLEX=$(/usr/sbin/ethtool $iface 2>/dev/null | awk '/Duplex: +[A-Za-z]+/ {print gensub(/[[:space:]]*Duplex: +/, "", 1)}')
-				elif [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-					DUPLEX=$(cat "$DMESG_FILE"* | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([-_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d')
-				else
-					assertHaveCommand dmesg
-					DUPLEX=$(dmesg | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([-_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d')
-				fi
-			fi
-			# Get Speed only if still null
-			if [ "$SPEED" = "" ] ; then
-				if echo "$OS_ID" | grep -qi suse; then
-					assertHaveCommandGivenPath /usr/sbin/ethtool
-					SPEED=$(/usr/sbin/ethtool $iface 2>/dev/null | awk '/Speed: +[0-9]+Mb\/s/ {print gensub(/[[:space:]]*Speed: +/, "", 1)}')
-				elif [ -e "$DMESG_FILE" ] && [ "$UBUNTU_MAJOR_VERSION" -ge 20 ] ; then
-					SPEED=$(cat "$DMESG_FILE"*  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-				else
-					assertHaveCommand dmesg
-					SPEED=$(dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'"$iface"'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d')
-				fi
-			fi
-		fi
-		if [ $FOUND_IP -eq 0 ]; then
-			# shellcheck disable=SC2016
-			GET_MAC='{if ($0 ~ /ether /) { mac = $2 }}'
-		elif [ -r /sys/class/net/"$iface"/address ]; then
-			MAC=$(cat /sys/class/net/"$iface"/address)
-		else
-			# shellcheck disable=SC2016
-			GET_MAC='{if ($0 ~ /ether /) { mac = $2; } else if ( NR == 1 ) { mac = $5; }}'
-		fi
-		if [ "$DUPLEX" != 'error' ] && [ "$SPEED" != 'error' ]; then
-			# shellcheck disable=SC2086
-			$CMD "$iface" | tee -a "$TEE_DEST" | awk $DEFINE "$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF" name="$iface" speed="$SPEED" duplex="$DUPLEX" mac="$MAC"
-	 		echo "Cmd = [$CMD $iface];     | awk $DEFINE '$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX mac=$MAC" >> "$TEE_DEST"
-		else
-			echo "ERROR: cat command failed for interface $iface" >> "$TEE_DEST"
-		fi
-	done
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-	assertHaveCommandGivenPath /usr/sbin/ifconfig
-	assertHaveCommand kstat
-	# shellcheck disable=SC2089
-	CMD_LIST_INTERFACES="eval /usr/sbin/ifconfig -au | tee $TEE_DEST | egrep -v 'LOOPBACK|netmask' | tee -a $TEE_DEST | grep flags | cut -d':' -f1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-	# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-	# shellcheck disable=SC2016
-	GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX='($1=="collisions") {collisions=$2} ($1=="duplex" || $1=="link_duplex") {duplex=$2} ($1=="rbytes") {RXbytes=$2} ($1=="obytes") {TXbytes=$2} ($1=="ierrors") {RXerrors=$2} ($1=="oerrors") {TXerrors=$2} ($1=="ifspeed") {speed=$2; speed/=1000000; speed=speed "Mb/s"}'
-	# shellcheck disable=SC2016
-	GET_IP='/ netmask / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
-	# shellcheck disable=SC2016
-    GET_MAC='{if ($1 == "ether") {split($2, submac, ":"); mac=sprintf("%02s:%02s:%02s:%02s:%02s:%02s", submac[1], submac[2], submac[3], submac[4], submac[5], submac[6])}}'
-	FILL_BLANKS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"; length(IPv6_Address) || IPv6_Address = "?"; length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>";IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX $GET_IP $GET_MAC $FILL_BLANKS"
-
-	# shellcheck disable=SC2090
-	out=$($CMD_LIST_INTERFACES)
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES]" >> "$TEE_DEST"
-		NODE=$(uname -n)
-		# shellcheck disable=SC2050
-		if [ SOLARIS_8 = false ] && [ SOLARIS_9 = false ] ; then
-			CMD_DESCRIBE_INTERFACE="eval kstat -c net -n $iface ; /usr/sbin/ifconfig $iface 2>/dev/null"
-		else
-			CMD_DESCRIBE_INTERFACE="eval kstat -n $iface ; /usr/sbin/ifconfig $iface 2>/dev/null"
-		fi
-		# shellcheck disable=SC2086
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK $DEFINE "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK $DEFINE '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
-	done
-elif [ "$KERNEL" = "AIX" ] ; then
-	assertHaveCommandGivenPath /usr/sbin/ifconfig
-	assertHaveCommandGivenPath /usr/bin/netstat
-	# shellcheck disable=SC2089
-	CMD_LIST_INTERFACES="eval /usr/sbin/ifconfig -au | tee $TEE_DEST | egrep -v 'LOOPBACK|netmask|inet6|tcp_sendspace' | tee -a $TEE_DEST | grep flags | cut -d':' -f1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
-	# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-	DEFINE="-v OSName=$(uname -s) -v OSVersion=$(oslevel -r |  cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    	# shellcheck disable=SC2016
-		GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX_ERRORS='($1=="Single"){collisions_s=$4} ($1=="Multiple"){collisions=collisions_s+$4} ($1=="Bytes:") {RXbytes=$4 ; TXbytes=$2} ($1=="Media" && $3=="Running:") {speed=$4"Mb/s" ; duplex=$6} ($1="Transmit" && $2="Errors:") {TXerrors=$3 ; RXerrors=$6}'
-	# shellcheck disable=SC2016
-	GET_IP='/ netmask / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
-	# shellcheck disable=SC2016
-	GET_MAC='/^Hardware Address:/{mac=$3}'
-	GET_OS_VERSION='{OS_version=OSVersion/1000}'
-	FILL_BLANKS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"; length(IPv6_Address) || IPv6_Address = "?"; length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_COLLISIONS_RXbytes_TXbytes_SPEED_DUPLEX_ERRORS $GET_IP $GET_MAC $GET_OS_VERSION $FILL_BLANKS"
-
-	# shellcheck disable=SC2090
-	out=$($CMD_LIST_INTERFACES)
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES]" >> "$TEE_DEST"
-		NODE=$(uname -n)
-		CMD_DESCRIBE_INTERFACE="eval netstat -v $iface ; /usr/sbin/ifconfig $iface"
-		# shellcheck disable=SC2086
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK $DEFINE "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK $DEFINE '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
-	done
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand ifconfig
-	assertHaveCommand netstat
-
-	CMD_LIST_INTERFACES='ifconfig -u'
-	# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    # shellcheck disable=SC2016
-	CHOOSE_ACTIVE='/^[a-z0-9]+: / {sub(":", "", $1); iface=$1} /status: active/ {print iface}'
-	UNIQUE='sort -u'
-	# shellcheck disable=SC2016
-	GET_MAC='{$1 == "ether" && mac = $2}'
-	# shellcheck disable=SC2016
-	GET_IPv4='{$1 == "inet" && IPv4 = $2}'
-	# shellcheck disable=SC2016
-	GET_IPv6='{if ($1 == "inet6") {sub("%.*$", "", $2);IPv6 = $2}}'
-	# shellcheck disable=SC2016
-	GET_SPEED_DUPLEX='{if ($1 == "media:") {gsub("[^0-9]", "", $3); speed=$3 "Mb/s"; sub("-duplex.*", "", $4); sub("<", "", $4); duplex=$4}}'
-	# shellcheck disable=SC2016
-	GET_RXbytes_TXbytes_COLLISIONS_ERRORS='{
-        if ($0 ~ /Name/)
-        {
-            for (i=1; i<=NF; i++)
-            {
-                if ($i == "Address") {address_column = i;}
-                else if ($i == "Ibytes") {ibytes_column = i;}
-                else if ($i == "Ierrs") {ierrs_column = i;}
-                else if ($i == "Obytes") {obytes_column = i;}
-                else if ($i == "Oerrs") {oerrs_column = i;}
-                else if ($i == "Coll") {coll_column = i;}
-            }
-            flag = 1;
-        }
-
-        if(flag == 1){
-            if ($address_column == mac)
-            {
-				(ibytes_column == "") ? RXbytes = "<n/a>"  : RXbytes = $(ibytes_column);
-				(ierrs_column == "") ? RXerrors = "<n/a>"  : RXerrors = $(ierrs_column);
-				(obytes_column == "") ? TXbytes = "<n/a>"  : TXbytes = $(obytes_column);
-				(oerrs_column == "") ? TXerrors = "<n/a>"  : TXerrors = $(oerrs_column);
-				(coll_column == "") ? collisions = "<n/a>"  : collisions = $(coll_column);
-            }
-        }
-    }'
-	FILL_BLANKS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"; length(IPv6_Address) || IPv6_Address = "?"; length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_SPEED_DUPLEX $GET_RXbytes_TXbytes_COLLISIONS_ERRORS $FILL_BLANKS"
-
-	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
-		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
-		# shellcheck disable=SC2086
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk $DEFINE "$GET_ALL $PRINTF" name="$iface"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk $DEFINE '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
-	done
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand ifconfig
-    assertHaveCommand lanadmin
-    assertHaveCommand lanscan
-    assertHaveCommand netstat
-
-    CMD='lanscan'
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    # shellcheck disable=SC2016
-	LANSCAN_AWK='/^Hardware/ {next} /^Path/ {next} {mac=$2; ifnum=$3; ifstate=$4; name=$5; type=$8}'
-	# shellcheck disable=SC2016
-    GET_IP4='{c="netstat -niwf inet | grep "name; c | getline; close(c); if (NF==10) {next} mtu=$2; IPv4=$4; RXbytes=$5; RXerrors=$6; TXbytes=$7; TXerrors=$8; collisions=$9}'
-	# shellcheck disable=SC2016
-    GET_IP6='{c="netstat -niwf inet6 | grep "name" "; c| getline; close(c); IPv6=$3}'
-	# shellcheck disable=SC2016
-    GET_SPEED_DUPLEX='{c="lanadmin -x "ifnum ; c | getline; close(c); if (NF==4) speed=$3"Mb/s"; sub("\-.*", "", $4); duplex=tolower($4)}'
-    PRINTF='{printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s    %-35s %15s  %-16s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex, OSName, OS_version, IP_address}'
-    FILL_BLANKS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?";length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	out=$($CMD | awk "$LANSCAN_AWK $GET_IP4 $GET_IP6 $GET_SPEED_DUPLEX $PRINTF $FILL_BLANKS")
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-		echo "$out"
-	fi
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	assertHaveCommand ifconfig
-	assertHaveCommand netstat
-
-	CMD_LIST_INTERFACES='ifconfig -a'
-	# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    	# shellcheck disable=SC2016
-		CHOOSE_ACTIVE='/LOOPBACK/ {next} !/RUNNING/ {next} /^[a-z0-9]+: / {sub(":$", "", $1); print $1}'
-	UNIQUE='sort -u'
-	# shellcheck disable=SC2016
-	GET_MAC='{$1 == "ether" && mac = $2}'
-	# shellcheck disable=SC2016
-	GET_IP='/ netmask / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
-	# shellcheck disable=SC2016
-	GET_SPEED_DUPLEX='/media: / {sub("\134(", "", $4); speed=$4; sub("-duplex.*", "", $5); sub("<", "", $5); duplex=$5}'
-	# shellcheck disable=SC2016
-	GET_RXbytes_TXbytes_COLLISIONS_ERRORS='{
-        if ($0 ~ /Name/)
-        {
-            for (i=1; i<=NF; i++)
-            {
-                if ($i == "Address") {address_column = i;}
-                else if ($i == "Ibytes") {ibytes_column = i;}
-                else if ($i == "Ierrs") {ierrs_column = i;}
-                else if ($i == "Obytes") {obytes_column = i;}
-                else if ($i == "Oerrs") {oerrs_column = i;}
-                else if ($i == "Coll") {coll_column = i;}
-            }
-            flag = 1;
-        }
-
-        if(flag == 1){
-            if ($address_column == mac)
-            {
-                (ibytes_column == "") ? RXbytes = "<n/a>"  : RXbytes = $(ibytes_column);
-				(ierrs_column == "") ? RXerrors = "<n/a>"  : RXerrors = $(ierrs_column);
-				(obytes_column == "") ? TXbytes = "<n/a>"  : TXbytes = $(obytes_column);
-				(oerrs_column == "") ? TXerrors = "<n/a>"  : TXerrors = $(oerrs_column);
-				(coll_column == "") ? collisions = "<n/a>"  : collisions = $(coll_column);
-            }
-        }
-    }'
-	FILL_BLANKS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"; length(IPv6_Address) || IPv6_Address = "?"; length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; IPv4 = IPv4 ? IPv4 : "<n/a>"; IPv6 = IPv6 ? IPv6 : "<n/a>"}'
-	GET_ALL="$GET_MAC $GET_IP $GET_SPEED_DUPLEX $GET_RXbytes_TXbytes_COLLISIONS_ERRORS $FILL_BLANKS"
-
-	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
-	lines=$(echo "$out" | wc -l)
-	if [ "$lines" -gt 0 ]; then
-		echo "$HEADER"
-	fi
-	for iface in $out
-	do
-		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
-		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
-		# shellcheck disable=SC2086
-		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk $DEFINE "$GET_ALL $PRINTF" name="$iface"
-		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk $DEFINE '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
-	done
-fi
-# jscpd:ignore-end
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat.sh
deleted file mode 100755
index 334992de..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# suggested command for testing reads: $ find / -type f 2>/dev/null | xargs wc &> /dev/null &
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-if [ "$KERNEL" = "Linux" ] ; then
-	CMD='iostat -xky 1 1'
-	assertHaveCommand "$CMD"
-	# considers the device, r/s and w/s columns and returns output of the first interval
-	FILTER='/Device/ && /r\/s/ && /w\/s/ {f=1;}f'
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='iostat -xn 1 2'
-	assertHaveCommand "$CMD"
-	# considers the device, r/s and w/s columns and returns output of the second interval
-	FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'
-elif [ "$KERNEL" = "AIX" ] ; then
-	CMD='iostat  1 2'
-	assertHaveCommand "$CMD"
-	# considers the disks, kb_read and kb_wrtn columns and returns output of the second interval
-	FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	CMD='iostat -x -c 2'
-	assertHaveCommand "$CMD"
-	# considers the device, r/s and w/s columns and returns output of the second interval
-	FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD="eval $SPLUNK_HOME/bin/darwin_disk_stats ; sleep 2; echo Pause; $SPLUNK_HOME/bin/darwin_disk_stats"
-	# shellcheck disable=SC2086
-	assertHaveCommandGivenPath $CMD
-	# shellcheck disable=SC2016
-	HEADER='Device          rReq_PS      wReq_PS        rKB_PS        wKB_PS  avgWaitMillis   avgSvcMillis   bandwUtilPct'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	PRINTF='{printf "%-10s  %11s  %11s  %12s  %12s  %13s  %13s  %13s\n", device, rReq_PS, wReq_PS, rKB_PS, wKB_PS, avgWaitMillis, avgSvcMillis, bandwUtilPct}'
-	# shellcheck disable=SC2016
-	FILTER='BEGIN {FS="|"; after=0} /^Pause$/ {after=1; next} !/Bytes|Operations/ {next} {devices[$1]=$1; values[after,$1,$2]=$3; next}'
-	FORMAT='avgSvcMillis=bandwUtilPct="?";'
-	FUNC1='function getDeltaPS(disk, metric) {delta=values[1,disk,metric]-values[0,disk,metric]; return delta/2.0}'
-	# Calculates the latency by pulling the read and write latency fields from darwin__disk_stats and evaluating their sum
-	LATENCY='function getLatency(disk) {read=getDeltaPS(disk,"Latency Time (Read)"); write=getDeltaPS(disk,"Latency Time (Write)"); return expr read + write;}'
-	FUNC2='function getAllDeltasPS(disk) {rReq_PS=getDeltaPS(disk,"Operations (Read)"); wReq_PS=getDeltaPS(disk,"Operations (Write)"); rKB_PS=getDeltaPS(disk,"Bytes (Read)")/1024; wKB_PS=getDeltaPS(disk,"Bytes (Write)")/1024; avgWaitMillis=getLatency(disk);}'
-	SCRIPT="$HEADERIZE $FILTER $FUNC1 $LATENCY $FUNC2 END {$FORMAT for (device in devices) {getAllDeltasPS(device); $PRINTF}}"
-	$CMD | tee "$TEE_DEST" | awk "$SCRIPT"  header="$HEADER"
-	echo "Cmd = [$CMD];  | awk '$SCRIPT' header=\"$HEADER\"" >> "$TEE_DEST"
-	exit 0
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$FILTER"
-echo "Cmd = [$CMD];  | $AWK '$FILTER'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat_metric.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat_metric.sh
deleted file mode 100755
index 2a69a6e8..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/iostat_metric.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# suggested command for testing reads: $ find / -type f 2>/dev/null | xargs wc &> /dev/null &
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-if [ "$KERNEL" = "Linux" ] ; then
-	CMD='iostat -xky 1 1'
-	assertHaveCommand "$CMD"
-	if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1)"
-    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1)"
-    fi
-	FILTER='/Device/ && /r\/s/ && /w\/s/ {f=1;}f'
-	# shellcheck disable=SC2016
-    PRINTF='{if ($0~/Device/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='iostat -xn 1 2'
-	# jscpd:ignore-start
-	assertHaveCommand "$CMD"
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'
-    # shellcheck disable=SC2016
-	PRINTF='{if ($0~/device/ && /r\/s/ && /w\/s/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}'
-	# jscpd:ignore-end
-elif [ "$KERNEL" = "AIX" ] ; then
-	CMD='iostat  1 2'
-	assertHaveCommand "$CMD"
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(oslevel -r | cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2'
-    # shellcheck disable=SC2016
-	PRINTF='{if ($0~/Disks/ && /Kb_read/ && /Kb_wrtn/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version/1000, IP_address}}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	CMD='iostat -x -c 2'
-	assertHaveCommand "$CMD"
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'
-    # shellcheck disable=SC2016
-	PRINTF='{if ($0~/device/ && /r\/s/ && /w\/s/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD="eval $SPLUNK_HOME/bin/darwin_disk_stats ; sleep 2; echo Pause; $SPLUNK_HOME/bin/darwin_disk_stats"
-	# shellcheck disable=SC2086
-	assertHaveCommandGivenPath $CMD
-	HEADER='Device          rReq_PS      wReq_PS        rKB_PS        wKB_PS  avgWaitMillis   avgSvcMillis   bandwUtilPct    OSName                                   OS_version  IP_address'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	PRINTF='{printf "%-10s  %11s  %11s  %12s  %12s  %13s  %13s  %13s    %-35s %15s  %-16s\n", device, rReq_PS, wReq_PS, rKB_PS, wKB_PS, avgWaitMillis, avgSvcMillis, bandwUtilPct, OSName, OS_version, IP_address}'
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	# shellcheck disable=SC2016
-	FILTER='BEGIN {FS="|"; after=0} /^Pause$/ {after=1; next} !/Bytes|Operations/ {next} {devices[$1]=$1; values[after,$1,$2]=$3; next}'
-	FORMAT='{avgSvcMillis=bandwUtilPct="?";OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-	FUNC1='function getDeltaPS(disk, metric) {delta=values[1,disk,metric]-values[0,disk,metric]; return delta/2.0}'
-	# Calculates the latency by pulling the read and write latency fields from darwin__disk_stats and evaluating their sum
-	LATENCY='function getLatency(disk) {read=getDeltaPS(disk,"Latency Time (Read)"); write=getDeltaPS(disk,"Latency Time (Write)"); return expr read + write;}'
-	FUNC2='function getAllDeltasPS(disk) {rReq_PS=getDeltaPS(disk,"Operations (Read)"); wReq_PS=getDeltaPS(disk,"Operations (Write)"); rKB_PS=getDeltaPS(disk,"Bytes (Read)")/1024; wKB_PS=getDeltaPS(disk,"Bytes (Write)")/1024; avgWaitMillis=getLatency(disk);}'
-	SCRIPT="$HEADERIZE $FILTER $FUNC1 $LATENCY $FUNC2 END {$FORMAT for (device in devices) {getAllDeltasPS(device); $PRINTF}}"
-	# shellcheck disable=SC2086
-	$CMD | tee "$TEE_DEST" | awk $DEFINE "$SCRIPT"  header="$HEADER"
-	echo "Cmd = [$CMD];  | awk $DEFINE '$SCRIPT' header=\"$HEADER\"" >> "$TEE_DEST"
-	exit 0
-fi
-# shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FILTER $PRINTF"
-echo "Cmd = [$CMD];  | $AWK $DEFINE '$FILTER'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lastlog.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lastlog.sh
deleted file mode 100755
index fbab360a..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lastlog.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='USERNAME                        FROM                            LATEST'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='{printf "%-30s  %-30.30s  %-s\n", username, from, latest}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	CMD='last -iw'
-	# shellcheck disable=SC2016
-	FILTER='{if ($0 == "") exit; if ($1 ~ /reboot|shutdown/ || $1 in users) next; users[$1]=1}'
-	# shellcheck disable=SC2016
-	FORMAT='{username = $1; from = (NF==10) ? $3 : "<console>"; latest = $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3)}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='last -n 999'
-	# shellcheck disable=SC2016
-	FILTER='{if ($0 == "") exit; if ($1 ~ /reboot|shutdown/ || $1 in users) next; users[$1]=1}'
-	# shellcheck disable=SC2016
-	FORMAT='{username = $1; from = (NF==10) ? $3 : "<console>"; latest = $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3)}'
-elif [ "$KERNEL" = "AIX" ] ; then
-	failUnsupportedScript
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD='last -99'
-	# shellcheck disable=SC2016
-	FILTER='{if ($0 == "") exit; if ($1 ~ /reboot|shutdown/ || $1 in users) next; users[$1]=1}'
-	# shellcheck disable=SC2016
-	FORMAT='{username = $1; from = ($0 !~ /                /) ? $3 : "<console>"; latest = $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3)}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    CMD='lastb -Rx'
-	# shellcheck disable=SC2016
-    FORMAT='{username = $1; from = ($2=="console") ? $2 : $3; latest = $(NF-3) " " $(NF-2)" " $(NF-1)}'
-	# shellcheck disable=SC2016
-    FILTER='{if ($1 == "BTMPS_FILE") next; if (NF==0) next; if (NF<=6) next;}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	CMD='lastlogin'
-	# shellcheck disable=SC2016
-	FORMAT='{username = $1; from = (NF==8) ? $3 : "<console>"; latest=$(NF-4) " " $(NF-3) " " $(NF-2) " " $(NF-1) " " $NF}'
-fi
-
-assertHaveCommand $CMD
-
-out=$($CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER")
-lines=$(echo "$out" | wc -l)
-if [ "$lines" -gt 1 ]; then
-	echo "$out"
-	echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
-else
-	echo "No data is present" >> "$TEE_DEST"
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lsof.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lsof.sh
deleted file mode 100755
index e641e04b..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/lsof.sh
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-assertHaveCommand lsof
-CMD='lsof -nPs +c 0'
-
-# shellcheck disable=SC2016
-FILTER='/Permission denied|NOFD|unknown/ {next}'
-
-if [[ "$KERNEL" = "Linux" ]] || [[ "$KERNEL" = "HP-UX" ]] || [[ "$KERNEL" = "Darwin" ]] || [[ "$KERNEL" = "FreeBSD" ]] ; then
-	if [ "$KERNEL" = "Darwin" ] ; then
-		# shellcheck disable=SC2016
-		FILTER='/KQUEUE|PIPE|PSXSEM/ {next}'
-	elif [ "$KERNEL" = "FreeBSD" ] ; then
-		if [[ $KERNEL_RELEASE =~ 11.* ]] || [[ $KERNEL_RELEASE =~ 12.* ]] || [[ $KERNEL_RELEASE =~ 13.* ]]; then
-			# empty condition to allow the execution of script as is
-			echo > /dev/null
-		else
-			failUnsupportedScript
-		fi
-	fi
-else
-	failUnsupportedScript
-fi
-
-PARSE_0='NR == 1 {
-    # Extract positions and headers from the first line
-    for (i = 1; i <= NF; i++) {
-        positions[i] = index($0, $i)
-        headers[i] = length($i)
-        if (i == NF) {
-            printf "%s", $i
-        }
-        else {
-            printf "%10s ", $i
-        }
-    }
-    printf "\n"
-    next
-}'
-PARSE_1='{
-    id = 1
-    for (i = 1; i <= length(positions); i++) {
-        if (i == length(positions)) {
-            field = substr($0, positions[i])
-        } else {
-            field = substr($0, positions[i], headers[i])
-        }
-        if (field ~ /^ *$/) {
-            field = "?"
-            id--
-        } else {
-            field = $id
-        }
-        id = id + 1
-        if (i == length(positions)) {
-            printf "%s", field
-        }
-        else {
-            printf "%10s ", field
-        }
-    }
-    printf "\n"
-}
-'
-
-assertHaveCommand "$CMD"
-# shellcheck disable=SC2094
-$CMD 2>"$TEE_DEST" | tee "$TEE_DEST" | awk "$FILTER $PARSE_0 $PARSE_1"
-echo "Cmd = [$CMD 2>$TEE_DEST];  | awk -v positions=\"$positions\" -v headers=\"$headers\" \"$FILTER $PRINTF\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/netstat.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/netstat.sh
deleted file mode 100755
index 04347959..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/netstat.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='Proto  Recv-Q  Send-Q  LocalAddress                    ForeignAddress                  State'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-# shellcheck disable=SC2016
-PRINTF='{printf "%-5s  %6s  %6s  %-30.30s  %-30.30s  %-s\n", $1, $2, $3, $4, $5, $6}'
-# shellcheck disable=SC2016
-FILL_BLANKS='($1=="udp") {$6="<n/a>"}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	queryHaveCommand ss
-	FOUND_SS=$?
-	if [ $FOUND_SS -eq 0 ] ; then
-		CMD='eval ss -antu 2>/dev/null | egrep "tcp|udp"'
-		# shellcheck disable=SC2016
-		FORMAT='{ state=$2; $2=$3; $3=$4; $4=$5; $5=$6; $6=state}'
-	else
-		CMD='eval netstat -aenp 2>/dev/null | egrep "tcp|udp"'
-	fi
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='netstat -an -f inet -f inet6'
-	FIGURE_SECTION='NR==1 {inUDP=1;inTCP=0} /^TCP: IPv/ {inUDP=0;inTCP=1} /^SCTP:/ {exit}'
-	FILTER='/: IPv|Local Address|^$|^-----/ {next}'
-	# shellcheck disable=SC2016
-	FORMAT_UDP='(inUDP) {localAddr=$1; $1="udp"; $2=$3=0; $4=localAddr; $5="*.*"}'
-	# shellcheck disable=SC2016
-	FORMAT_TCP='(inTCP) {localAddr=$1; foreignAddr=$2; sendQ=$4; recvQ=$6; state=$7; $1="tcp"; $2=recvQ; $3=sendQ; $4=localAddr; $5=foreignAddr; $6=state}'
-	FORMAT="$FORMAT_UDP $FORMAT_TCP"
-elif [ "$KERNEL" = "AIX" ] ; then
-	CMD='eval netstat -an 2>/dev/null | egrep "tcp|udp"'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD='eval netstat -anW | egrep "tcp|udp"'
-	# shellcheck disable=SC2016
-	FORMAT='{gsub("[46]", "", $1)}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    CMD='eval netstat -an | egrep "tcp|udp"'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	# shellcheck disable=SC2089
-	CMD='eval netstat -an | egrep "tcp|udp"'
-	# shellcheck disable=SC2016
-	FORMAT='{gsub("[46]", "", $1)}'
-fi
-
-assertHaveCommand "$CMD"
-# shellcheck disable=SC2090
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FIGURE_SECTION $FILTER $FORMAT $FILL_BLANKS $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FIGURE_SECTION $FILTER $FORMAT $FILL_BLANKS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/nfsiostat.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/nfsiostat.sh
deleted file mode 100755
index fd32002e..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/nfsiostat.sh
+++ /dev/null
@@ -1,199 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='Mount 		  Path		  r_op/s    w_op/s    r_KB/s    w_KB/s    rpc_backlog    r_avg_RTT    w_avg_RTT    r_avg_exe    w_avg_exe'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-
-# We can have the multiple mounts for the nfs. So we have to parse mount separately.
-# For CentOS and RHEL the number of lines for each mount is 9, while for the ubuntu it is 22
-# due to the bug mentioned in this link. https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1584719
-# So, we are handling the case of Ubuntu separately.
-
-# When awk iterates through each line, using modulo operator we are checking the line number
-# And extracting the particular value from that line and assigning it to the variable
-# which we will use when the output of modulo is 0 as it will be the last line of that mount.
-
-# We are also removing last character in the line "path=substr($4, 1, length($4)-1)"
-# as last character of the path is ":"
-
-if [ "$KERNEL" = "Linux" ] ; then
-
-    OS_FILE=/etc/os-release
-
-    if echo "$OS_ID" | grep -qi suse; then
-        CMD='/usr/sbin/nfsiostat'
-        assertHaveCommandGivenPath $CMD
-
-    else
-        CMD='nfsiostat'
-        assertHaveCommand $CMD
-
-    fi
-
-    no_of_lines=$($CMD| wc -l)
-
-    # If there are no mount, exit
-    if [ "$no_of_lines" -eq 1 ];
-    then
-        $CMD >> "$TEE_DEST"
-        exit 1
-    fi
-
-    # Below condition is added to handle the case of Ubuntu OS
-    if [ -e $OS_FILE ] && (awk -F'=' '/ID=/ {print $2}' $OS_FILE | grep -q ubuntu);
-    then
-        # shellcheck disable=SC2016
-        OS_RELEASE=$($AWK -F= '/VERSION_ID=/ {print $2}' $OS_FILE)
-        if [ "$OS_RELEASE" = "\"18.04\"" ] || [ "$OS_RELEASE" = "\"20.04\"" ] || [ "$OS_RELEASE" = "\"22.04\"" ] ; then # Ubuntu 18.04, 20.04 and 22.04
-            # shellcheck disable=SC2016
-            FORMAT='{
-                if (NR%10==2){
-                echo "device"
-                    device=$1
-                    path=substr($4, 1, length($4)-1)
-                }
-                else if (NR%10==5){
-                    rpc_backlog=$2
-                }
-                else if (NR%10==8){
-                    r_op_s=$1
-                    r_kb_s=$2
-                    r_avg_rtt=$6
-                    r_avg_exe=$7
-                }
-                else if (NR%10==0){
-                    w_op_s=$1
-                    w_kb_s=$2
-                    w_avg_rtt=$6
-                    w_avg_exe=$7
-                    printf "%s %s %s %s %s %s %s %s %s %s %s\n",device, path, r_op_s, w_op_s, r_kb_s, w_kb_s, rpc_backlog, r_avg_rtt, w_avg_rtt, r_avg_exe, w_avg_exe
-                }
-            }'
-        else
-            # shellcheck disable=SC2016
-            FORMAT='{
-                if (NR%22==2){
-                echo "device"
-                    device=$1
-                    path=substr($4, 1, length($4)-1)
-                }
-                else if (NR%22==6){
-                    rpc_backlog=$1
-                }
-                else if (NR%22==9){
-                    r_op_s=$1
-                }
-                else if (NR%22==10){
-                    r_kb_s=$1
-                }
-                else if (NR%22==13){
-                    r_avg_rtt=$1
-                }
-                else if (NR%22==14){
-                    r_avg_exe=$1
-                }
-                else if (NR%22==17){
-                    w_op_s=$1
-                }
-                else if (NR%22==18){
-                    w_kb_s=$1
-                }
-                else if (NR%22==21){
-                    w_avg_rtt=$1
-                }
-                else if (NR%22==0){
-                    w_avg_exe=$1
-                    printf "%s %s %s %s %s %s %s %s %s %s %s\n",device, path, r_op_s, w_op_s, r_kb_s, w_kb_s, rpc_backlog, r_avg_rtt, w_avg_rtt, r_avg_exe, w_avg_exe
-                }
-            }'
-        fi
-    # For SUSE OS
-    elif echo "$OS_ID" | grep -qi suse;
-    then
-        FORMAT='{
-            if (NR%10==2){
-                device=$1
-                path=substr($4, 1, length($4)-1)
-            }
-            else if (NR%10==5){
-                rpc_backlog=$2
-            }
-            else if (NR%10==8){
-                r_op_s=$1
-                r_kb_s=$2
-                r_avg_rtt=$6
-                r_avg_exe=$7
-            }
-            else if (NR%10==0){
-                w_op_s=$1
-                w_kb_s=$2
-                w_avg_rtt=$6
-                w_avg_exe=$7
-                printf "%s %s %s %s %s %s %s %s %s %s %s\n",device, path, r_op_s, w_op_s, r_kb_s, w_kb_s, rpc_backlog, r_avg_rtt, w_avg_rtt, r_avg_exe, w_avg_exe
-            }
-        }'
-
-    # For CentOS and RHEL
-    else
-        #For  RHEL 8.x
-        if [ -e $OS_FILE ] && ( ( (awk -F'=' '/ID=/ {print $2}' $OS_FILE | grep -q rhel) && (awk -F'=' '/VERSION_ID=/ {print $2}' $OS_FILE | grep -Eq 8.7\|8.6\|8.5\|8.4\|8.3\|9) ) || ( (awk -F'=' '/ID=/ {print $2}' $OS_FILE | grep -q cent) && (awk -F'=' '/VERSION_ID=/ {print $2}' $OS_FILE | grep -Eq 8) ) );
-        then
-            # shellcheck disable=SC2016
-            FORMAT='{
-                if (NR%10==2){
-                    device=$1
-                    path=substr($4, 1, length($4)-1)
-                }
-                else if (NR%10==5){
-                    rpc_backlog=$2
-                }
-                else if (NR%10==8){
-                    r_op_s=$1
-                    r_kb_s=$2
-                    r_avg_rtt=$6
-                    r_avg_exe=$7
-                }
-                else if (NR%10==0){
-                    w_op_s=$1
-                    w_kb_s=$2
-                    w_avg_rtt=$6
-                    w_avg_exe=$7
-                    printf "%s %s %s %s %s %s %s %s %s %s %s\n",device, path, r_op_s, w_op_s, r_kb_s, w_kb_s, rpc_backlog, r_avg_rtt, w_avg_rtt, r_avg_exe, w_avg_exe
-                }
-            }'
-        else
-            # shellcheck disable=SC2016
-            FORMAT='{
-                if (NR%9==2){
-                    device=$1
-                    path=substr($4, 1, length($4)-1)
-                }
-                else if (NR%9==5){
-                    rpc_backlog=$2
-                }
-                else if (NR%9==7){
-                    r_op_s=$1
-                    r_kb_s=$2
-                    r_avg_rtt=$6
-                    r_avg_exe=$7
-                }
-                else if (NR%9==0){
-                    w_op_s=$1
-                    w_kb_s=$2
-                    w_avg_rtt=$6
-                    w_avg_exe=$7
-                    printf "%s %s %s %s %s %s %s %s %s %s %s\n",device, path, r_op_s, w_op_s, r_kb_s, w_kb_s, rpc_backlog, r_avg_rtt, w_avg_rtt, r_avg_exe, w_avg_exe
-                }
-            }'
-        fi
-    fi
-    $CMD | tee "$TEE_DEST" |  awk "$HEADERIZE $FORMAT" | column -t
-    echo "Cmd = [$CMD];  | awk '$HEADERIZE $FORMAT' header=\"$HEADER\"" >> "$TEE_DEST"
-
-else
-    failUnsupportedScript
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPorts.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPorts.sh
deleted file mode 100755
index 1b8a53fa..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPorts.sh
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# a similar effect can be accomplished with: "nc -z 127.0.0.1 1-32768", and "nc -zu 127.0.0.1 1-32768"
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='Proto   Port'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='{printf "%-5s  %5d\n", proto, port}'
-# shellcheck disable=SC2016
-FILTER_INACTIVE='($NF ~ /^CLOSE/) {next}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	queryHaveCommand ss
-	FOUND_SS=$?
-	if [ $FOUND_SS -eq 0 ] ; then
-		CMD='eval ss -lnut | egrep "^tcp|^udp"'
-		# shellcheck disable=SC2016
-		FORMAT='{proto=$1; sub("^.*:", "", $5); port=$5}'
-	else
-		CMD='eval netstat -ln | egrep "^tcp|^udp"'
-		# shellcheck disable=SC2016
-		FORMAT='{proto=$1; sub("^.*:", "", $4); port=$4}'
-	fi
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='netstat -an -f inet -f inet6'
-	FIGURE_SECTION='BEGIN {inUDP=1;inTCP=0} /^TCP: IPv/ {inUDP=0;inTCP=1} /^SCTP:/ {exit}'
-	FILTER='/: IPv|Local Address|^$|^-----/ {next} (! port) {next}'
-	# shellcheck disable=SC2016
-	FORMAT='{if (inUDP) proto="udp"; if (inTCP) proto="tcp"; sub("^.*[^0-9]", "", $1); port=$1}'
-elif [ "$KERNEL" = "AIX" ] ; then
-	CMD='eval netstat -an | egrep "^tcp|^udp"'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	# shellcheck disable=SC2016
-	FORMAT='{gsub("[46]", "", $1); proto=$1; sub("^.*[^0-9]", "", $4); port=$4}'
-	# shellcheck disable=SC2016
-	FILTER='{if ($4 == "") next}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD='eval netstat -ln | egrep "^tcp|^udp"'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	# shellcheck disable=SC2016
-	FORMAT='{gsub("[46]", "", $1); proto=$1; sub("^.*[^0-9]", "", $4); port=$4}'
-	# shellcheck disable=SC2016
-	FILTER='{if ($4 == "") next}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    CMD='eval netstat -an | egrep "^tcp|^udp"'
-    HEADERIZE="BEGIN {print \"$HEADER\"}"
-	# shellcheck disable=SC2016
-    FORMAT='{gsub("[46]", "", $1); proto=$1; sub("^.*[^0-9]", "", $4); port=$4}'
-	# shellcheck disable=SC2016
-    FILTER='{if ($4 == "") next}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-# shellcheck disable=SC2089
-	CMD='eval netstat -ln | egrep "^tcp|^udp"'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	# shellcheck disable=SC2016
-	FORMAT='{gsub("[46]", "", $1); proto=$1; sub("^.*[^0-9]", "", $4); port=$4}'
-fi
-
-assertHaveCommand "$CMD"
-# shellcheck disable=SC2090
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FIGURE_SECTION $FORMAT $FILTER $FILTER_INACTIVE $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FIGURE_SECTION $FORMAT $FILTER $FILTER_INACTIVE $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPortsEnhanced.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPortsEnhanced.sh
deleted file mode 100755
index b3317b8a..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/openPortsEnhanced.sh
+++ /dev/null
@@ -1,125 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# In AWK scripts in this file, the following are true:
-# 	FULLTEXT is used to capture the output for SHA256 checksum generation.
-# 	SPLUNKD is used to determine Splunk service status.
-
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand date
-	assertHaveCommand lsof
-	if [ -f /usr/sbin/lsof ] ; then
-		LSOF=/usr/sbin/lsof
-	elif [ -f /usr/bin/lsof ] ; then
-		# shellcheck disable=SC2034
-		LSOF=/usr/bin/lsof
-	fi
-	# shellcheck disable=SC2016
-	CMD='eval date ; ${LSOF} -i -P -n +c 0'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {DATE=$0 ; FULLTEXT=""}'
-	# Only base the file hash on the listening ports, not on
-	# open connections.
-	# shellcheck disable=SC2016
-	PARSE_1='/LISTEN|[Uu][Dd][Pp]/ {
-		FULLTEXT = FULLTEXT $0 "\n"
-		idx=match($0, /\(LISTEN\)/)
-		if (idx>0) {
-			DATA=substr($0, 0, idx-1)
-		} else {
-			DATA=$0
-		}
-		fields = split(DATA, portarr)
-
-		# This compensates for varying field counts.
-		if (fields == 9) {
-			hostfields = split(portarr[9], hostarr, ":")
-			TRANSPORT="transport=" portarr[8]
-		} else if (fields == 8) {
-			hostfields = split(portarr[8], hostarr, ":")
-			TRANSPORT="transport=" portarr[7]
-		}
-
-		if (hostfields == 2 && hostarr[2] ~ /[0-9][0-9]*/) {
-			DESTIP="dest_ip=" hostarr[1]
-			DESTPORT="dest_port=" hostarr[2]
-			APP="app=" portarr[1]
-			PID="pid=" portarr[2]
-			USER="user=" portarr[3]
-			FD="fd=" portarr[4]
-			IPVERSION="ip_version=" substr(portarr[5],index(portarr[5],"v")+1)
-			DVCID="dvc_id=" portarr[6]
-			#printf "MATCH: %s\n", $0
-			printf "%s %s %s %s %s %s %s %s %s %s\n", DATE, APP, DESTIP, DESTPORT, PID, USER, FD, IPVERSION, DVCID, TRANSPORT
-		} else {
-			#printf "NOMATCH: %s\n", $0
-			;
-		}
-	}'
-	MASSAGE="$PARSE_0 $PARSE_1"
-
-	# Send the collected full text to openssl; this avoids any timing discrepancies
-	# between when the information is collected and when we process it.
-	# shellcheck disable=SC2016
-	POSTPROCESS='END {
-		printf "%s %s", DATE, "file_hash="
-		printf "%s", FULLTEXT | "LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256"
-	}'
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-
-	assertHaveCommand date
-	assertHaveCommand netstat
-
-	CMD='eval date ; netstat -an -f inet -f inet6'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {DATE=$0 ; FULLTEXT=""}'
-	# shellcheck disable=SC2016
-	PARSE_1='/^[Tt][Cc][Pp]|[Uu][Dd][Pp]/ {
-                split($0, protoarr, ":")
-                TRANSPORT="transport=" protoarr[1]
-                IPVERSION="ip_version=" substr(protoarr[2],index(protoarr[2],"v")+1)
-                next
-        }'
-	# shellcheck disable=SC2016
-	PARSE_3='NR>1 && $0 !~ /Local|^-|^$/ {
-		FULLTEXT = FULLTEXT $0 "\n"
-		split($0, arr)
-		num = split(arr[1], hostarr, "\.")
-		if ( TRANSPORT ~ /[Tt][Cc][Pp]/) {
-			DESTIP="dest_ip="hostarr[1]
-		} else {
-			DESTIP="dest_dns="hostarr[1]
-		}
-		DESTPORT=hostarr[num]
-
-		for (i=2; i<num; i++) {
-			DESTIP=DESTIP"."hostarr[i]
-		}
-		if ( $0 !~ /[Uu][Nn][Bb][Oo][Uu][Nn][Dd]/ && DESTPORT != "*" ) {
-			DESTPORT="dest_port="DESTPORT
-			printf "%s %s %s %s %s \n", DATE, DESTIP, DESTPORT, IPVERSION, TRANSPORT
-		}
-	}'
-
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_3"
-
-	# Send the collected full text to openssl; this avoids any timing discrepancies
-	# between when the information is collected and when we process it.
-	# shellcheck disable=SC2016
-	POSTPROCESS='END {
-		printf "%s %s", DATE, "file_hash="
-		printf "%s", FULLTEXT | "LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256"
-	}'
-
-else
-	# Exits
-	failUnsupportedScript
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$MASSAGE $POSTPROCESS"
-echo "Cmd = [$CMD];  | $AWK '$MASSAGE $POSTPROCESS'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/package.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/package.sh
deleted file mode 100755
index f9573fd6..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/package.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='NAME                                                     VERSION               RELEASE               ARCH        VENDOR                          GROUP'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='{printf "%-55.55s  %-20.20s  %-20.20s  %-10.10s  %-30.30s  %-20s\n", name, version, release, arch, vendor, group}'
-
-CMD='echo There is no flavor-independent command...'
-if [ "$KERNEL" = "Linux" ] ; then
-	if $DEBIAN; then
-		CMD1="eval dpkg-query -W -f='"
-		# shellcheck disable=SC2016
-		CMD2='${Package}  ${Version}  ${Architecture}  ${Homepage}\n'
-		CMD3="'"
-		CMD=$CMD1$CMD2$CMD3
-		# shellcheck disable=SC2016
-		FORMAT='{name=$1;version=$2;sub("\\.?[^0-9\\.:\\-].*$", "", version); release=$2; sub("^[0-9\\.:\\-]*","",release); if(release=="") {release="?"}; arch=$3; if (NF>3) {sub("^.*:\\/\\/", "", $4); sub("^www\\.", "", $4); sub("\\/.*$", "", $4); vendor=$4} else {vendor="?"} group="?"}'
-	else
-		CMD='eval rpm --query --all --queryformat "%-56{name}  %-21{version}  %-21{release}  %-11{arch}  %-31{vendor}  %-{group}\n"'
-		# shellcheck disable=SC2016
-		PRINTF='{print $0}'
-	fi
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='pkginfo -l'
-	# shellcheck disable=SC2016
-	FORMAT='/PKGINST:/ {name=$2 ":"} /NAME:/ {for (i=2;i<=NF;i++) name = name " " $i} /CATEGORY:/ {group=$2} /ARCH:/ {arch=$2} /VERSION:/ {split($2,a,",REV="); version=a[1]; release=a[2]} /VENDOR:/ {vendor=$2; for(i=3;i<=NF;i++) vendor = vendor " " $i}'
-	SEPARATE_RECORDS='!/^$/ {next} {release = release ? release : "?"}'
-elif [ "$KERNEL" = "AIX" ] ; then
-	CMD='eval lslpp -icq | sed "s,:, ," | sed "s,:.*,,"'
-	# shellcheck disable=SC2016
-	FORMAT='{name=$2 ; version=$3 ; vendor=release=arch=group="?"}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD='system_profiler SPApplicationsDataType'
-	FILTER='{ if (NR<3) next}'
-	# shellcheck disable=SC2016
-	FORMAT='{gsub("[^\40-\176]", "", $0)} /:$/ {sub("^[ ]*", "", $0); sub(":$", "", $0); name=$0} /Last Modified: / {vendor=""} /Version: / {version=$2} /Kind: / {arch=$2} /Get Info String: / {sub("^.*: ", "", $0); sub("[Aa]ll [Rr]ights.*$", "", $0); sub("^.*[Cc]opyright", "", $0); sub("^[^a-zA-Z_]*[0-9][0-9[0-9][0-9]", "", $0); sub("^[ ]*", "", $0); vendor=$0}'
-	SEPARATE_RECORDS='!/Location:/ {next} {release = "?"; vendor = vendor ? vendor : "?"; group = "?"}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand swlist
-    CMD='swlist -a revision -a architecture -a vendor_tag'
-	# shellcheck disable=SC2016
-    FILTER='/^#/ {next} $1=="" {next}'
-	# shellcheck disable=SC2016
-    FORMAT='{release="?"; group="?"; vendor="?"; name=$1; version=$2; arch=$3} NF==4 {vendor=$4}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	# the below syntax is valid when using zsh, bash, ksh
-	if [[ $KERNEL_RELEASE =~ 10.* ]] || [[ $KERNEL_RELEASE =~ 11.* ]] || [[ $KERNEL_RELEASE =~ 12.* ]] || [[ $KERNEL_RELEASE =~ 13.* ]]; then
-		CMD='eval pkg info --raw --all | grep "^name:\|^version:\|^arch:" | cut -d\" -f2'
-		HEADER='NAME                                               VERSION                                            ARCH        '
-		HEADERIZE="BEGIN {print \"$HEADER\"}"
-		# shellcheck disable=SC2016
-		PRINTF='{ printf "%-50.50s" (NR%3==0 ? RS:FS),$1}'
-	else
-		CMD='pkg_info -da'
-		# shellcheck disable=SC2016
-		FORMAT='/^Information for / {vendor=""; sub(":$", "", $3); name=$3} /^WWW: / {sub("^.*//", "", $2); sub("/.*$", "", $2); sub("^www\134.", "", $2); vendor=$2} /^$/ {blanks+=1} !/^$/ {blanks=0}'
-		SEPARATE_RECORDS='(blanks<3) {next} {vendor = vendor ? vendor : "?"; version=release=arch=group="?"}'
-	fi
-fi
-
-assertHaveCommand "$CMD"
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $SEPARATE_RECORDS $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $SEPARATE_RECORDS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/passwd.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/passwd.sh
deleted file mode 100755
index 381cb982..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/passwd.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-PRINTF='END {printf "%s %s\n", DATE, FILEHASH}'
-# shellcheck disable=SC2034
-PASSWD_FILE=/etc/passwd
-
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "AIX" ] || [ "x$KERNEL" != "xHP-UX" ] || [ "$KERNEL" = "Darwin" ] || [ "$KERNEL" = "FreeBSD" ] ; then
-	assertHaveCommand date
-	# shellcheck disable=SC2016
-    CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256 $PASSWD_FILE ; cat $PASSWD_FILE'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {DATE=$0}'
-	# shellcheck disable=SC2016
-	PARSE_1='NR==2 {FILEHASH="file_hash=" $2}'
-	# Note the inline print in the next PARSE statement.
-	# Comments are eliminated from the output, but included in FILEHASH.
-	# shellcheck disable=SC2016
-	PARSE_2='NR>2 && /^[^#]/ { split($0, arr, ":") ; printf "%s user=%s password=x user_id=%s user_group_id=%s home=%s shell=%s\n", DATE, arr[1], arr[3], arr[4], arr[6], arr[7]}'
-
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2"
-
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$MASSAGE $PRINTF"
-echo "Cmd = [$CMD];  | $AWK '$MASSAGE $PRINTF'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/protocol.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/protocol.sh
deleted file mode 100755
index 0ab8ba2f..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/protocol.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-CMD='netstat -s'
-HEADER='  IPdropped   TCPrexmits   TCPreorder   TCPpktRecv   TCPpktSent   UDPpktLost   UDPunkPort   UDPpktRecv   UDPpktSent'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='END {printf " %10d   %10d   %10d   %10d   %10d   %10d   %10d   %10d   %10d\n", IPdropped, TCPrexmits, TCPreorder, TCPpktRecv, TCPpktSent, UDPpktLost, UDPunkPort, UDPpktRecv, UDPpktSent}'
-
-OS_FILE=/etc/os-release
-
-if [ "$KERNEL" = "Linux" ] ; then
-	if echo "$OS_ID" | grep -qi suse; then
-		# shellcheck disable=SC2016
-		CMD='nstat -az'
-		# shellcheck disable=SC2016
-		TCPreorder=0
-		FIGURE_SECTION='/^IpOutDiscards/ {IPdropped=$2} /^TcpInSegs/ {TCPpktRecv=$2} /^TcpOutSegs/ {TCPpktSent=$2} /^TcpRetransSegs/ {TCPrexmits=$2} /^UdpInDatagrams/ {UDPpktRecv=$2} /^UdpNoPorts/ {UDPunkPort=$2} /^UdpInErrors/ {UDPpktLost=$2} /^UdpOutDatagrams/ {UDPpktSent=$2} /^.*Reorder/ {TCPreorder+=$2}'
-	else
-		# shellcheck disable=SC2016
-		FIGURE_SECTION='/^Ip:$/ {inIP=1;inTCP=0;inUDP=0} /^Tcp(Ext)?:$/ {inIP=0;inTCP=1;inUDP=0} /^Udp:$/ {inIP=0;inTCP=0;inUDP=1} {if (NF==1 && $1 !~ /^Ip:$|^Udp:$|^Tcp(Ext)?:$/) inIP=inTCP=inUDP=0}'
-		# shellcheck disable=SC2016
-		SECTION_IP='inIP && /outgoing packets dropped/ {IPdropped=$1}'
-		# shellcheck disable=SC2016
-		SECTION_TCP='inTCP && /segments retransmited/ {TCPrexmits=$1} inTCP && /Detected reordering/ {TCPreorder=$3} inTCP && /[0-9] segments received$/ {TCPpktRecv=$1} inTCP && /segments send out/ {TCPpktSent=$1}'
-		# shellcheck disable=SC2016
-		SECTION_UDP='inUDP && /packets received/ {UDPpktRecv=$1} inUDP && /packets sent/ {UDPpktSent=$1} inUDP && /packet receive errors/ {UDPpktLost=$1} inUDP && /packets to unknown port received/ {UDPunkPort=$1}'
-	fi
-elif [ "$KERNEL" = "SunOS" ] ; then
-	# shellcheck disable=SC2016
-	COMMON='{gsub("=", "", $0)}'
-	# shellcheck disable=SC2016
-	SECTION_IP='/ipOutDiscards/ {IPdropped+=$2} /ipOutNoRoutes/ {IPdropped+=$4} /ipv6OutNoRoutes/ {IPdropped+=$2} /ipv6OutDiscards/ {IPdropped+=$4}'
-	# shellcheck disable=SC2016
-	SECTION_TCP='/tcpRetransSegs/ {TCPrexmits=$2} /tcpInUnorderSegs/ {TCPreorder=$2} /tcpInSegs/ {TCPpktRecv=$2} /tcpOutSegs/ {TCPpktSent=$4}'
-	# shellcheck disable=SC2016
-	SECTION_UDP='/udpOutErrors/ {UDPpktLost=$4} /udpInErrors/ {UDPunkPort=$5} /udpInDatagrams/ {UDPpktRecv=$3} /udpOutDatagrams/ {UDPpktSent=$2}'
-elif [ "$KERNEL" = "AIX" ] ; then
-	# shellcheck disable=SC2016
-	FIGURE_SECTION='/^ip:$/ {inIP=1;inTCP=0;inUDP=0} /^tcp:$/ {inIP=0;inTCP=1;inUDP=0} /^udp:$/ {inIP=0;inTCP=0;inUDP=1} {if (NF==1 && $1 !~ /^ip:$|^udp:$|^tcp:$/) inIP=inTCP=inUDP=0}'
-	# shellcheck disable=SC2016
-	SECTION_IP='inIP && /output packets? (dropped|discarded)/ {IPdropped+=$1}'
-	# shellcheck disable=SC2016
-	SECTION_TCP='inTCP && /data packet.* bytes\) retransmitted$/ {TCPrexmits=$1} inTCP && /out-of-order packets?/ {TCPreorder=$1} inTCP && /packets? received$/ {TCPpktRecv=$1} inTCP && /packets? sent/ {TCPpktSent=$1}'
-	# shellcheck disable=SC2016
-	SECTION_UDP='inUDP && /datagrams? received$/ {UDPpktRecv=$1} inUDP && /datagrams? output$/ {UDPpktSent=$1} inUDP && /dropped due to full socket buffers$/ {UDPpktLost=$1} inUDP && /dropped due to no socket$/ {UDPunkPort=$1}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	# shellcheck disable=SC2016
-	FIGURE_SECTION='/^ip:$/ {inIP=1;inTCP=0;inUDP=0} /^tcp:$/ {inIP=0;inTCP=1;inUDP=0} /^udp:$/ {inIP=0;inTCP=0;inUDP=1} {if (NF==1 && $1 !~ /^ip:$|^udp:$|^tcp:$/) inIP=inTCP=inUDP=0}'
-	# shellcheck disable=SC2016
-	SECTION_IP='inIP && /output packets? (dropped|discarded)/ {IPdropped+=$1}'
-	# shellcheck disable=SC2016
-	SECTION_TCP='inTCP && /data packets? .* retransmitted/ {TCPrexmits=$1} inTCP && /out-of-order packets?/ {TCPreorder=$1} inTCP && /packets? received$/ {TCPpktRecv=$1} inTCP && /packets? sent/ {TCPpktSent=$1}'
-	# shellcheck disable=SC2016
-	SECTION_UDP='inUDP && /datagrams? received$/ {UDPpktRecv=$1} inUDP && /datagrams? output$/ {UDPpktSent=$1} inUDP && /dropped due to full socket buffers$/ {UDPpktLost=$1} inUDP && /dropped due to no socket$/ {UDPunkPort=$1}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-	# shellcheck disable=SC2016
-    FIGURE_SECTION='/^ip:$/ {inIP=1;inTCP=0;inUDP=0} /^tcp(Ext)?:$/ {inIP=0;inTCP=1;inUDP=0} /^udp:$/ {inIP=0;inTCP=0;inUDP=1} {if (NF==1 && $1 !~ /^ip:$|^udp:$|^tcp(Ext)?:$/) inIP=inTCP=inUDP=0}'
-	# shellcheck disable=SC2016
-    SECTION_IP='inIP && /fragments dropped/ {IPdropped=$1}'
-	# shellcheck disable=SC2016
-    SECTION_TCP='inTCP && /retransmited$/ {TCPrexmits=$1} inTCP && /out of order/ {TCPreorder=$1} inTCP && /[0-9] packets received$/ {TCPpktRecv=$1} inTCP && /[0-9] packets sent$/ {TCPpktSent=$1}'
-	# shellcheck disable=SC2016
-    SECTION_UDP='inUDP && /packets received/ {UDPpktRecv=$1} inUDP && /packets sent/ {UDPpktSent=$1} inUDP && /packet receive errors/ {UDPpktLost=$1} inUDP && /packets to unknown port received/ {UDPunkPort=$1}'
- elif [ "$KERNEL" = "FreeBSD" ] ; then
- 	# shellcheck disable=SC2016
-	FIGURE_SECTION='/^ip:$/ {inIP=1;inTCP=0;inUDP=0} /^tcp:$/ {inIP=0;inTCP=1;inUDP=0} /^udp:$/ {inIP=0;inTCP=0;inUDP=1} {if (NF==1 && $1 !~ /^ip:$|^udp:$|^tcp:$/) inIP=inTCP=inUDP=0}'
-	# shellcheck disable=SC2016
-	SECTION_IP='inIP && /output packets? (dropped|discarded)/ {IPdropped+=$1}'
-	# shellcheck disable=SC2016
-	SECTION_TCP='inTCP && /data packet.* bytes\) retransmitted$/ {TCPrexmits=$1} inTCP && /out-of-order packets?/ {TCPreorder=$1} inTCP && /packets? received$/ {TCPpktRecv=$1} inTCP && /packets? sent/ {TCPpktSent=$1}'
-	# shellcheck disable=SC2016
-	SECTION_UDP='inUDP && /datagrams? received$/ {UDPpktRecv=$1} inUDP && /datagrams? output$/ {UDPpktSent=$1} inUDP && /dropped due to full socket buffers$/ {UDPpktLost=$1} inUDP && /dropped due to no socket$/ {UDPunkPort=$1}'
-fi
-
-assertHaveCommand "$CMD"
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FIGURE_SECTION $COMMON $SECTION_IP $SECTION_TCP $SECTION_UDP $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FIGURE_SECTION $COMMON $SECTION_IP $SECTION_TCP $SECTION_UDP $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps.sh
deleted file mode 100755
index 56816d6d..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# shellcheck disable=SC2166
-if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then
-    assertHaveCommand ps
-    CMD='ps auxww'
-elif [ "$KERNEL" = "AIX" ] ; then
-    assertHaveCommandGivenPath /usr/sysv/bin/ps
-    CMD='/usr/sysv/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'
-elif [ "$KERNEL" = "SunOS" ] ; then
-    assertHaveCommandGivenPath /usr/bin/ps
-    CMD='/usr/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    HEADER='USER               PID   PSR   pctCPU       CPUTIME  pctMEM     RSZ_KB     VSZ_KB   TTY      S       ELAPSED  COMMAND             ARGS'
-    # shellcheck disable=SC2016
-    FORMAT='{sub("^_", "", $1); if (NF>12) {args=$13; for (j=14; j<=NF; j++) args = args "_" $j} else args="<noArgs>"; sub("^[^\134[: -]*/", "", $12)}'
-    # shellcheck disable=SC2016
-    PRINTF='{if (NR == 1) {print $0} else {printf "%32.32s  %6s  %4s   %6s  %12s  %6s   %8s   %8s   %-7.7s  %1.1s  %12s  %-100.100s  %s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, args}}'
-    # shellcheck disable=SC2016
-    HEADERIZE='{NR == 1 && $0 = header}'
-
-    assertHaveCommand ps
-    export UNIX95=1
-    CMD='ps -e -o ruser,pid,pset,pcpu,time,vsz,tty,state,etime,args'
-    # shellcheck disable=SC2016
-    FORMAT='{sub("^_", "", $1); if (NF>12) {args=$13; for (j=14; j<=NF; j++) args = args "_" $j} else args="<noArgs>"; sub("^[\[\]]", "", $11)}'
-    # shellcheck disable=SC2016
-    PRINTF='{if (NR == 1) {print $0} else {printf "%-14.14s  %6s  %4s   %6s  %12s  %6s   %8s   %8s   %-7.7s  %1.1s  %12s  %-18.18s  %s\n", $1, $2, $3, $4, $5, "?", "?", $6, $7, $8, $9, $10, $11, arg}}'
-
-    $CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FORMAT $PRINTF"  header="$HEADER"
-    echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
-    exit
-fi
-
-# shellcheck disable=SC2016
-# awk logic for adding extra field ARGS with underscore delimiter
-ARGS_FORMAT='BEGIN {OFS = "    ";} # specify output field separator
-{
-    if (NR == 1) # Add extra header/field ARGS in first (header) row
-    {
-        command_column = NF;
-        $(NF+1) = "ARGS";
-    }
-    else
-    {
-        # If arguments exist, then append all with underscore delimeter, else specify <noArgs>
-        if ($(command_column+1) != "")
-        {
-            args = $(command_column+1);
-            for (i=command_column+2; i<=NF; i++)
-            {
-                args = args "_" $i;
-                $i = "";
-            }
-            $(command_column+1) = args;
-        }
-        else
-        {
-            $(command_column+1) = "<noArgs>";
-        }
-
-        # Remove trailing white spaces if any
-        sub(/[ \t]+$/,"",$0);
-    }
-    print;
-}'
-
-# Execute the command
-$CMD | tee "$TEE_DEST" | $AWK "$ARGS_FORMAT"
-
-echo "Cmd = [$CMD]; $AWK '$ARGS_FORMAT'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps_metric.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps_metric.sh
deleted file mode 100755
index 48554522..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/ps_metric.sh
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# jscpd:ignore-start
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# shellcheck disable=SC2166
-if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then
-    assertHaveCommand ps
-    CMD='ps auxww'
-    if [ "$KERNEL" = "Linux" ] ; then
-        if [ ! -f "/etc/os-release" ] ; then
-            DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
-        else
-            DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
-        fi
-    elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then
-        # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-        DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-    fi
-elif [ "$KERNEL" = "AIX" ] ; then
-    assertHaveCommandGivenPath /usr/sysv/bin/ps
-    CMD='/usr/sysv/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'
-    # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(oslevel -r | cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-elif [ "$KERNEL" = "SunOS" ] ; then
-    assertHaveCommandGivenPath /usr/bin/ps
-    CMD='/usr/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'
-    # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    HEADER='USER                                   PID   PSR   pctCPU       CPUTIME  pctMEM     RSZ_KB     VSZ_KB   TTY      S          ELAPSED    OSName                                   OS_version  IP_address        COMMAND             ARGS'
-    # shellcheck disable=SC2016
-    FORMAT='{sub("^_", "", $1); if (NF>12) {args=$13; for (j=14; j<=NF; j++) args = args "_" $j} else args="<noArgs>"; sub("^[^\134[: -]*/", "", $12);OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-    # shellcheck disable=SC2016
-    PRINTF='{if (NR == 1) {print $0} else {printf "%-32.32s  %8s  %4s   %6s  %12s  %6s   %8s   %8s   %-7.7s  %1.1s  %15s    %-35s %15s  %-16s  %-100.100s  %s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, OSName, OS_version, IP_address, $12, args}}'
-    FILL_DIMENSIONS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"}'
-    # shellcheck disable=SC2016
-    HEADERIZE='{NR == 1 && $0 = header}'
-
-    assertHaveCommand ps
-    export UNIX95=1
-    CMD='ps -e -o ruser,pid,pset,pcpu,time,vsz,tty,state,etime,args'
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	# shellcheck disable=SC2016
-    FORMAT='{sub("^_", "", $1); if (NF>12) {args=$13; for (j=14; j<=NF; j++) args = args "_" $j} else args="<noArgs>"; sub("^[\[\]]", "", $11);OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
-    # shellcheck disable=SC2016
-    PRINTF='if (NR == 1) {print $0} else {printf "%-14.14s  %6s  %4s   %6s  %12s  %6s   %8s   %8s   %-7.7s  %1.1s  %12s    %-35s %15s  %-16s  %-18.18s  %s\n", $1, $2, $3, $4, $5, "?", "?", $6, $7, $8, $9, $10, OSName, OS_version, IP_address, $11, arg}}'
-
-    # shellcheck disable=SC2086
-    $CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $FILL_DIMENSIONS $FORMAT $PRINTF"  header="$HEADER"
-    echo "Cmd = [$CMD];  | $AWK $DEFINE '$HEADERIZE $FILL_DIMENSIONS $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
-    exit
-fi
-
-# shellcheck disable=SC2016
-# awk logic for adding extra field ARGS with underscore delimiter and OSName, OS_version, IP_address
-FORMAT='BEGIN {OFS = "    ";} # specify output field separator
-{
-    if (NR == 1) # Add extra headers/fields - ARGS,OSName,OS_version,IP_address in first (header) row
-    {
-        # Replace TIME with CPUTIME to solve field extraction issue (metrics index)
-		sub("TIME","CPUTIME",$0);
-
-        command_column = NF;
-        $(NF+1) = "ARGS";
-        $(NF+1) = "OSName";
-        $(NF+1) = "OS_version";
-        $(NF+1) = "IP_address";
-        $(NF+1) = "IPv6_Address";
-
-    }
-    else
-    {
-        # If arguments exist, then append all with underscore delimeter, else specify <noArgs>
-        if ($(command_column+1) != "")
-        {
-            args = $(command_column+1);
-            for (i=command_column+2; i<=NF; i++)
-            {
-                args = args "_" $i;
-                $i = "";
-            }
-            $(command_column+1) = args;
-        }
-        else
-        {
-            $(command_column+1) = "<noArgs>";
-        }
-
-        # Append OSName, OS_version, IP_address values in the last three columns
-        if (OSName == "") {$(command_column+2) = "?";} else {$(command_column+2) = OSName;}
-        if (OS_version == "") {$(command_column+3) = "?";} else {$(command_column+3) = OS_version;}
-        if (IP_address == "") {$(command_column+4) = "?";} else {$(command_column+4) = IP_address;}
-        if (IPv6_Address == "") {$(command_column+5) = "?";} else {$(command_column+5) = IPv6_Address;}
-
-        # Remove trailing white spaces if any
-        sub(/[ \t]+$/,"",$0);
-    }
-    print;
-}'
-
-# shellcheck disable=SC2086
-# Execute the command
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FORMAT"
-
-echo "Cmd = [$CMD]; $AWK $DEFINE '$FORMAT'" >> "$TEE_DEST"
-# jscpd:ignore-end
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/rlog.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/rlog.sh
deleted file mode 100755
index f1fa92b2..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/rlog.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-#
-# credit for improvement to http://splunk-base.splunk.com/answers/41391/rlogsh-using-too-much-cpu
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-OLD_SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seekfile # For handling upgrade scenarios
-CURRENT_AUDIT_FILE=/var/log/audit/audit.log # For handling upgrade scenarios
-SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seektime
-TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_rlog_error_tmpfile # For filering out "no matches" error from stderr
-AUDIT_FILE="/var/log/audit/audit.log*"
-
-if [ "$KERNEL" = "Linux" ] ; then
-    assertHaveCommand service
-    assertHaveCommandGivenPath /sbin/ausearch
-    if [ -n "$(service auditd status 2>/dev/null)" ] && [ "$(service auditd status 2>/dev/null)" ] ; then
-            CURRENT_TIME=$(date --date="1 seconds ago"  "+%x %T") # 1 second ago to avoid data loss
-
-            if [ -e "$SEEK_FILE" ] ; then
-                SEEK_TIME=$(head -1 "$SEEK_FILE")
-                # shellcheck disable=SC2086
-                awk " { print } " $AUDIT_FILE | /sbin/ausearch -i -ts $SEEK_TIME -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----";
-                # shellcheck disable=SC2086
-                grep -v "<no matches>" < $TMP_ERROR_FILTER_FILE 1>&2
-
-            elif [ -e "$OLD_SEEK_FILE" ] ; then
-                rm -rf "$OLD_SEEK_FILE" # remove previous checkpoint
-                # start ingesting from the first entry of current audit file
-                # shellcheck disable=SC2086
-                awk ' { print } ' $CURRENT_AUDIT_FILE | /sbin/ausearch -i -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----";
-                # shellcheck disable=SC2086
-                grep -v "<no matches>" <$TMP_ERROR_FILTER_FILE 1>&2
-
-            else
-                # no checkpoint found
-                # shellcheck disable=SC2086
-                awk " { print } " $AUDIT_FILE | /sbin/ausearch -i -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----";
-                # shellcheck disable=SC2086
-                grep -v "<no matches>" <$TMP_ERROR_FILTER_FILE 1>&2
-            fi
-            echo "$CURRENT_TIME" > "$SEEK_FILE" # Checkpoint+
-
-    else   # Added this condition to get error logs
-        echo "error occured while running 'service auditd status' command in rlog.sh script. Output : $(service auditd status). Command exited with exit code $?" 1>&2
-    fi
-    # remove temporary error redirection file if it exists
-    # shellcheck disable=SC2086
-    rm $TMP_ERROR_FILTER_FILE 2>/dev/null
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-    :
-elif [ "$KERNEL" = "Darwin" ] ; then
-    :
-elif [ "$KERNEL" = "HP-UX" ] ; then
-	:
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	:
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/selinuxChecker.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/selinuxChecker.sh
deleted file mode 100755
index b213dd8c..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/selinuxChecker.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_selinux_error_tmpfile # For filtering out awk warning from stderr
-PRINTF='END {printf "%s app=selinux %s %s %s %s\n", DATE, FILEHASH, SELINUX, SELINUXTYPE, SETLOCALDEFS}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-        if [ -f /etc/sysconfig/selinux ] ; then
-           SELINUX_FILE=/etc/sysconfig/selinux
-        elif [ -f /etc/selinux/config ] ; then
-        # shellcheck disable=SC2034
-           SELINUX_FILE=/etc/selinux/config
-        else
-              echo "SELinux not configured."  >> "$TEE_DEST"
-              exit 1
-        fi
-
-        assertHaveCommand cat
-
-        # Get file hash
-        # shellcheck disable=SC2016
-        CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256 $SELINUX_FILE ; cat $SELINUX_FILE'
-
-        # Get the date.
-        # shellcheck disable=SC2016
-        PARSE_0='NR==1 {DATE=$0}'
-
-        # Try to use cross-platform case-insensitive matching for text. Note
-        # that "match", "tolower", IGNORECASE and other common awk commands or
-        # options are actually nawk/gawk extensions so avoid them if possible.
-        # shellcheck disable=SC2016
-        PARSE_1='/^[Ss][Ee][Ll][Ii][Nn][Uu][Xx]\=/ { SELINUX="selinux=" substr($0,index($0,"=")+1,length($0)) } '
-        # shellcheck disable=SC2016
-        PARSE_2='/^[Ss][Ee][Ll][Ii][Nn][Uu][Xx][Tt][Yy][Pp][Ee]\=/ { SELINUXTYPE="selinuxtype=" substr($0,index($0,"=")+1,length($0)) } '
-        # shellcheck disable=SC2016
-        PARSE_3='/^[Ss][Ee][Tt][Ll][Oo][Cc][Aa][Ll][Dd][Ee][Ff][Ss]\=/ { SETLOCALDEFS="setlocaldefs=" substr($0,index($0,"=")+1,length($0)) } '
-        # shellcheck disable=SC2016
-        PARSE_4='/^SHA256/ {FILEHASH="file_hash=" $2}'
-
-        MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4"
-
-
-        # shellcheck disable=SC2086
-        $CMD | tee "$TEE_DEST" | $AWK "$MESSAGE $PRINTF" 2> $TMP_ERROR_FILTER_FILE
-        # shellcheck disable=SC2086
-        grep -v "warning: regexp escape sequence" < $TMP_ERROR_FILTER_FILE 1>&2
-        # shellcheck disable=SC2086
-        rm $TMP_ERROR_FILTER_FILE 2>/dev/null
-
-        echo "Cmd = [$CMD];  | $AWK '$MESSAGE $PRINTF'" >> "$TEE_DEST"
-
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/service.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/service.sh
deleted file mode 100755
index d5c620c9..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/service.sh
+++ /dev/null
@@ -1,196 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# In AWK scripts in this file, the following are true:
-# 	FULLTEXT is used to capture the output for SHA256 checksum generation.
-# 	SPLUNKD is used to determine Splunk service status.
-
-if [ "$KERNEL" = "Linux" ] ; then
-	if ! queryHaveCommand systemctl; then
-		assertHaveCommand date
-		assertHaveCommand chkconfig
-		CMD='eval date ; /sbin/chkconfig --list'
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {DATE=$0 ; FULLTEXT=""}'
-		# shellcheck disable=SC2016
-		PARSE_1='NR>1 {
-			FULLTEXT = FULLTEXT $0 "\n"
-			split($0, ARR)
-			EVT="app=" ARR[1]
-			for (i=0 ; i<7 ; i++) {
-				split(ARR[i+2], STATE, ":")
-				EVT = EVT " runlevel" i "=" STATE[2]
-			}
-			if (ARR[1] ~ /[Ss][Pp][Ll][Uu][Nn][Kk]/) { SPLUNKD=1 }
-			printf "%s type=chkconfig %s\n", DATE, EVT
-		}'
-		MASSAGE="$PARSE_0 $PARSE_1"
-
-		# Send the collected full text to openssl; this avoids any timing discrepancies
-		# between when the information is collected and when we process it.
-		# shellcheck disable=SC2016
-		POSTPROCESS='END {
-			if (SPLUNKD==0) { printf "%s app=\"Splunk\" StartMode=Disabled\n", DATE }
-			printf "%s %s", DATE, "file_hash="
-			printf "%s", FULLTEXT | "LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256"
-		}'
-	else
-		assertHaveCommand systemctl
-		assertHaveCommand date
-
-		# Run the systemctl command to get all units and their state
-		CMD='eval date; systemctl list-units --type=service --all'
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {DATE=$0}'
-		# shellcheck disable=SC2016
-		PARSE_1='
-			# On header row, get lengths to the fields
-			 NR==2  {
-				match($0, /^ */); leading=RLENGTH;
-				match($0, /^.*DESC/); desclen=RLENGTH-4;
-				FULLTEXT="";
-				next;
-			}'
-		# shellcheck disable=SC2016
-		PARSE_2='(NR > 2){
-			# Stop at the empty line
-			if ( !NF ) { exit; }
-			# Skip the leading spaces
-			$0 = substr( $0, leading );
-			# the description spans fields so catch it seperately
-			desc=substr( $0, desclen );
-			FULLTEXT = FULLTEXT $0 "\n"
-			if ($1 ~ /[Ss][Pp][Ll][Uu][Nn][Kk]/) { SPLUNKD=1 }
-			printf "%s type=systemctl UNIT=%s, LOADED=%s, ACTIVE=%s, SUB=%s, DESCRIPTION=\"%s\" \n",DATE, $1, $2, $3, $4, desc
-		}'
-		MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2"
-		# shellcheck disable=SC2016
-		POSTPROCESS='END {
-			if (SPLUNKD==0) { printf "%s app=\"Splunk\" StartMode=Disabled\n", DATE }
-			printf "%s %s", DATE, "file_hash="
-			printf "%s", FULLTEXT | "LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256"
-		}'
-	fi
-
-elif [ "$KERNEL" = "SunOS" ] ; then
-	assertHaveCommand date
-	assertHaveCommand svcs
-
-	CMD='eval date ; svcs -H -a -o STATE,FMRI'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {DATE=$0 ; FULLTEXT=""}'
-	# shellcheck disable=SC2016
-	PARSE_1='NR>1 {
-		STATE="State=\""$1"\""
-		idx=index($2,":")
-		STARTNAME="StartName=\""substr($2,0,idx-1)"\""
-		APP="app=\""substr($2,idx+1)"\""
-		FULLTEXT=FULLTEXT $0 "\n"
-	}'
-	PARSE_2='/^legacy_run/ {
-		STARTMODE="StartMode=\"Auto\""
-	}'
-	PARSE_3='/^online/ {
-		STARTMODE="StartMode=\"Auto\""
-		STATE="State=\"Running\""
-	}'
-	PARSE_4='/^disabled/ {
-		STARTMODE="StartMode=\"Disabled\""
-		STATE="State=\"Stopped\""
-	}'
-
-	INLINE_PRINT='NR>1 && APP!=0 {printf "%s %s %s %s %s\n", DATE, APP, STARTMODE, STARTNAME, STATE}'
-
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $INLINE_PRINT"
-
-	# Send the collected full text to openssl; this avoids any timing discrepancies
-	# between when the information is collected and when we process it.
-	# shellcheck disable=SC2016
-	POSTPROCESS='END {
-		if (SPLUNKD==0) { printf "%s app=\"Splunk\" StartMode=Disabled\n", DATE }
-		printf "%s %s", DATE, "file_hash="
-		printf "%s", FULLTEXT | "LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256"
-	}'
-
-elif [ "$KERNEL" = "Darwin" ] ; then
-
-	assertHaveCommand date
-	assertHaveCommand defaults
-	assertHaveCommand dscl
-	assertHaveCommand find
-	assertHaveCommand ls
-
-	# Get startup items
-	CMD='eval date ; ls -1 /System/Library/StartupItems/ /Library/StartupItems/'
-	# Get per-user startup items
-	# shellcheck disable=SC2044
-	for PLIST_FILE in $(find /Users -name "loginwindow.plist") ; do
-		CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE
-	done
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {DATE=$0}'
-	# Retrieve path for system startup items
-	# shellcheck disable=SC2016
-	PARSE_1='/^\/(System|Library)/ {
-		split($0, tmparr, ":")
-		PATH="file_path=\""tmparr[1]
-		USER=0
-		START_MODE="StartMode=Auto"
-		START_TYPE="StartType=startup"
-	}'
-
-	# Retrieve user information for user startup items.
-	# shellcheck disable=SC2016
-	PARSE_2='/^\/Users/ {
-		split($0, tmparr, "/")
-		USER="user=" tmparr[3]
-		START_MODE="StartMode=Auto"
-		START_TYPE="StartType=login"
-	}'
-
-	# Retrieve the path for user startup items.
-	# shellcheck disable=SC2016
-	PARSE_3='/[[:blank:]]*Path/ {
-		split($0, path_arr, "=")
-		num=split(path_arr[2], app_arr, "/")
-		split(app_arr[num], app_final, ".")
-		split(path_arr[2], path_final, "\"")
-		APP="app=\"" app_final[1] "\""
-		FILE_PATH="file_path=\"" path_final[2] "\""
-
-		# Only print if we find a path.
-		printf "%s %s %s %s %s %s\n", DATE, APP, START_MODE, START_TYPE, FILE_PATH, USER
-
-		# Note that we found splunkd if app matches
-		if (APP ~ /[Ss][Pp][Ll][Uu][Nn][Kk]/) { SPLUNKD=1 }
-	}'
-
-	# Retrieve the system startup item name from the output of "ls -1"
-	# shellcheck disable=SC2016
-	PARSE_4='/^[^\/]/ {
-		if (NR>1 && USER==0 && NF > 0) {
-			APP="app=\""$0"\""
-			PATH=PATH$0"\""
-			printf "%s %s %s %s %s\n", DATE, APP, START_MODE, START_TYPE, PATH
-		}
-
-		# Note that we found splunkd if app matches
-		if (APP ~ /[Ss][Pp][Ll][Uu][Nn][Kk]/) { SPLUNKD=1 }
-
-	}'
-
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4"
-
-	POSTPROCESS='END { if (SPLUNKD==0) { printf "%s app=\"Splunk\" StartMode=Disabled\n", DATE } }'
-
-else
-	# Exits
-	failUnsupportedScript
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$MASSAGE $POSTPROCESS"
-echo "Cmd = [$CMD];  | $AWK '$MASSAGE $POSTPROCESS'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setup.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setup.sh
deleted file mode 100755
index 3b1ef920..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setup.sh
+++ /dev/null
@@ -1,1276 +0,0 @@
-#!/usr/bin/env bash
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-function build_scripted_input_endpoint()
-# build a command name suitable for use in a REST target
-{
-    temp=`echo $1 | awk -F"/" '{print $NF}'`
-    echo ".%252Fbin%252F"$temp
-}
-
-function build_monitor_input_endpoint()
-# build a path name suitable for use in a REST target
-{
-    echo `echo $1 |  sed -e 's/\//%252F/g'`
-}
-
-function get_interval()
-# get the given scripted input's interval
-{
-    interval=$(get_scripted_input_rest_value "$1" 'interval')
-    echo $interval
-}
-
-function set_interval()
-# set the given scripted input's interval
-{
-    set_scripted_input_rest_value "$1" "interval" "$2"
-}
-
-function set_metric_index()
-# set the index for the given metric input
-{
-    set_scripted_input_rest_value "$1" "index" "$2"
-}
-
-function get_server_name
-# get the server_name from 'show servername' cli
-{
-    if [ $remote_server_uri != "false" ]; then
-        echo `$SPLUNK_HOME/bin/splunk show servername -uri $remote_server_uri | $AWK {'print $3'}`
-    else
-        echo `$SPLUNK_HOME/bin/splunk show servername | $AWK {'print $3'}`
-    fi
-}
-
-function internal_call()
-# low-level internal call handler
-{
-    if [ $remote_server_uri != "false" ]; then
-        echo `$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/$1/$2 -uri $remote_server_uri`
-    else
-        echo `$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/$1/$2`
-    fi
-}
-
-function get_monitor_disabled_value()
-{
-    temp=$(internal_call 'monitor' "$1")
-    for l in $temp; do
-        case $l in
-            *name=?disabled*) echo `echo $l | grep "name=\"disabled" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' -e "s/name=\"disabled\">//" -e 's/<\/s:key>//g'`; break;;
-        esac
-    done
-}
-
-function get_monitor_status()
-{
-    echo "$input_counter) $1"
-    input_endpoint=$(build_monitor_input_endpoint "$1")
-    rest_value=$(get_monitor_disabled_value "$input_endpoint")
-    case $rest_value in
-        0)  echo "          enabled: *** disabled:     ";;
-        1)  echo "          enabled:     disabled: *** ";;
-    esac
-}
-
-function get_scripted_input_rest_value()
-# given an scripted input endpoint and a key, set to $rest_value
-{
-    if [ $remote_server_uri != "false" ]; then
-        echo `$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/script/$1 -uri $remote_server_uri | grep "name=\"$2" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' -e "s/<s:key name=\"$2\">//" -e 's/<\/s:key>//g'`
-    else
-        echo `$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/script/$1 | grep "name=\"$2" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' -e "s/<s:key name=\"$2\">//" -e 's/<\/s:key>//g'`
-    fi
-}
-
-function handle_rest_response()
-# handle the rest response
-{
-    case $1 in
-        *HTTP?Status:?200.*) echo "    $2 successful"; echo "";;
-        *) echo "    $2 failed"; echo "";res="failure";;
-    esac
-}
-function set_scripted_input_rest_value()
-# given an endpoint and a post string, set the value
-{
-    setter_response=
-    if [ $remote_server_uri != "false" ]; then
-        setter_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/script/$1 -uri $remote_server_uri -post:$2 $3`
-    else
-        setter_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/script/$1 -post:$2 $3`
-    fi
-    handle_rest_response "$setter_response" "update"
-}
-
-function enable_monitor_input()
-# given a monitor input, enable it
-{
-    enable_response=
-    if [ $remote_server_uri != "false" ]; then
-        enable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/monitor/$1/enable -uri $remote_server_uri -method POST`
-    else
-        enable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/monitor/$1/enable -method POST`
-    fi
-    handle_rest_response "$enable_response" "enable"
-}
-
-function disable_monitor_input()
-# given a monitor input, disable it
-{
-    disable_response=
-    if [ $remote_server_uri != "false" ]; then
-        disable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/monitor/$1/disable -uri $remote_server_uri -method POST`
-    else
-        disable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/monitor/$1/disable -method POST`
-    fi
-    handle_rest_response "$disable_response" "disable"
-}
-function enable_scripted_input()
-# given a script name, enable it
-{
-    enable_response=
-    if [ $remote_server_uri != "false" ]; then
-        enable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/script/$1/enable -uri $remote_server_uri -method POST`
-    else
-        enable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/script/$1/enable -method POST`
-    fi
-    handle_rest_response "$enable_response" "enable"
-}
-
-function disable_scripted_input()
-# given a script name, disable it
-{
-    disable_response=
-    if [ $remote_server_uri != "false" ]; then
-        disable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$remote_server_app_name/data/inputs/script/$1/disable -uri $remote_server_uri -method POST`
-    else
-        disable_response=`$SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/$server_app_name/data/inputs/script/$1/disable -method POST`
-    fi
-    handle_rest_response "$disable_response" "disable"
-}
-
-function update_app()
-# updates the given app
-{
-    if [ $remote_server_uri != "false" ]; then
-        install_response=`$SPLUNK_HOME/bin/splunk install app $1 -update true --uri $remote_server`
-        case "$install_response" in
-            *is?installed.* ) echo "    app install successful"; echo "";;
-            *n?error?occurred:*) echo "    app install failed"; echo "";;
-        esac
-    else
-        install_response=`$SPLUNK_HOME/bin/splunk install app $1 -update true`
-        case "$install_response" in
-            *is?installed.* ) echo "    app install successful"; echo "";;
-            *n?error?occurred:*) echo "    app install failed"; echo "";;
-        esac
-    fi
-}
-
-function install_app()
-# installs the app residing at the given remote path
-{
-    if [ $remote_server_uri != "false" ]; then
-        install_response=`$SPLUNK_HOME/bin/splunk install app $1 -uri $remote_server_uri`
-        case "$install_response" in
-            *is?installed.* ) echo "    app install successful"; echo "";;
-            *install?anywa* ) echo "    app already installed.  Attempting to upgrade"; update_app "$1";;
-            *n?error?occurred:*) echo "    app install failed - the URI provided was not found"; echo "";;
-            * ) echo "ERROR: $install_response";;
-        esac
-    else
-        install_response=`$SPLUNK_HOME/bin/splunk install app $1`
-        case "$install_response" in
-            *is?installed.* ) echo "    app install successful"; echo "";;
-            *install?anywa* ) echo "    app already installed.  Attempting to upgrade"; update_app "$1";;
-            *n?error?occurred:*) echo "    app install failed - the URI provided was not found"; echo "";;
-            * ) echo "ERROR: $install_response";;
-        esac
-    fi
-}
-
-function get_scripted_input_status()
-# given an input, get the enabled/disabled
-# status and, if enabled, the interval
-{
-    echo "$input_counter) $1"
-    input_endpoint=$(build_scripted_input_endpoint "$1")
-    rest_value=$(get_scripted_input_rest_value "$input_endpoint" 'disabled')
-    index_value=$(get_scripted_input_rest_value "$input_endpoint" 'index')
-    if [ "$rest_value" = "0" ]; then
-        interval=$(get_interval "$input_endpoint")
-        if [ "$interval" != "false" ]; then
-            echo "          enabled: *** disabled:      interval: $interval      index: $index_value"
-        else
-            echo "          enabled: *** disabled:      index: $index_value"
-        fi
-
-    else
-        echo "          enabled:     disabled: ***      index: $index_value"
-    fi
-}
-
-function get_script_list
-# sets the scripted input list in $output
-{
-    if [ $remote_server_uri != "false" ]; then
-       echo `$SPLUNK_HOME/bin/splunk list exec -uri "$remote_server_uri"`
-    else
-       echo `$SPLUNK_HOME/bin/splunk list exec`
-    fi
-}
-
-function show_inputs
-# show input status parsed from 'list exec'
-# if enabled show the interval and last run time
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > SHOW INPUT STATUS ***"
-    echo ""
-    input_counter=0
-    echo " Scripted Inputs:"
-    echo ""
-    script_list=$(get_script_list)
-    for line in $script_list; do
-        case "$line" in
-           *unix* | *Splunk_TA_nix* ) get_scripted_input_status "$line"; input_counter=`expr $input_counter + 1`;
-        esac
-    done
-    echo ""
-    echo " Monitor Inputs:"
-    echo ""
-    for line in $MONITOR_INPUTS; do
-        get_monitor_status "$line"
-        input_counter=`expr $input_counter + 1`
-    done
-}
-
-function enable_all_inputs
-#enables all endpoints
-{
-    oldIFS=$IFS
-    IFS='
-    '
-    script_list=$(get_script_list)
-    for line in $script_list; do
-        res="success"
-        flag=0
-        if [[ $line == *"_metric"* && ! -z $1 ]]; then
-            input_endpoint=$(build_scripted_input_endpoint "$line")
-            echo "updating index of $line to $1"
-            set_metric_index "$input_endpoint" "$1"
-            flag=1
-        fi
-        if [ "$res" == "success" ] && [[ ( $line != *"_metric"* || $flag == 1 ) ]]; then
-            case "$line" in
-            *unix* | *Splunk_TA_nix* ) echo "enabling $line"; input_endpoint=$(build_scripted_input_endpoint "$line"); enable_scripted_input $input_endpoint;;
-            esac
-        fi
-    done
-    for line in $MONITOR_INPUTS; do
-        echo "enabling $line"
-        input_endpoint=$(build_monitor_input_endpoint "$line")
-        enable_monitor_input $input_endpoint
-    done
-    IFS=$oldIFS
-    echo ""
-}
-
-function disable_all_inputs
-# disables all inputs
-{
-    #oldIFS=$IFS
-    #IFS='
-    #'
-    script_list=$(get_script_list)
-    for line in $script_list; do
-        case "$line" in
-           *unix* | *Splunk_TA_nix* ) echo "disabling $line"; input_endpoint=$(build_scripted_input_endpoint "$line"); disable_scripted_input $input_endpoint;;
-        esac
-    done
-    for line in $MONITOR_INPUTS; do
-        echo "disabling $line"
-        input_endpoint=$(build_monitor_input_endpoint "$line")
-        disable_monitor_input "$input_endpoint"
-    done
-    #IFS=$oldIFS
-    echo ""
-}
-
-function set_remote_input()
-# set the given configuration on the remote host
-{
-    _input_type=
-    _input=
-    _disabled=
-    for value in $1; do
-        if [ ! -n "$_input_type" ]; then
-            _input_type="$value"
-        else
-            if [ "$_input_type" == "monitor" ]; then
-                if [ ! -n "$_input" ]; then
-                    _input="$value"
-                else
-                    if [ "$value" == "1" ]; then
-                        disable_monitor_input "$_input"
-                    else
-                        enable_monitor_input "$_input"
-                    fi
-                fi
-            else
-                if [ ! -n "$_input" ]; then
-                    _input="$value"
-                else
-                    if [ ! -n "$_disabled" ]; then
-                        _disabled="$value"
-                    else
-                        if [ "$_disabled" == "1" ]; then
-                            disable_scripted_input "$_input"
-                        else
-                            enable_scripted_input "$_input"
-                            set_interval "$_input" "$value"
-                        fi
-                    fi
-                fi
-            fi
-        fi
-    done
-}
-
-function monitor_clone()
-# clone monitor input
-{
-    _remote_server_uri=$remote_server_uri
-    remote_server_uri="false"
-    input_endpoint=$(build_monitor_input_endpoint "$1")
-    rest_value=$(get_monitor_disabled_value "$input_endpoint")
-    remote_server_uri=$_remote_server_uri
-    set_remote_input "monitor $input_endpoint $rest_value"
-}
-
-function scripted_clone()
-# clone scripted input
-{
-    interval=
-    _remote_server_uri=$remote_server_uri
-    remote_server_uri="false"
-    input_endpoint=$(build_scripted_input_endpoint "$1")
-    rest_value=$(get_scripted_input_rest_value "$input_endpoint" 'disabled')
-    remote_server_uri=$_remote_server_uri
-    if [ "$rest_value" = "0" ]; then
-        interval=$(get_interval "$input_endpoint")
-        set_remote_input "scripted $input_endpoint $rest_value $interval"
-    else
-        set_remote_input "scripted $input_endpoint $rest_value"
-    fi
-}
-
-function clone_all_inputs
-# clone all inputs from local to remote_server_uri
-{
-    if [ $_remote_server_uri == "false" ]; then
-        echo ""
-        echo "    No remote server is set"
-        echo ""
-        echo "    Please specify a remote server through the main menu"
-        echo "    or via command line arguments in order to clone inputs"
-        echo ""
-    else
-        echo ""
-        echo "    copying local input configuration to $server_name"
-        echo ""
-        echo "    Please be patient, this might take a minute..."
-        echo ""
-        script_list=$(get_script_list)
-        for line in $script_list; do
-            case "$line" in
-                *unix* | *Splunk_TA_nix* ) echo ""; echo "    cloning $line to $server_name"; echo ""; scripted_clone "$line"
-            esac
-        done
-        for line in $MONITOR_INPUTS; do
-            echo ""
-            echo "    cloning $line to $server_name"
-            echo ""
-            monitor_clone "$line"
-        done
-    fi
-}
-
-function enable_all_menu
-# batch enable all inputs
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > ENABLE ALL INPUTS ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo "1 - confirm and enable all inputs"
-    echo "2 - return to the manage inputs menu"
-    echo ""
-    read selection
-    echo ""
-
-    case $selection in
-        1 ) echo "";echo "Do you want to enable metric inputs too, if yes, enter metric index name else press enter";read metric_index;if [ ! -z $metric_index ]; then enable_all_inputs "$metric_index"; else enable_all_inputs; fi; press_enter;manage_inputs_menu;;
-        2 ) manage_inputs_menu;;
-        * ) echo "Please enter a number between 1 and 2"; press_enter; enable_all_menu;;
-    esac
-}
-
-function disable_all_menu
-# batch disable all inputs
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > DISABLE ALL INPUTS ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo "1 - confirm and disable all inputs"
-    echo "2 - return to the manage inputs menu"
-    echo ""
-    echo -n "Please enter your selection: "
-    read selection
-    echo ""
-    case $selection in
-        1 ) disable_all_inputs; press_enter; manage_inputs_menu;;
-        2 ) manage_inputs_menu;;
-        * ) echo "Please enter a number between 1 and 2"; press_enter; disable_all_menu;;
-    esac
-}
-
-function local_to_remote_menu
-# confirm local to remote config copy
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > COPY LOCAL CONFIG TO REMOTE ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo "1 - confirm and clone all local inputs to $server_name"
-    echo "2 - return to the manage inputs menu"
-    echo ""
-    echo -n "Please enter your selection: "
-    read selection
-    echo ""
-    case $selection in
-        1 ) clone_all_inputs; press_enter; manage_inputs_menu;;
-        2 ) manage_inputs_menu;;
-        * ) echo "Please enter a number between 1 and 2"; press_enter; local_to_remote_menu;;
-    esac
-}
-
-function change_input_interval()
-# change the input's interval
-{
-    echo ""
-    echo ""
-    echo -n "Enter the new interval value: "
-    read selection
-    echo ""
-    if test $selection -ge 0; then
-        input_endpoint=$(build_scripted_input_endpoint "$1")
-        set_interval "$input_endpoint" "$selection"
-    else
-        echo ""
-        echo "The value you entered is not a number - please try again"
-        echo ""
-        change_input_interval $1
-    fi
-
-}
-
-function toggle_scripted_input()
-# handle enable/disable of scripted input
-{
-    if [ "$2" = "0" ]; then
-        input_endpoint=$(build_scripted_input_endpoint "$1")
-        disable_scripted_input "$input_endpoint"
-    else
-        input_endpoint=$(build_scripted_input_endpoint "$1")
-        enable_scripted_input "$input_endpoint"
-    fi
-}
-
-function toggle_monitor_input()
-# handle enable/disable of monitor input
-{
-    if [ "$2" = "0" ]; then
-        input_endpoint=$(build_monitor_input_endpoint "$1")
-        disable_monitor_input "$input_endpoint"
-    else
-        input_endpoint=$(build_monitor_input_endpoint "$1")
-        enable_monitor_input "$input_endpoint"
-    fi
-
-}
-
-function manage_scripted_input_options()
-# show scripted input settings/options and handle input
-{
-    get_scripted_input_status "$1"
-    echo ""
-    echo "    Please choose from one of the following options:"
-    echo ""
-    if [ "$rest_value" = "0" ]; then
-        echo "1 - disable input"
-    else
-        echo "1 - enable input"
-    fi
-    echo "2 - change input interval"
-    echo "3 - return to the previous menu"
-    echo ""
-    echo "0 - logout and exit program"
-    echo ""
-    echo -n "Please enter your selection: "
-    read selection
-    echo ""
-    case $selection in
-        1) toggle_scripted_input "$1" "$rest_value"; press_enter; manage_input_menu "$1";;
-        2) change_input_interval "$1"; press_enter; manage_input_menu "$1";;
-        3) select_input_menu;;
-        0) splunk_logout; exit 0;;
-        *) echo "please enter a number between 0 and 3"; manage_input_menu "$1";;
-    esac
-}
-
-function manage_monitor_input_options()
-# show monitor input settings/options and handle input
-{
-    get_monitor_status "$1"
-    echo ""
-    echo "    Please choose from one of the following options:"
-    echo ""
-    if [ "$rest_value" = "0" ]; then
-        echo "1 - disable input"
-    else
-        echo "1 - enable input"
-    fi
-    echo "2 - return to the previous menu"
-    echo ""
-    echo "0 - logout and exit program"
-    echo ""
-    echo -n "Please enter your selection: "
-    read selection
-    echo ""
-    case $selection in
-        1) toggle_monitor_input "$1" "$rest_value"; press_enter; manage_input_menu "$1";;
-        2) select_input_menu;;
-        0) splunk_logout; exit 0;;
-        *) echo "please enter a number between 0 and 2"; manage_input_menu "$1";;
-    esac
-}
-
-function manage_input_menu()
-# manage one input
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > CHOOSE INPUT TO MANAGE ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo "--> Manage Input '$1'"
-    echo ""
-    res="success"
-    input_endpoint=$(build_scripted_input_endpoint "$1")
-    rest_index=$(get_scripted_input_rest_value "$input_endpoint" 'index')
-    if [[ "$1" == *"_metric"* ]] ; then
-        if [[ "$rest_index" != "default" ]]; then
-            echo "Do you want to change the metric index (y/n)?"
-            read answer
-
-            if [[ "$answer" == "y" ]]; then
-                echo "Enter the metric index"
-                read metric_index
-                if [ ! -z $metric_index ]; then
-                    input_endpoint=$(build_scripted_input_endpoint "$1")
-                    set_metric_index $input_endpoint $metric_index
-                else
-                    echo "Please enter a valid index"
-                    press_enter
-                    manage_input_menu "$1"
-                fi
-            fi
-        else
-            echo "Enter the metric index"
-            read metric_index
-            if [ ! -z $metric_index ]; then
-                input_endpoint=$(build_scripted_input_endpoint "$1")
-                set_metric_index $input_endpoint $metric_index
-            else
-                echo "Please enter a valid index"
-                press_enter
-                manage_input_menu "$1"
-            fi
-        fi
-    fi
-    if [ $res == "success" ]; then
-        case "$1" in
-            *.sh) manage_scripted_input_options $1;;
-            *) manage_monitor_input_options $1;;
-        esac
-    else
-        press_enter
-        select_input_menu
-    fi
-}
-
-function select_input_menu
-# choose one input, then enable/disable/change interval
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > CHOOSE INPUT TO MANAGE ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo ""
-    echo "  Choose one of the following inputs:"
-    echo ""
-    selection_list=()
-    input_counter=1
-    oldIFS=$IFS
-    IFS='
-    '
-    script_list=$(get_script_list)
-    for line in $script_list; do
-        case "$line" in
-           *unix* | *Splunk_TA_nix* ) echo " $input_counter - $line"; selection_list[$input_counter]=$line; input_counter=`expr $input_counter + 1`;
-        esac
-    done
-    for line in $MONITOR_INPUTS; do
-        echo " $input_counter - $line"
-        selection_list[$input_counter]=$line
-        input_counter=`expr $input_counter + 1`
-    done
-    echo ""
-    echo " $input_counter - go back to manage inputs menu"
-    echo ""
-    echo ""
-    echo "  0 - logout and exit program"
-    echo ""
-    echo -n "Enter selection: "
-    read selection
-    echo ""
-    if [ $selection = $input_counter ]; then
-        manage_inputs_menu
-    elif [ $selection = 0 ]; then
-        splunk_logout
-        exit 0
-    elif [ $selection -gt $input_counter ]; then
-        echo "Please enter a number between 0 and $input_counter"
-        press_enter
-        select_input_menu
-    elif [ $selection -lt 0 ]; then
-        echo "Please enter a number between 0 and $input_counter"
-        press_enter
-        select_input_menu
-    else
-        ### TODO: implement manage_selected_input_menu
-        manage_input_menu ${selection_list[$selection]}
-    fi
-}
-
-function manage_inputs_menu
-# the aptly named 'manage inputs' menu
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > MANAGE INPUTS ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo "    Please choose from one of the following options:"
-    echo ""
-    echo "1 - manage one input"
-    echo "2 - enable all inputs"
-    echo "3 - disable all inputs"
-    if [ "$remote_server_uri" != "false" ] && [ "$server_unix_app_installed" = "true" ]; then
-        echo "4 - copy local configuration to remote"
-        echo "5 - go back to main menu"
-        echo ""
-        echo "0 - logout and exit program"
-        echo ""
-        echo -n "Enter selection: "
-        read selection
-        echo ""
-        case $selection in
-            1 ) select_input_menu;;
-            2 ) enable_all_menu;;
-            3 ) disable_all_menu;;
-            4 ) local_to_remote_menu;;
-            5 ) main_menu ;;
-            0 ) splunk_logout; exit 0 ;;
-            * ) echo "Please enter a number between 0 and 4"; press_enter; manage_inputs_menu;;
-        esac
-    else
-        echo "4 - go back to main menu"
-        echo ""
-        echo "0 - logout and exit program"
-        echo ""
-        echo -n "Enter selection: "
-        read selection
-        echo ""
-        case $selection in
-            1 ) select_input_menu;;
-            2 ) enable_all_menu;;
-            3 ) disable_all_menu;;
-            4 ) main_menu ;;
-            0 ) splunk_logout; exit 0 ;;
-            * ) echo "Please enter a number between 0 and 4"; press_enter; manage_inputs_menu;;
-        esac
-    fi
-}
-
-function install_menu
-# the aptly named install menu
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > INSTALL/UPGRADE MENU***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo " Please enter the full URI string indicating where the app resides"
-    echo ""
-    echo "   -> for example, 'https://localhost/apps/unix_app_new.tgz'"
-    echo ""
-    echo -n "Enter URI: "
-    read install_uri
-    install_app "$install_uri"
-    press_enter
-    main_menu
-}
-
-function press_enter
-# convenience function to prompt for return
-{
-    echo ""
-    echo -n "Press Enter to continue"
-    read
-    clear
-}
-
-function main_menu
-# the aptly named main menu
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > MAIN MENU ***"
-    echo ""
-    echo "You are currently managing Splunk server '$server_name'"
-    echo ""
-    echo "    Please choose from one of the following options:"
-    echo ""
-    echo "1 - show *nix input status"
-    echo "2 - manage *nix inputs"
-    echo "3 - install/upgrade app"
-    echo "4 - change credentials"
-    if [ $remote_server_uri != "false" ]; then
-        echo "5 - disconnect from remote instance"
-    else
-        echo "5 - connect to remote instance"
-    fi
-    echo ""
-    echo "0 - logout and exit program"
-    echo ""
-    echo -n "Enter selection: "
-    read selection
-    echo ""
-    case $selection in
-        1 ) show_inputs; press_enter; main_menu ;;
-        2 ) manage_inputs_menu;;
-        3 ) install_menu;;
-        4 ) handle_credential_change;;
-        5 ) handle_remote_connection;;
-        0 ) splunk_logout; exit 0;;
-        * ) echo "Please enter a number between 0 and 5"; press_enter; main_menu;;
-    esac
-}
-
-function set_app_installed()
-# set the appropriate remote or local app installed flag
-{
-    if [ $remote_server_uri != "false" ]; then
-        remote_server_unix_app_installed="true"
-        remote_server_app_name="$1"
-    else
-        server_unix_app_installed="true"
-        server_app_name="$1"
-    fi
-}
-
-function set_app_enabled
-# if app is enabled, set the appropriate variables
-{
-    if [ $remote_server_uri != "false" ]; then
-        if [ $remote_server_unix_app_installed != "false" ]; then
-            set_server_has_app_enabled
-        else
-            unset_server_has_app_enabled
-        fi
-    else
-        if [ $server_unix_app_installed != "false" ]; then
-            set_server_has_app_enabled
-        else
-            unset_server_has_app_enabled
-        fi
-    fi
-}
-
-function set_server_has_app_enabled
-# set appropriate flag that server has
-# the unix app installed and enabled
-{
-    if [ $remote_server_uri != "false" ]; then
-        remote_server_has_unix_app_enabled="true"
-    else
-        server_has_unix_app_enabled="true"
-    fi
-}
-
-function unset_server_has_app_enabled
-# set appropriate flag that server does not
-# have the unix app installed and enabled
-{
-    if [ $remote_server_uri != "false" ]; then
-        remote_server_has_unix_app_enabled="false"
-    else
-        server_has_unix_app_enabled="false"
-    fi
-}
-
-function handle_credential_change
-# handle remote or local credential change
-{
-    if [ $remote_server_uri != "false" ]; then
-        splunk_remote_credential_change
-    else
-        splunk_logout
-        splunk_login
-    fi
-}
-
-function handle_remote_connection
-# if connected to remote instance, logout
-# else redirect to remote instance login
-{
-    if [ $remote_server_uri != "false" ]; then
-        splunk_remote_logout
-    else
-        splunk_remote_login
-    fi
-}
-
-function set_unix_app_info
-{
-    if [ $remote_server_uri != "false" ]; then
-        app_output=`$SPLUNK_HOME/bin/splunk display app -uri $remote_server_uri`
-    else
-        app_output=`$SPLUNK_HOME/bin/splunk display app`
-    fi
-    oldIFS=$IFS
-    IFS='
-    '
-    for line in $app_output; do
-        case "$line" in
-           *unix* ) set_app_installed "unix";;
-           *Splunk_TA_nix* ) set_app_installed "Splunk_TA_nix";;
-           *ENABLED*) set_app_enabled;;
-           #*DISABLED*) set_app_disabled;;
-        esac
-    done
-    IFS=$oldIFS
-}
-
-function check_for_unix_app
-# can't manage the unix app if there is nothing to manage
-{
-    set_unix_app_info
-    if [ $remote_server_uri = "true" ]; then
-        if [ $remote_server_has_unix_app_enabled = "true" ]; then
-            main_menu
-        else
-            echo "the remote server $server_name does not have the unix app installed or the app is disabled"
-            echo ""
-            echo "do you want to install the unix app from a location on your network?"
-            echo ""
-            echo -n "enter y to continue: "
-            read want_install_app
-            case $want_install_app in
-                y ) install_menu; check_for_unix_app;;
-                * ) splunk_remote_logout; prerequisites;;
-            esac
-        fi
-    else
-        if [ $server_has_unix_app_enabled = "true" ]; then
-            main_menu
-        else
-           echo "the local server $server_name does not have the unix app installed or the app is disabled"
-           echo ""
-           echo "only remote management of servers with the unix app will be permitted"
-           splunk_remote_login
-        fi
-    fi
-}
-
-function prerequisites
-# use 'list app' to see if the unix app is installed/enabled
-# set server_name
-# if app installed/enabled, redirect to main menu
-# else warn and exit
-{
-    server_name=$(get_server_name)
-    check_for_unix_app
-    main_menu
-}
-
-function splunk_login
-# log user in to splunk
-# then route to main_menu
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > LOCAL LOGIN ***"
-    echo ""
-    $SPLUNK_HOME/bin/splunk login
-    if [ "$?" = "0" ]; then
-        prerequisites
-    else
-        exit 1
-    fi
-}
-
-function splunk_remote_login
-# log user in to some other splunk
-# then route to main_menu
-{
-    clear
-    echo ""
-    echo "*** Splunk> *nix command-line setup > REMOTE LOGIN ***"
-    echo ""
-    echo " Please enter the full URI for the remote server"
-    echo ""
-    echo "   -> for example, 'https://remotehost:8089'"
-    echo ""
-    echo -n "Enter URI: "
-    read remote_server_uri
-    splunk_remote_credential_change
-}
-
-function splunk_remote_credential_change
-# branch the remote credential change to facilitate
-# changing credentials on the same remote instance
-{
-    echo ""
-    echo "connecting to the remote server '$remote_server_uri'"
-    echo ""
-    echo "enter your credentials to the remote server below:"
-    echo ""
-    $SPLUNK_HOME/bin/splunk login --uri "$remote_server_uri"
-    if [ "$?" = "0" ]; then
-        prerequisites
-    else
-        remote_server_uri="false"
-        remote_server_unix_app_installed="false"
-        remote_server_has_unix_app_enabled="false"
-        echo ""
-        echo "remote login failed"
-        echo ""
-        press_enter
-        main_menu
-    fi
-}
-
-function splunk_logout
-# log user out of splunk
-# often followed by call to splunk_login
-{
-    $SPLUNK_HOME/bin/splunk logout
-    remote_server_uri="false"
-    server_name="false"
-    server_unix_app_installed="false"
-    server_has_unix_app_enabled="false"
-    remote_server_unix_app_installed="false"
-    remote_server_has_unix_app_enabled="false"
-    clear
-}
-
-function splunk_remote_logout
-# log user out of remote splunk instance
-{
-    $SPLUNK_HOME/bin/splunk logout --uri "$remote_server_uri"
-    remote_server_uri="false"
-    remote_server_unix_app_installed="false"
-    remote_server_has_unix_app_enabled="false"
-    splunk_login
-    server_name=$(get_server_name)
-    main_menu
-}
-
-function usage()
-# provides usage
-{
-    echo ''
-    echo '  usage: setup.sh'
-    echo ''
-    echo '       (no argument)   menu-based setup'
-    echo '       --auth          credentials (user:pass) for specified command'
-    echo '       --clone-all     clone input configuration from local to remote'
-    echo '       --disable-all   disable all inputs'
-    echo '       --disable-input input to be disabled'
-    echo '       --enable-all    enable all inputs. Metric inputs will be enabled if metric input will be passed'
-    echo '       --enable-input  input to be enabled and metric index must be passed for metric input'
-    echo '       --help          print usage and exit'
-    echo '       --install-app   install the app at the given location'
-    echo '       --interval      set input to given interval'
-    echo '       --list-all      show details all inputs'
-    echo '       --list-input    show details for input'
-    echo '       --usage         print usage and exit'
-    echo '       --uri           remote uri (https://host:port) to use'
-    echo '       --metric-index  provide metric index in metric input'
-    echo ''
-    echo ''
-    echo '  examples:'
-    echo ''
-    echo '       set cpu.sh interval to 120 (with auth prompt):'
-    echo ''
-    echo '           setup.sh --interval cpu.sh 120'
-    echo ''
-    echo '       disable all local inputs (with no auth prompt):'
-    echo ''
-    echo '           setup.sh --disable-all --auth admin:changeme1'
-    echo ''
-    echo '       show input status on remote host foobar:'
-    echo ''
-    echo '           setup.sh --list-all --uri https://foobar:8089'
-    echo ''
-    echo '       update the unix app from your-server on the remote host foobar:'
-    echo ''
-    echo '           setup.sh --install-app https://your-server/unix.spl --uri https://foobar:8089'
-    echo ''
-    echo '       copy the local input configuration to the remote host foobar:'
-    echo ''
-    echo '           setup.sh --clone-all --uri https://foobar:8089'
-    echo ''
-    echo '       enable all inputs including metric inputs'
-    echo ''
-    echo '           setup.sh --enable-all --metric-index test3'
-    echo ''
-    echo '       enable a single metric input'
-    echo ''
-    echo '           setup.sh --enable-input interfaces_metric.sh --metric-index test3'
-    echo ''
-
-    exit 1
-}
-
-function execute_command()
-# executes one command from the execution queue
-{
-    action=
-    _target=
-    _interval=
-    res="success"
-    for token in $1; do
-        if [ ! -n "$action" ]; then
-            action="$token"
-            continue
-        else
-            if [ "$action" == "clone" ]; then
-                clone_all_inputs
-            elif [ "$action" == "disable" ]; then
-                if [ "$token" == "all" ]; then
-                    disable_all_inputs
-                else
-                    case $token in
-                        *.sh ) input_endpoint=$(build_scripted_input_endpoint "$token"); echo "disabling input $token"; echo ""; disable_scripted_input "$input_endpoint";;
-                        * ) input_endpoint=$(build_monitor_input_endpoint "$token"); echo "disabling input $token"; echo ""; disable_monitor_input "$input_endpoint";;
-                    esac
-                fi
-            elif [ "$action" == "enable" ]; then
-                word=( $1 )
-                if [ "$token" == "all" ]; then
-                    if [ ${#word[@]} == "2" ] || [ ${#word[@]} == "3" ]; then
-                        echo ""
-                        echo "Warning <<<<<<<<< Metric inputs will not be enabled as metric index was not specified >>>>>>>>>"
-                        echo ""
-                        enable_all_inputs
-                    elif [ ${#word[@]} == "4" ]; then
-                        if [ "${word[2]}" == "--metric-index" ]; then
-                            enable_all_inputs ${word[3]}
-                        else
-                            echo "Wrong Argument"
-                            usage
-                        fi
-                    else
-                        echo "Wrong argument"
-                        usage
-                    fi
-                elif [ "$token" == "input" ]; then
-                    _target=${word[2]}
-                    if [ ${#word[@]} == "3" ] ; then
-                        if [[ "$_target" != *"_metric"* ]]; then
-                            enable_single_input $_target
-                        else
-                            echo "Metric index must be specified for this input"
-                            usage
-                        fi
-                    elif  [ ${#word[@]} == "4" ] ; then
-                        echo "Wrong argument"
-                        usage
-                    elif [ ${#word[@]} == "5" ]; then
-                        if [[ "${word[3]}" == "--metric-index" ]] && [[ "$_target" == *"_metric"* ]]; then
-                            enable_metric_input $_target ${word[4]}
-                        else
-                            echo "This input is not a metric input or wrong argument passed"
-                            usage
-                        fi
-                    else
-                        echo "Wrong Argument"
-                        usage
-                    fi
-                fi
-            elif [ "$action" == "install" ]; then
-                install_app "$token"
-            elif [ "$action" == "interval" ]; then
-                if [ ! -n "$_target" ]; then
-                    _target="$token"
-                else
-                    if [ ! -n "$_interval" ]; then
-                        input_endpoint=$(build_scripted_input_endpoint "$_target")
-                        echo "setting $_target interval to $token"
-                        set_interval "$input_endpoint" "$token"
-                    fi
-                fi
-            elif [ "$action" == "list" ]; then
-                if [ "$token" == "all" ]; then
-                    show_inputs
-                else
-                    case "$token" in
-                        *.sh ) input_endpoint=$(build_scripted_input_endpoint "$token"); get_scripted_input_status "$input_endpoint";;
-                        * ) input_endpoint=$(build_monitor_input_endpoint "$token"); get_monitor_status "$input_endpoint";;
-                    esac
-                fi
-            fi
-        fi
-    done
-    }
-
-function enable_metric_input
-# Updates index of metric input and if successful then enable it.
-{
-    input_endpoint=$(build_scripted_input_endpoint "$1")
-    set_metric_index "$input_endpoint" "$2"
-    if [ "$res" == "success" ]; then
-        enable_single_input "$1"
-    fi
-}
-
-function enable_single_input
-# Enable any input
-{
-    case $1 in
-        *.sh ) input_endpoint=$(build_scripted_input_endpoint "$1"); echo "enabling input $1"; echo ""; enable_scripted_input "$input_endpoint";;
-        * ) input_endpoint=$(build_monitor_input_endpoint "$1"); echo "enabling input $1"; echo ""; enable_monitor_input "$input_endpoint";;
-    esac
-}
-
-function execute_queue
-# executes a stored queue of command line options and arguments
-{
-    if [ ! -n "$__QUEUE" ]; then
-        echo ""
-        echo " Error parsing command line options/arguments"
-        echo ""
-        echo ""
-        usage
-    else
-        if [ -n "$AUTH_STRING" ]; then
-            if [ "$remote_server_uri" != "false" ]; then
-                $SPLUNK_HOME/bin/splunk login -uri $remote_server_uri -auth $AUTH_STRING
-                if [ "$?" != 0 ]; then
-                    echo ""
-                    echo " authentication failed"
-                    echo ""
-                    exit 1
-                fi
-            else
-                $SPLUNK_HOME/bin/splunk login -auth $AUTH_STRING
-                if [ "$?" != 0 ]; then
-                    echo ""
-                    echo " authentication failed"
-                    echo ""
-                    exit 1
-                fi
-            fi
-        fi
-        server_name=$(get_server_name)
-        set_unix_app_info
-        echo ""
-        echo " authenticated to $server_name"
-        echo ""
-        _oldIFS=$IFS
-        IFS="::"
-        for key in $__QUEUE; do
-            IFS=$_oldIFS
-            execute_command "$key"
-            IFS="::"
-        done
-        IFS=$_oldIFS
-    fi
-}
-
-function queue_action
-# creates queue of actions to be executed by execute_queue
-{
-    __QUEUE=$_QUEUE"::$ACTION $ACTION_TARGET "
-}
-
-### MAIN ###
-
-. `dirname $0`/common.sh
-
-remote_server_uri="false"
-server_unix_app_installed="false"
-server_has_unix_app_enabled="false"
-remote_server_unix_app_installed="false"
-remote_server_has_unix_app_enabled="false"
-
-MONITOR_INPUTS="/Library/Logs ~/Library/Logs /var/log /var/adm /etc"
-
-__QUEUE=
-ACTION=
-ACTION_TARGET=
-AUTH_STRING=
-REMOTE_URI=
-
-if [ ! -n "$1" ]; then
-    splunk_login
-else
-    while [ "$1" != "" ]; do
-        case $1 in
-            --auth ) shift; AUTH_STRING="$1"; shift;;
-            --clone-all ) ACTION="clone"; queue_action; shift;;
-            --disable-all ) ACTION="disable"; ACTION_TARGET="all"; queue_action; shift;;
-            --disable-input ) ACTION="disable"; shift; ACTION_TARGET="$1"; queue_action; shift;;
-            --enable-all ) ACTION="enable"; shift; ACTION_TARGET="$1"; ACTION_TARGET="all "$ACTION_TARGET;shift;ACTION_TARGET=$ACTION_TARGET" $1";shift;queue_action; shift;;
-            --enable-input ) ACTION="enable"; shift; ACTION_TARGET="$1";shift; ACTION_TARGET="input "$ACTION_TARGET" $1";shift;ACTION_TARGET=$ACTION_TARGET" $1";shift;queue_action; shift;;
-            --interval ) ACTION="interval"; shift; ACTION_TARGET="$1"; shift; ACTION_TARGET=$ACTION_TARGET" $1"; queue_action; shift;;
-            --install-app ) ACTION="install"; shift; ACTION_TARGET="$1"; queue_action; shift;;
-            --list-all ) ACTION="list"; ACTION_TARGET="all"; queue_action; shift;;
-            --list-input ) ACTION="list"; shift; ACTION_TARGET="$1"; queue_action; shift;;
-            --uri ) remote_server_uri="$1"; shift;;
-            --usage | --help ) usage;;
-            * ) usage;;
-        esac
-    done
-    execute_queue
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setupservice.py b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setupservice.py
deleted file mode 100644
index 5bba8ed2..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/setupservice.py
+++ /dev/null
@@ -1,38 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-import json
-import sys
-
-import splunk
-import splunk.bundle as bundle
-
-
-class SetupService(splunk.rest.BaseRestHandler):
-    def handle_GET(self):
-        try:
-            is_recognized_unix = not sys.platform.startswith("win")
-            self.response.write(json.dumps(is_recognized_unix))
-        except Exception as e:
-            self.response.write(e)
-
-    def handle_POST(self):
-        sessionKey = self.sessionKey
-        try:
-            conf = bundle.getConf(
-                "app", sessionKey, namespace="Splunk_TA_nix", owner="nobody"
-            )
-            stanza = conf.stanzas["install"].findKeys("is_configured")
-            if stanza:
-                if stanza["is_configured"] == "0" or stanza["is_configured"] == "false":
-                    conf["install"]["is_configured"] = "true"
-                    splunk.rest.simpleRequest(
-                        "/apps/local/Splunk_TA_nix/_reload", sessionKey=sessionKey
-                    )
-            else:
-                conf["install"]["is_configured"] = "true"
-                splunk.rest.simpleRequest(
-                    "/apps/local/Splunk_TA_nix/_reload", sessionKey=sessionKey
-                )
-        except Exception as e:
-            self.response.write(e)
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/sshdChecker.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/sshdChecker.sh
deleted file mode 100755
index 0a2b5453..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/sshdChecker.sh
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-SSH_CONFIG_FILE=""
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] ; then
-	SSH_CONFIG_FILE=/etc/ssh/sshd_config
-elif [ "$KERNEL" = "Darwin" ] ; then
-	SSH_CONFIG_FILE=/etc/sshd_config
-else
-	failUnsupportedScript
-fi
-
-FILL_BLANKS='END {
-	if (SSHD_PROTOCOL == 0) {
-		SSHD_PROTOCOL=SSHD_DEFAULT_PROTOCOL
-	}'
-
-PRINTF='{printf "%s app=sshd %s %s\n", DATE, FILEHASH, SSHD_PROTOCOL}}'
-
-if [ "x$SOLARIS_11" != "xtrue" ] ; then
-
-	# If $SSH_CONFIG_FILE file exists and is a regular file.
-	if [ -f "$SSH_CONFIG_FILE" ] ; then
-
-		assertHaveCommand cat
-
-		# Get file hash
-		# shellcheck disable=SC2016
-		CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256 $SSH_CONFIG_FILE ; cat $SSH_CONFIG_FILE'
-
-		# Get the date.
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {DATE=$0}'
-
-		# Try to use cross-platform case-insensitive matching for text. Note
-		# that "match", "tolower", IGNORECASE and other common awk commands or
-		# options are actually nawk/gawk extensions so avoid them if possible.
-		# shellcheck disable=SC2016
-		PARSE_1='/^[Pp][Rr][Oo][Tt][Oo][Cc][Oo][Ll]/ {
-			split($0, arr)
-			num = split(arr[2], protocols, ",")
-			if (num == 2) {
-				SSHD_PROTOCOL="sshd_protocol=" protocols[1] "/" protocols[2]
-			} else {
-				SSHD_PROTOCOL="sshd_protocol=" protocols[1]
-			}
-		}'
-		# shellcheck disable=SC2016
-		PARSE_2='/^#[[:blank:]]*[Pp][Rr][Oo][Tt][Oo][Cc][Oo][Ll]/ {
-			num=split($0, arr)
-			protonum = split(arr[num], protocols, ",")
-			if (protonum == 2) {
-				SSHD_DEFAULT_PROTOCOL="sshd_protocol=" protocols[1] "/" protocols[2]
-			} else {
-				SSHD_DEFAULT_PROTOCOL="sshd_protocol=" protocols[1]
-			}
-		}'
-		# shellcheck disable=SC2016
-		PARSE_3='/^SHA256/ {FILEHASH="file_hash=" $2}'
-
-		MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3"
-
-	else
-		# shellcheck disable=SC2016
-		echo "SSHD configuration (file: $SSH_CONFIG_FILE) missing or unreadable." >> "$TEE_DEST"
-		exit 1
-	fi
-
-else
-
-	if [ -f "$SSH_CONFIG_FILE" ] && [ -r "$SSH_CONFIG_FILE" ] ; then
-
-		# Solaris 11 only supports SSH protocol 2.
-		assertHaveCommand cat
-
-		# Get file hash
-		# shellcheck disable=SC2016
-		CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256 $SSH_CONFIG_FILE'
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {DATE=$0 ; SSHD_PROTOCOL="sshd_protocol=2"}'
-		# shellcheck disable=SC2016
-		PARSE_1='/^SHA256/ {FILEHASH="file_hash=" $2}'
-
-		MASSAGE="$PARSE_0 $PARSE_1"
-
-	else
-		echo "SSHD configuration (file: $SSH_CONFIG_FILE) missing or unreadable." >> "$TEE_DEST"
-		exit 1
-	fi
-
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$MASSAGE $FILL_BLANKS $PRINTF"
-echo "Cmd = [$CMD];  | $AWK '$MASSAGE $FILL_BLANKS $PRINTF'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/time.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/time.sh
deleted file mode 100755
index 5fc0974b..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/time.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-queryHaveCommand ntpdate
-FOUND_NTPDATE=$?
-
-queryHaveCommand sntp
-FOUND_SNTP=$?
-
-getServer ()
-{
-   if [ -f    /etc/ntp.conf ] ; then         # Linux; FreeBSD; AIX; Mac OS X maybe
-		CONFIG=/etc/ntp.conf
-	elif [ -f  /etc/inet/ntp.conf ] ; then    # Solaris
-		CONFIG=/etc/inet/ntp.conf
-	elif [ -f  /private/etc/ntp.conf ] ; then # Mac OS X
-		CONFIG=/private/etc/ntp.conf
-	else
-		CONFIG=
-	fi
-
-	SERVER_DEFAULT='0.pool.ntp.org'
-	if [ "$CONFIG" = "" ] ; then
-		SERVER=$SERVER_DEFAULT
-	else
-		# shellcheck disable=SC2016
-		SERVER=$($AWK '/^server / {print $2; exit}' "$CONFIG")
-		SERVER=${SERVER:-$SERVER_DEFAULT}
-	fi
-
-}
-
-#With ntpdate
-if [ $FOUND_NTPDATE -eq 0 ] ; then
-	echo "Found ntpdate command" >> "$TEE_DEST"
-	getServer
-
-	CMD2="ntpdate -q $SERVER"
-	echo "CONFIG=$CONFIG, SERVER=$SERVER" >> "$TEE_DEST"
-
-#With sntp
-elif [ "$KERNEL" = "Darwin" ] && [ $FOUND_SNTP -eq 0 ] ; then # Mac OS 10.14.6 or higher version
- 	echo "Found sntp command" >> "$TEE_DEST"
-	getServer
-
-	CMD2="sntp $SERVER"
-	echo "CONFIG=$CONFIG, SERVER=$SERVER" >> "$TEE_DEST"
-
-#With Chrony
-else
-	CMD2="chronyc -n sources"
-fi
-
-CMD1='date'
-
-assertHaveCommand $CMD1
-assertHaveCommand "$CMD2"
-
-$CMD1 | tee -a "$TEE_DEST"
-echo "Cmd1 = [$CMD1]" >> "$TEE_DEST"
-
-$CMD2 | tee -a "$TEE_DEST"
-echo "Cmd2 = [$CMD2]" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/top.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/top.sh
deleted file mode 100755
index 7779598f..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/top.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='   PID  USER              PR    NI    VIRT     RES     SHR   S  pctCPU  pctMEM       cpuTIME  COMMAND'
-# shellcheck disable=SC2016
-PRINTF='{printf "%6s  %-14s  %4s  %4s  %6s  %6s  %6s  %2s  %6s  %6s  %12s  %-s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12}'
-
-CMD='top'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	CMD='top -bn 1'
-	FILTER='{if (NR < 7) next}'
-	# shellcheck disable=SC2016
-	HEADERIZE='{NR == 7 && $0 = header}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-	CMD='prstat -n 999 1 1'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	FILTER='(NR==1) {next} /^Total:|^$/ {exit}'
-	# shellcheck disable=SC2016
-	FORMAT_DOMAIN='{virt=$3; res=$4; stateRaw=$5; pr=$6; ni=$7; cpuTIME=$8; pctCPU=0.0+$9; sub("/.*$", "", $10); command=$10 ? $10 : "<n/a>"}'
-	SPECIFY_STATES_MAP='BEGIN {map["sleep"]="S"; map["stop"]="T"; map["zombie"]="Z"; map["wait"]="D"; map["cpu"]="R"}'
-	MAP_STATE='{sub("[0-9]+$", "", stateRaw); state=map[stateRaw]}'
-	# shellcheck disable=SC2016
-	FORMAT_RANGE='{$3=pr; $4=ni; $5=virt; $6=res; $7="?"; $8=state; $9=pctCPU; $10="?"; $11=cpuTIME; $12=command}'
-	FORMAT="$FORMAT_DOMAIN $SPECIFY_STATES_MAP $MAP_STATE $FORMAT_RANGE"
-elif [ "$KERNEL" = "AIX" ] ; then
-	CMD="eval /usr/sysv/bin/ps -eo pid,user,pri,nice,vsz,rss,s,s,pcpu,pmem,time,comm"
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	FILTER='/PID/{next}'
-	# shellcheck disable=SC2016
-	FORMAT='{$7="?" ; sub("A","R",$8)}'
-        # Substitute ? for temporary [field 7] &
-        # Substitute R(running) for A(Active) on field 8 in AIX by Jacky Ho, Systex
-elif [ "$KERNEL" = "Darwin" ] ; then
-	if [ "$OSX_MAJOR_VERSION" = 10 ] && [ "$OSX_MINOR_VERSION" -ge 9 ] || [ "$OSX_MAJOR_VERSION" -ge 11 ]; then
-		# OS X 10.9 does not report rshrd statistic (Resident Shared Address Space Size)
-		CMD="eval top -F -l 2 -ocpu -Otime -stats pid,username,vsize,rsize,cpu,time,command"
-		# shellcheck disable=SC2016
-		FORMAT='{gsub("[+-] ", " "); virt=$3; res=$4; shr="?"; pctCPU=$5; cpuTIME=$6; command=$7; $3="?"; $4="?"; $5=virt; $6=res; $7=shr; $8="?"; $9=pctCPU; $10="?"; $11=cpuTIME; $12=command}'
-	elif $OSX_GE_SNOW_LEOPARD; then
-		CMD="eval top -F -l 2 -ocpu -Otime -stats pid,username,vsize,rsize,rshrd,cpu,time,command"
-		# shellcheck disable=SC2016
-		FORMAT='{gsub("[+-] ", " "); virt=$3; res=$4; shr=$5;  pctCPU=$6; cpuTIME=$7; command=$8; $3="?"; $4="?"; $5=virt; $6=res; $7=shr; $8="?"; $9=pctCPU; $10="?"; $11=cpuTIME; $12=command}'
-	else
-		CMD="eval top -F -l 2 -ocpu -Otime -t -R -p '^aaaaa ^nnnnnnnnnnnnnnnnnn ^lllll ^jjjjj ^ccccc ^ddddd ^bbbbbbbbbbbbbbbbbbbbbbbbbbbbb'"
-		# shellcheck disable=SC2016
-		FORMAT='{                    virt=$3; res=$4;          pctCPU=$5; cpuTIME=$6; command=$7; $3="?"; $4="?"; $5=virt; $6=res; $7="?"; $8="?"; $9=pctCPU; $10="?"; $11=cpuTIME; $12=command}'
-	fi
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	FILTER='/ %CPU / {reportOrd++; next} {if ((reportOrd < 2) || !length) next}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand ps
-    HEADERIZE="BEGIN {print \"$HEADER\"}"
-    FILTER='/PID/{next}'
-    export UNIX95=1
-    CMD='ps -e -o pid,user,pri,nice,vsz,state,pcpu,time,comm'
-	# shellcheck disable=SC2016
-    PRINTF='{q="?"; printf "%6s  %-14s  %4s  %4s  %6s  %6s  %6s  %2s  %6s  %6s  %12s  %-s\n", $1, $2, $3, $4, $5, q, q, $6, $7, q, $8, $9}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	line=$(top -Sb 999 | grep -n -m 1 "PID" | cut -f1 -d:)
-	CMD='top -Sb 999'
-	HEADERIZE="BEGIN {print \"$HEADER\"}"
-	FILTER='(NR<='$line') {next} /^$/ {next}'
-	# shellcheck disable=SC2016
-	FORMAT_DOMAIN='{pr=$4; ni=$5; virt=$6; res=$7; stateRaw=$8; cpuTIME=$10; pctCPU=0+$11; command=$12}'
-	SPECIFY_STATES_MAP='BEGIN {map["SLEEP"]="S"; map["STOP"]="T"; map["ZOMB"]="Z"; map["WAIT"]="D"; map["LOCK"]="D"; map["START"]="R"; map["RUN"]="R"; map["CPU"]="R"}'
-	MAP_STATE='{sub("[0-9]+$", "", stateRaw); state=map[stateRaw]; state=state ? state : "?"}'
-	# shellcheck disable=SC2016
-	FORMAT_RANGE='{$3=pr; $4=ni; $5=virt; $6=res; $7="?"; $8=state; $9=pctCPU; $10="?"; $11=cpuTIME; $12=command}'
-	FORMAT="$FORMAT_DOMAIN $SPECIFY_STATES_MAP $MAP_STATE $FORMAT_RANGE"
-fi
-# shellcheck disable=SC2086
-assertHaveCommand $CMD
-
-out=$($CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER")
-lines=$(echo "$out" | wc -l)
-
-if [ "$lines" -gt 1 ]; then
-	echo "$out"
-	echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
-else
-	echo "No data is present" >> "$TEE_DEST"
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/update.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/update.sh
deleted file mode 100755
index d834c3ae..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/update.sh
+++ /dev/null
@@ -1,130 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_update_error_tmpfile # For filering out apt warning from stderr
-
-if [ "$KERNEL" = "Linux" ] ; then
-	assertHaveCommand date
-    OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2)
-	OS_FILE=/etc/os-release
-	# Ubuntu doesn't have yum installed by default hence apt is being used to get the list of upgradable packages
-    if [ "$OSName" = "Ubuntu" ]; then
-		assertHaveCommand apt
-		assertHaveCommand sed
-		# sed command here replaces '/, [, ]' with ' '
-		CMD='eval date ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"'
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {DATE=$0}'
-		# shellcheck disable=SC2016
-		PARSE_1='NR>2 { printf "%s package=%s ubuntu_update_stream=%s latest_package_version=%s ubuntu_architecture=%s current_package_version=%s\n", DATE, $1, $2, $3, $4, $7}'
-		MESSAGE="$PARSE_0 $PARSE_1"
-	elif echo "$OS_ID" | grep -qi suse; then
-		assertHaveCommand zypper
-		# shellcheck disable=SC2016
-		CMD='eval date ; zypper list-updates'
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {DATE=$0}'
-		# shellcheck disable=SC2016
-		PARSE_1='/^[\-+]+/ {header_found = 1; next}'
-		# shellcheck disable=SC2016
-		PARSE_2='header_found { gsub(/[[:space:]]*\|[[:space:]]*/, "|"); split($0, arr, /\|/); printf "%s repository=%s package=%s current_package_version=%s latest_package_version=%s sles_architecture=%s\n", DATE, arr[2], arr[3], arr[4], arr[5], arr[6]}'
-		MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2"
-	else
-		assertHaveCommand yum
-
-		CMD='eval date ; yum check-update'
-		# shellcheck disable=SC2016
-		PARSE_0='NR==1 {
-			DATE=$0
-			PROCESS=0
-			UPDATES["addons"]=0
-			UPDATES["base"]=0
-			UPDATES["extras"]=0
-			UPDATES["updates"]=0
-		}'
-
-		# Skip extraneous text up to first blank line.
-		# shellcheck disable=SC2016
-		PARSE_1='NR>1 && PROCESS==0 && $0 ~ /^[[:blank:]]*$|^$/ {
-			PROCESS=1
-		}'
-		# shellcheck disable=SC2016
-		PARSE_2='NR>1 && PROCESS==1 {
-			num = split($0, update_array)
-			if (num == 3) {
-				# Record the update count
-				UPDATES[update_array[3]] = UPDATES[update_array[3]]+1
-				printf "%s package=\"%s\" package_type=\"%s\"\n", DATE, update_array[1], update_array[3]
-			} else if (num==2 && update_array[1] != "") {
-				printf "%s package=\"%s\"\n", DATE, update_array[1]
-			}
-		}'
-
-		PARSE_3='END {
-			TOTALS=""
-			for (key in UPDATES) {
-				TOTALS=TOTALS key "=" UPDATES[key] " "
-			}
-			printf "%s %s\n", DATE, TOTALS
-		}'
-
-		MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3"
-	fi
-
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand date
-	assertHaveCommand softwareupdate
-
-	CMD='eval date ; softwareupdate -l'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {
-		DATE=$0
-		PROCESS=0
-		TOTAL=0
-	}'
-
-	# If the first non-space character is an asterisk, assume this is the name
-	# of the update. Otherwise, print the update.
-	# shellcheck disable=SC2016
-	PARSE_1='NR>1 && PROCESS==1 && $0 !~ /^[[:blank:]]*$/ {
-		if ( $0 ~ /^[[:blank:]]*\*/ ) {
-			PACKAGE="package=\"" $2 "\""
-			RECOMMENDED=""
-			RESTART=""
-			TOTAL=TOTAL+1
-		} else {
-			if ( $0 ~ /recommended/ ) { RECOMMENDED="is_recommended=\"true\"" }
-			if ( $0 ~ /restart/ ) { RESTART="restart_required=\"true\"" }
-			printf "%s %s %s %s\n", DATE, PACKAGE, RECOMMENDED, RESTART
-		}
-	}'
-
-	# Use sentinel value to skip all text prior to update list.
-	# shellcheck disable=SC2016
-	PARSE_2='NR>1 && PROCESS==0 && $0 ~ /found[[:blank:]]the[[:blank:]]following/ {
-		PROCESS=1
-	}'
-
-	PARSE_3='END {
-		printf "%s total_updates=%s\n", DATE, TOTAL
-	}'
-
-	MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3"
-
-else
-	# Exits
-	failUnsupportedScript
-fi
-
-# shellcheck disable=SC2086
-$CMD 2> $TMP_ERROR_FILTER_FILE | tee "$TEE_DEST" | $AWK "$MESSAGE"
-# shellcheck disable=SC2086
-grep -Ev "apt does not have a stable CLI interface|^[[:space:]]*$" < $TMP_ERROR_FILTER_FILE 1>&2
-# shellcheck disable=SC2086
-rm $TMP_ERROR_FILTER_FILE 2>/dev/null
-
-echo "Cmd = [$CMD];  | $AWK '$MESSAGE'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/uptime.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/uptime.sh
deleted file mode 100755
index d6f69c59..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/uptime.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-PRINTF='END {printf "%s SystemUpTime=%s\n", DATE, UPTIME}'
-
-# On HP-UX the `ps` command will only recognize the `-o` option if
-# the `UNIX95` environment variable is set. So do it.
-#
-# Careful: The `UNIX95` environment variable affects other common
-#          commands like `cp`.
-if [ "$KERNEL" = "HP-UX" ]; then
-        export UNIX95=1
-fi
-
-# This should work for any POSIX-compliant system, but in case it doesn't
-# we have left the individual OS names here to be broken out later on.
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "AIX" ] || [ "$KERNEL" = "HP-UX" ] || [ "$KERNEL" = "Darwin" ] || [ "$KERNEL" = "FreeBSD" ] ; then
-        assertHaveCommand date
-        assertHaveCommand ps
-        CMD='eval date; LC_ALL=POSIX ps -o etime= -p 1'
-        # Get the date.
-		# shellcheck disable=SC2016
-        PARSE_0='NR==1 {DATE=$0}'
-        # Parse timestamp using only POSIX AWK functions. The match, do/while,
-        # and exponentiation commands may not be available on some systems.
-        # shellcheck disable=SC2016
-		PARSE_1='NR==2 {
-						if (index($1,"-") != 0) {
-							split($1, array, "-")
-							UPTIME=86400*array[1]
-							num=split(array[2], TIME, ":")
-						} else {
-							UPTIME=0
-							num=split($1, TIME, ":")
-						}
-						for (i=num; i>0; i--) {
-							SECS=TIME[i]
-							for (j=num-i; j>0; j--) {
-								SECS = SECS * 60
-							}
-							UPTIME = UPTIME + SECS
-						}
-					}'
-        MASSAGE="$PARSE_0 $PARSE_1"
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF" header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/usersWithLoginPrivs.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/usersWithLoginPrivs.sh
deleted file mode 100755
index 488d39a4..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/usersWithLoginPrivs.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-HEADER='USERNAME\tUID\tGID\tHOME_DIR\tUSER_INFO'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-
-CMD='cat /etc/passwd'
-AWK_IFS='-F:'
-# shellcheck disable=SC2016
-FILTER='($NF !~ /sh$/) {next}'
-# shellcheck disable=SC2016
-PRINTF='{printf "%s\t%s\t%s\t%s\t%s\n", $1, $3, $4, $6, $5}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	# shellcheck disable=SC2016
-	FILL_BLANKS='{$5 || $5 = "?"; length($4) || $4 = "?"; length($3) || $3 = "?"}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-	# shellcheck disable=SC2016
-	FILL_BLANKS='{$5 || $5 = "?"; length($4) || $4 = "?"; length($3) || $3 = "?"}'
-elif [ "$KERNEL" = "AIX" ] ; then
-	# shellcheck disable=SC2016
-	FILL_BLANKS='{$5 || $5 = "?"; length($4) || $4 = "?"; length($3) || $3 = "?"}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-	# shellcheck disable=SC2016
-	FILL_BLANKS='{$5 || $5 = "?"; length($4) || $4 = "?"; length($3) || $3 = "?"}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	CMD='dscacheutil -q user'
-	AWK_IFS=''
-	# shellcheck disable=SC2016
-	MASSAGE='/^name: / {username = $2} /^uid: / {UID = $2} /^gid: / {GID = $2} /^dir: / {homeDir = $2} /^shell: / {shell = $2} /^gecos: / {userInfo = $2; for (i=3; i<=NF; i++) userInfo = userInfo " " $i} !/^gecos: / {next}'
-	FILTER='{if (shell !~ /sh$/) next; if (homeDir ~ /^[0-9]+$/) next}'
-	PRINTF='{printf "%s\t%s\t%s\t%s\t%s\n", username, length(UID) ? UID : "?", length(GID)  ? GID : "?", length(homeDir) ? homeDir : "?", userInfo}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	# shellcheck disable=SC2016
-	FILL_BLANKS='{$5 || $5 = "?"; length($4) || $4 = "?"; length($3) || $3 = "?"}'
-fi
-
-assertHaveCommand "$CMD"
-# shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $AWK_IFS "$HEADERIZE $MASSAGE $FILTER $FILL_BLANKS $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK $AWK_IFS '$HEADERIZE $MASSAGE $FILTER $FILL_BLANKS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/version.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/version.sh
deleted file mode 100755
index ed494ef4..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/version.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-PRINTF='END {printf "%s %s %s %s %s %s\n", DATE, MACH_HW_NAME, MACH_ARCH_NAME, OS_REL, OS_NAME, OS_VER}'
-
-
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "Darwin" ] || [ "$KERNEL" = "FreeBSD" ] ; then
-	assertHaveCommand date
-	assertHaveCommand uname
-	CMD='eval date ; eval uname -m ; eval uname -r ; eval uname -s ; eval uname -v ; eval uname -p'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-	# HP-UX lacks -p switch.
-	assertHaveCommand date
-	assertHaveCommand uname
-	CMD='eval date ; eval uname -m ; eval uname -r ; eval uname -s ; eval uname -v'
-elif [ "$KERNEL" = "AIX" ] ; then
-	# AIX uses oslevel for version and release switch.
-	assertHaveCommand date
-	assertHaveCommand uname
-	CMD='eval date ; eval uname -m ; eval oslevel -r ; eval uname -s ; eval oslevel -s'
-fi
-
-# Get the date.
-# shellcheck disable=SC2016
-PARSE_0='NR==1 {DATE=$0}'
-# shellcheck disable=SC2016
-PARSE_1='NR==2 {MACH_HW_NAME="machine_hardware_name=\"" $0 "\""}'
-# shellcheck disable=SC2016
-PARSE_2='NR==3 {OS_REL="os_release=\"" $0 "\""}'
-# shellcheck disable=SC2016
-PARSE_3='NR==4 {OS_NAME="os_name=\"" $0 "\""}'
-# shellcheck disable=SC2016
-PARSE_4='NR==5 {OS_VER="os_version=\"" $0 "\""}'
-# shellcheck disable=SC2016
-PARSE_5='NR==6 {MACH_ARCH_NAME="machine_architecture_name=\"" $0 "\""}'
-
-MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5"
-
-$CMD | tee "$TEE_DEST" | $AWK "$MASSAGE $PRINTF"
-echo "Cmd = [$CMD];  | $AWK '$MASSAGE $PRINTF'" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat.sh
deleted file mode 100755
index 2fc902bc..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat.sh
+++ /dev/null
@@ -1,181 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# hardware.sh is called in all commands to get CPU counts. The CPU count is required to determine
-# the number of threads that waited for execution time. CPU count accounts for hyperthreaded cores so
-# (load average - CPU count) gives a reasonable estimate of how many threads were waiting to execute.
-
-HEADER='memTotalMB   memFreeMB   memUsedMB  memFreePct  memUsedPct   pgPageOut  swapUsedPct   pgSwapOut   cSwitches  interrupts       forks   processes     threads  loadAvg1mi  waitThreads    interrupts_PS    pgPageIn_PS    pgPageOut_PS'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='END {printf "%10d  %10d  %10d  %10.1f  %10.1f  %10s   %10.1f  %10s  %10s  %10s  %10s  %10s  %10s  %10.2f  %10.2f    %10.2f    %10.2f    %10.2f\n", memTotalMB, memFreeMB, memUsedMB, memFreePct, memUsedPct, pgPageOut, swapUsedPct, pgSwapOut, cSwitches, interrupts, forks, processes, threads, loadAvg1mi, waitThreads, interrupts_PS, pgPageIn_PS, pgPageOut_PS}'
-DERIVE='END {memUsedMB=memTotalMB-memFreeMB; memUsedPct=(100.0*memUsedMB)/memTotalMB; memFreePct=100.0-memUsedPct; swapUsedPct=swapUsed ? (100.0*swapUsed)/(swapUsed+swapFree) : 0;  waitThreads=loadAvg1mi > cpuCount ? loadAvg1mi-cpuCount : 0}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	assertHaveCommand uptime
-	assertHaveCommand ps
-	assertHaveCommand vmstat
-	assertHaveCommand sar
-	# shellcheck disable=SC2016
-	CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1}'
-	# shellcheck disable=SC2016
-	PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}'
-	# shellcheck disable=SC2016
-	PARSE_2='/pages paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
-	# shellcheck disable=SC2016
-	PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
-	# shellcheck disable=SC2016
-	PARSE_4='/^CPU_COUNT/ {cpuCount=$2}'
-	# shellcheck disable=SC2016
-	PARSE_5='($3 ~ "INTR") {nr[NR+3]} NR in nr {interrupts_PS=$3}'
-	# shellcheck disable=SC2016
-	PARSE_6='($3 ~ "pgpgin*") {nr2[NR+3]} NR in nr2 {pgPageIn_PS=$2; pgPageOut_PS=$3}'
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
-elif [ "$KERNEL" = "SunOS" ] ; then
-	assertHaveCommand vmstat
-	assertHaveCommandGivenPath /usr/sbin/swap
-	assertHaveCommandGivenPath /usr/sbin/prtconf
-	assertHaveCommand prstat
-	assertHaveCommand sar
-	if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
-		# shellcheck disable=SC2016
-		CMD='eval /usr/sbin/prtconf 2>/dev/null | grep Memory ; /usr/sbin/swap -s ; vmstat    1 2 | sed "3d" ; vmstat -s ; prstat -n 1 1 1; `dirname $0`/hardware.sh; sar -gp 1 2; '
-	else
-		# shellcheck disable=SC2016
-		CMD='eval /usr/sbin/prtconf 2>/dev/null | grep Memory ; /usr/sbin/swap -s ; vmstat -q 1 2 | sed "3d" ; vmstat -s ; prstat -n 1 1 1; `dirname $0`/hardware.sh; sar -gp 1 2'
-	fi
-	# shellcheck disable=SC2016
-	PARSE_0='/^Memory size:/ {memTotalMB=$3} (NR==5) {memFreeMB=$5 / 1024}'
-	# shellcheck disable=SC2016
-	PARSE_1='(NR==2) {swapUsed=0+$(NF-3); swapFree=0+$(NF-1)}'
-	# shellcheck disable=SC2016
-	PARSE_2='/pages paged out$/ {pgPageOut=$1} /pages swapped out$/ {pgSwapOut=$1}'
-	# shellcheck disable=SC2016
-	PARSE_3='/cpu context switches$/ {cSwitches=$1} /device interrupts$/ {interrupts=$1} / v?forks$/ {forks+=$1}'
-	# shellcheck disable=SC2016
-	PARSE_4='/^Total: / {processes=$2; threads=$4; loadAvg1mi=0+$(NF-2)}'
-	# shellcheck disable=SC2016
-	PARSE_5='/^CPU_COUNT/ {cpuCount=$2}'
-	# Sample output: http://opensolarisforum.org/man/man1/sar.html
-	if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then
-		# shellcheck disable=SC2016
-		PARSE_6='($1 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$3;}'
-		# shellcheck disable=SC2016
-		PARSE_7='($3 ~ "ppgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$3}'
-	else
-		# shellcheck disable=SC2016
-		PARSE_6='($3 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$5}'
-		# shellcheck disable=SC2016
-		PARSE_7='($3 ~ "pgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$4}'
-	fi
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $DERIVE"
-elif [ "$KERNEL" = "AIX" ] ; then
-	assertHaveCommand uptime
-	assertHaveCommand ps
-	assertHaveCommand vmstat
-	assertHaveCommandGivenPath /usr/sbin/lsps
-	assertHaveCommandGivenPath /usr/bin/svmon
-	# shellcheck disable=SC2016
-	CMD='eval uptime ; ps -e | wc -l ; ps -em | wc -l ; /usr/sbin/lsps -s ; vmstat    1 1 | tail -1 ; vmstat -s ; svmon; `dirname $0`/hardware.sh;'
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1-processes }'
-        # ps -em inclundes processes with there threads ( at least one), so processes must be excluded to count threads #
-	# shellcheck disable=SC2016
-	PARSE_1='(NR==5) {swapUsedPercentage=substr( $NF, 1, length($NF)-1 )} (NR==6) {pgPageIn_PS=0+$(NF-13); pgPageOut_PS=0+$(NF-12)}'
-	# shellcheck disable=SC2016
-	PARSE_2='/^memory / {memTotalMB=$2 / 256 ; memFreeMB=$4 / 256}'
-	# shellcheck disable=SC2016
-	PARSE_3='/paging space page outs$/ {pgPageOut=$1 ; pgSwapOut="?" }'
-        # no pgSwapOut parameter and can't be monitored in AIX (by Jacky Ho, Systex)
-	# shellcheck disable=SC2016
-	PARSE_4='/cpu context switches$/ {cSwitches=$1} /device interrupts$/ {interrupts=$1 ; forks="?" }'
-	# shellcheck disable=SC2016
-	PARSE_5='/^CPU_COUNT/ {cpuCount=$2}'
-	DERIVE='END {memUsedMB=memTotalMB-memFreeMB; memUsedPct=(100.0*memUsedMB)/memTotalMB; memFreePct=100.0-memUsedPct; swapUsedPct=swapUsedPercentage ? swapUsedPercentage : 0;  waitThreads=loadAvg1mi > cpuCount ? loadAvg1mi-cpuCount : 0}'
-	MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $DERIVE"
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand uptime
-    assertHaveCommand ps
-    assertHaveCommand /usr/sbin/swapinfo
-    assertHaveCommand vmstat
-    # shellcheck disable=SC2016
-	CMD='eval uptime ; ps -e | wc -l ; /usr/sbin/swapinfo -m; vmstat -f; vmstat -s; `dirname $0`/hardware.sh; vmstat 1 2'
-	# shellcheck disable=SC2016
-    PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} {threads="?"}'
-    # shellcheck disable=SC2016
-	PARSE_1='NR==5 {swapUsed=$3; swapFree=$4}'
-    # shellcheck disable=SC2016
-	PARSE_2='/^memory / {memTotalMB=$2; memUsedMB=$3; memFreeMB=$4}'
-    # shellcheck disable=SC2016
-	PARSE_3='(NR>=8 && $2=="forks,") {forks=$1}'
-    # shellcheck disable=SC2016
-	PARSE_4='/pages paged out$/ {pgPageOut=$1} /pages swapped out$/ {pgSwapOut=$1}'
-    # shellcheck disable=SC2016
-	PARSE_5='/interrupts$/ {interrupts=$1} /cpu context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
-    # shellcheck disable=SC2016
-	PARSE_6='/^CPU_COUNT/ {cpuCount=$2}'
-    # Sample output: http://ibgwww.colorado.edu/~lessem/psyc5112/usail/man/hpux/vmstat.1.html
-    # shellcheck disable=SC2016
-	PARSE_7='/^procs/ {nr[NR+3]} NR in nr {pgPageIn_PS=$8; pgPageOut_PS=$9; interrupts_PS=$13}'
-    MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $DERIVE"
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand sysctl
-	assertHaveCommand top
-	assertHaveCommand sar
-	# shellcheck disable=SC2016
-	CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; sar -gp 1 2'
-	FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
-	# shellcheck disable=SC2016
-	PARSE_0='/^hw.memsize:/ {memTotalMB=$2 / (1024*1024)}'
-	# shellcheck disable=SC2016
-	PARSE_1='/^PhysMem:/ {memFreeMB=toMB($6)+toMB($10)}' # we count "inactive" as "free", since it can be made available w/o a pagein/swapin
-	# shellcheck disable=SC2016
-	PARSE_2='/^vm.swapusage:/ {swapUsed=toMB($7); swapFree=toMB($10)}'
-	# shellcheck disable=SC2016
-	PARSE_3='/^VM:/ {pgPageOut=0+$7}'
-	if $OSX_GE_SNOW_LEOPARD; then
-		# shellcheck disable=SC2016
-		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}'
-	else
-		# shellcheck disable=SC2016
-		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-2)}'
-	fi
-	# shellcheck disable=SC2016
-	PARSE_5='/^Load Avg:/ {loadAvg1mi=0+$3}'
-	# shellcheck disable=SC2016
-	PARSE_6='/^CPU_COUNT/ {cpuCount=$2}'
-	# shellcheck disable=SC2016
-	PARSE_7='($0 ~ "Average" && $1 ~ "pgout*") {next} {pgPageOut_PS=$2}'
-	# shellcheck disable=SC2016
-	PARSE_8='($0 ~ "Average" && $1 ~ "pgin*") {next} {pgPageIn_PS=$2}'
-	MASSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $PARSE_8 $DERIVE"
-	FILL_BLANKS='END {pgSwapOut=cSwitches=interrupts=interrupts_PS=forks="?"}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	# shellcheck disable=SC2016
-	CMD='eval sysctl hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh'
-	FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
-	# shellcheck disable=SC2016
-	PARSE_0='(NR==1) {memTotalMB=$2 / (1024*1024)}'
-	# shellcheck disable=SC2016
-	PARSE_1='/pager pages paged out$/ {pgPageOut+=$1} /fork\(\) calls$/ {forks+=$1} /cpu context switches$/ {cSwitches+=$1} /interrupts$/ {interrupts+=$1}'
-	# shellcheck disable=SC2016
-	PARSE_2='/load averages:/ {loadAvg1mi=$6} /^[0-9]+ processes: / {processes=$1}'
-	# shellcheck disable=SC2016
-	PARSE_3='/^Swap: / {if(NF <= 5){ swapTotal=toMB($2); swapFree=toMB($4); swapUsed=swapTotal-swapFree; } else{ swapUsed=toMB($4); swapFree=toMB($6)}} /^Mem: / {memFreeMB=toMB($4)+toMB($12)}'
-	# shellcheck disable=SC2016
-	PARSE_4='/^CPU_COUNT/ {cpuCount=$2}'
-	# shellcheck disable=SC2016
-	PARSE_5='($3 ~ "INTR") {nr1[NR+3]} NR in nr1 {interrupts_PS=$3}'
-	# shellcheck disable=SC2016
-	PARSE_6='($3 ~ "pgpgin*") {nr2[NR+3]} NR in nr2 {pgPageIn_PS=$3; pgPageOut_PS=$4}'
-	MASSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
-	FILL_BLANKS='END {threads=pgSwapOut="?"}'
-fi
-
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF"  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat_metric.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat_metric.sh
deleted file mode 100755
index b9f4ce75..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vmstat_metric.sh
+++ /dev/null
@@ -1,193 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# hardware.sh is called in all commands to get CPU counts. The CPU count is required to determine
-# the number of threads that waited for execution time. CPU count accounts for hyperthreaded cores so
-# (load average - CPU count) gives a reasonable estimate of how many threads were waiting to execute.
-
-HEADER='memTotalMB   memFreeMB   memUsedMB  memFreePct  memUsedPct   pgPageOut  swapUsedPct   pgSwapOut   cSwitches  interrupts       forks   processes     threads  loadAvg1mi  waitThreads    interrupts_PS    pgPageIn_PS    pgPageOut_PS    OSName                                   OS_version  IP_address'
-HEADERIZE="BEGIN {print \"$HEADER\"}"
-PRINTF='END {printf "%10d  %10d  %10d  %10.1f  %10.1f  %10s   %10.1f  %10s  %10s  %10s  %10s  %10s  %10s  %10.2f   %10.2f    %13.2f    %11.2f    %12.2f    %-35s %15s  %-16s\n", memTotalMB, memFreeMB, memUsedMB, memFreePct, memUsedPct, pgPageOut, swapUsedPct, pgSwapOut, cSwitches, interrupts, forks, processes, threads, loadAvg1mi, waitThreads, interrupts_PS, pgPageIn_PS, pgPageOut_PS, OSName, OS_version, IP_address}'
-DERIVE='END {memUsedMB=memTotalMB-memFreeMB; memUsedPct=(100.0*memUsedMB)/memTotalMB; memFreePct=100.0-memUsedPct; swapUsedPct=swapUsed ? (100.0*swapUsed)/(swapUsed+swapFree) : 0;  waitThreads=loadAvg1mi > cpuCount ? loadAvg1mi-cpuCount : 0}'
-FILL_DIMENSIONS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?"}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	assertHaveCommand uptime
-	assertHaveCommand ps
-	assertHaveCommand vmstat
-	assertHaveCommand sar
-	# shellcheck disable=SC2016
-	CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2'
-	if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1)"
-    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1)"
-    fi
-	# shellcheck disable=SC2016
-	PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1}'
-	# shellcheck disable=SC2016
-	PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}'
-	# shellcheck disable=SC2016
-	PARSE_2='/pages paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
-	# shellcheck disable=SC2016
-	PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
-	# shellcheck disable=SC2016
-	PARSE_4='/^CPU_COUNT/ {cpuCount=$2}'
-	# shellcheck disable=SC2016
-	PARSE_5='($3 ~ "INTR") {nr[NR+3]} NR in nr {interrupts_PS=$3}'
-	# shellcheck disable=SC2016
-	PARSE_6='($3 ~ "pgpgin*") {nr2[NR+3]} NR in nr2 {pgPageIn_PS=$2; pgPageOut_PS=$3}'
-	MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
-elif [ "$KERNEL" = "SunOS" ] ; then
-	assertHaveCommand vmstat
-	assertHaveCommandGivenPath /usr/sbin/swap
-	assertHaveCommandGivenPath /usr/sbin/prtconf
-	assertHaveCommand prstat
-	assertHaveCommand sar
-	if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
-		# shellcheck disable=SC2016
-		CMD='eval /usr/sbin/prtconf 2>/dev/null | grep Memory ; /usr/sbin/swap -s ; vmstat    1 2 | sed "3d" ; vmstat -s ; prstat -n 1 1 1; `dirname $0`/hardware.sh; sar -gp 1 2; '
-	else
-		# shellcheck disable=SC2016
-		CMD='eval /usr/sbin/prtconf 2>/dev/null | grep Memory ; /usr/sbin/swap -s ; vmstat -q 1 2 | sed "3d" ; vmstat -s ; prstat -n 1 1 1; `dirname $0`/hardware.sh; sar -gp 1 2'
-	fi
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    # shellcheck disable=SC2016
-	PARSE_0='/^Memory size:/ {memTotalMB=$3} (NR==5) {memFreeMB=$5 / 1024}'
-	# shellcheck disable=SC2016
-	PARSE_1='(NR==2) {swapUsed=0+$(NF-3); swapFree=0+$(NF-1)}'
-	# shellcheck disable=SC2016
-	PARSE_2='/pages paged out$/ {pgPageOut=$1} /pages swapped out$/ {pgSwapOut=$1}'
-	# shellcheck disable=SC2016
-	PARSE_3='/cpu context switches$/ {cSwitches=$1} /device interrupts$/ {interrupts=$1} / v?forks$/ {forks+=$1}'
-	# shellcheck disable=SC2016
-	PARSE_4='/^Total: / {processes=$2; threads=$4; loadAvg1mi=0+$(NF-2)}'
-	# shellcheck disable=SC2016
-	PARSE_5='/^CPU_COUNT/ {cpuCount=$2}'
-	# Sample output: http://opensolarisforum.org/man/man1/sar.html
-	if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then
-		# shellcheck disable=SC2016
-		PARSE_6='($1 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$3;}'
-		# shellcheck disable=SC2016
-		PARSE_7='($3 ~ "ppgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$3}'
-	else
-		# shellcheck disable=SC2016
-		PARSE_6='($3 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$5}'
-		# shellcheck disable=SC2016
-		PARSE_7='($3 ~ "pgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$4}'
-	fi
-	MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $DERIVE"
-elif [ "$KERNEL" = "AIX" ] ; then
-	assertHaveCommand uptime
-	assertHaveCommand ps
-	assertHaveCommand vmstat
-	assertHaveCommandGivenPath /usr/sbin/lsps
-	assertHaveCommandGivenPath /usr/bin/svmon
-	# shellcheck disable=SC2016
-	CMD='eval uptime ; ps -e | wc -l ; ps -em | wc -l ; /usr/sbin/lsps -s ; vmstat    1 1 | tail -1 ; vmstat -s ; svmon; `dirname $0`/hardware.sh;'
-	DEFINE="-v OSName=$(uname -s) -v OSVersion=$(oslevel -r |  cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	# shellcheck disable=SC2016
-    PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1-processes }'
-        # ps -em inclundes processes with there threads ( at least one), so processes must be excluded to count threads #
-	# shellcheck disable=SC2016
-	PARSE_1='(NR==5) {swapUsedPercentage=substr( $NF, 1, length($NF)-1 )} (NR==6) {pgPageIn_PS=0+$(NF-13); pgPageOut_PS=0+$(NF-12)}'
-	# shellcheck disable=SC2016
-	PARSE_2='/^memory / {memTotalMB=$2 / 256 ; memFreeMB=$4 / 256}'
-	# shellcheck disable=SC2016
-	PARSE_3='/paging space page outs$/ {pgPageOut=$1 ; pgSwapOut="?" }'
-        # no pgSwapOut parameter and can't be monitored in AIX (by Jacky Ho, Systex)
-		# shellcheck disable=SC2016
-	PARSE_4='/cpu context switches$/ {cSwitches=$1} /device interrupts$/ {interrupts=$1 ; forks="?" }'
-	# shellcheck disable=SC2016
-	PARSE_5='/^CPU_COUNT/ {cpuCount=$2}'
-	PARSE_6='{OS_version=OSVersion/1000}'
-	DERIVE='END {memUsedMB=memTotalMB-memFreeMB; memUsedPct=(100.0*memUsedMB)/memTotalMB; memFreePct=100.0-memUsedPct; swapUsedPct=swapUsedPercentage ? swapUsedPercentage : 0;  waitThreads=loadAvg1mi > cpuCount ? loadAvg1mi-cpuCount : 0}'
-	MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    assertHaveCommand uptime
-    assertHaveCommand ps
-    assertHaveCommand /usr/sbin/swapinfo
-    assertHaveCommand vmstat
-	# shellcheck disable=SC2016
-    CMD='eval uptime ; ps -e | wc -l ; /usr/sbin/swapinfo -m; vmstat -f; vmstat -s; `dirname $0`/hardware.sh; vmstat 1 2'
-    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-	# shellcheck disable=SC2016
-    PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} {threads="?"}'
-    # shellcheck disable=SC2016
-	PARSE_1='NR==5 {swapUsed=$3; swapFree=$4}'
-	# shellcheck disable=SC2016
-    PARSE_2='/^memory / {memTotalMB=$2; memUsedMB=$3; memFreeMB=$4}'
-	# shellcheck disable=SC2016
-    PARSE_3='(NR>=8 && $2=="forks,") {forks=$1}'
-	# shellcheck disable=SC2016
-    PARSE_4='/pages paged out$/ {pgPageOut=$1} /pages swapped out$/ {pgSwapOut=$1}'
-	# shellcheck disable=SC2016
-    PARSE_5='/interrupts$/ {interrupts=$1} /cpu context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
-    # shellcheck disable=SC2016
-	PARSE_6='/^CPU_COUNT/ {cpuCount=$2}'
-    # Sample output: http://ibgwww.colorado.edu/~lessem/psyc5112/usail/man/hpux/vmstat.1.html
-	# shellcheck disable=SC2016
-    PARSE_7='/^procs/ {nr[NR+3]} NR in nr {pgPageIn_PS=$8; pgPageOut_PS=$9; interrupts_PS=$13}'
-    MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $DERIVE"
-elif [ "$KERNEL" = "Darwin" ] ; then
-	assertHaveCommand sysctl
-	assertHaveCommand top
-	assertHaveCommand sar
-	# shellcheck disable=SC2016
-	CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; sar -gp 1 2'
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
-	# shellcheck disable=SC2016
-	PARSE_0='/^hw.memsize:/ {memTotalMB=$2 / (1024*1024)}'
-	# shellcheck disable=SC2016
-	PARSE_1='/^PhysMem:/ {memFreeMB=toMB($6)+toMB($10)}' # we count "inactive" as "free", since it can be made available w/o a pagein/swapin
-	# shellcheck disable=SC2016
-	PARSE_2='/^vm.swapusage:/ {swapUsed=toMB($7); swapFree=toMB($10)}'
-	# shellcheck disable=SC2016
-	PARSE_3='/^VM:/ {pgPageOut=0+$7}'
-	if $OSX_GE_SNOW_LEOPARD; then
-		# shellcheck disable=SC2016
-		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}'
-	else
-		# shellcheck disable=SC2016
-		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-2)}'
-	fi
-	# shellcheck disable=SC2016
-	PARSE_5='/^Load Avg:/ {loadAvg1mi=0+$3}'
-	# shellcheck disable=SC2016
-	PARSE_6='/^CPU_COUNT/ {cpuCount=$2}'
-	# shellcheck disable=SC2016
-	PARSE_7='($0 ~ "Average" && $1 ~ "pgout*") {next} {pgPageOut_PS=$2}'
-	# shellcheck disable=SC2016
-	PARSE_8='($0 ~ "Average" && $1 ~ "pgin*") {next} {pgPageIn_PS=$2}'
-	MESSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $PARSE_8 $DERIVE"
-	FILL_BLANKS='END {pgSwapOut=cSwitches=interrupts=interrupts_PS=forks="?"}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	# shellcheck disable=SC2016
-	CMD='eval sysctl hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh'
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
-    FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
-	# shellcheck disable=SC2016
-	PARSE_0='(NR==1) {memTotalMB=$2 / (1024*1024)}'
-	# shellcheck disable=SC2016
-	PARSE_1='/pager pages paged out$/ {pgPageOut+=$1} /fork\(\) calls$/ {forks+=$1} /cpu context switches$/ {cSwitches+=$1} /interrupts$/ {interrupts+=$1}'
-	# shellcheck disable=SC2016
-	PARSE_2='/load averages:/ {loadAvg1mi=$6} /^[0-9]+ processes: / {processes=$1}'
-	# shellcheck disable=SC2016
-	PARSE_3='/^Swap: / {if(NF <= 5){ swapTotal=toMB($2); swapFree=toMB($4); swapUsed=swapTotal-swapFree; } else{ swapUsed=toMB($4); swapFree=toMB($6)}} /^Mem: / {memFreeMB=toMB($4)+toMB($12)}'
-	# shellcheck disable=SC2016
-	PARSE_4='/^CPU_COUNT/ {cpuCount=$2}'
-	# shellcheck disable=SC2016
-	PARSE_5='($3 ~ "INTR") {nr1[NR+3]} NR in nr1 {interrupts_PS=$3}'
-	# shellcheck disable=SC2016
-	PARSE_6='($3 ~ "pgpgin*") {nr2[NR+3]} NR in nr2 {pgPageIn_PS=$3; pgPageOut_PS=$4}'
-	MESSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
-	FILL_BLANKS='END {threads=pgSwapOut="?"}'
-fi
-# shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $MESSAGE $FILL_BLANKS $FILL_DIMENSIONS $PRINTF "  header="$HEADER"
-echo "Cmd = [$CMD];  | $AWK $DEFINE '$HEADERIZE $MESSAGE $FILL_BLANKS $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vsftpdChecker.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vsftpdChecker.sh
deleted file mode 100755
index 4d4ac671..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/vsftpdChecker.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-# VSFTPD configuration file format is common to all platforms, but may be in one
-# of several locations (and may also be restricted to root).
-if [ -f /etc/vsftpd.conf ] ; then
-	VSFTPD_CONFIG_FILE=/etc/vsftpd.conf
-elif [ -f /etc/vsftpd/vsftpd.conf ] ; then
-	VSFTPD_CONFIG_FILE=/etc/vsftpd/vsftpd.conf
-elif [ -f /private/etc/vsftpd.conf ] ; then
-	# Usually MAC OS X
-	VSFTPD_CONFIG_FILE=/private/etc/vsftpd.conf
-elif [ -f /usr/local/etc/vsftpd.conf ] ; then
-        # To support MAC OS 10.15
-        VSFTPD_CONFIG_FILE=/usr/local/etc/vsftpd.conf
-fi
-
-# Set the default. If the file is readable and has "anonymous_enable" commented
-# out, the default behavior is to ALLOW anonymous FTP. Reset the value of
-# anonymous_enable in the output if this is the case
-# line, then the allowed protocols will be the default of "2,1".
-FILL_BLANKS='END {
-	if (ANON_DEFAULT != 0) {
-		ANON_ENABLE=ANON_DEFAULT
-	}'
-PRINTF='{printf "%s app=vsftp %s %s %s\n", DATE, FILEHASH, LOCAL_ENABLE, ANON_ENABLE}}'
-
-# If $VSFTPD_CONFIG_FILE file exists and is a regular file.
-if [ -f "$VSFTPD_CONFIG_FILE" ] ; then
-
-        assertHaveCommand cat
-        assertHaveCommand date
-
-        # Get file hash
-        # shellcheck disable=SC2016
-        CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha256 $VSFTPD_CONFIG_FILE ; cat $VSFTPD_CONFIG_FILE'
-
-        # Get the date.
-        # shellcheck disable=SC2016
-        PARSE_0='NR==1 {DATE=$0}'
-
-        # Try to use cross-platform case-insensitive matching for text. Note
-        # that "match", "tolower", IGNORECASE and other common awk commands or
-        # options are actually nawk/gawk extensions so avoid them if possible.
-        # shellcheck disable=SC2016
-        PARSE_1='/[Ll][Oo][Cc][Aa][Ll][_][Ee][Nn][Aa][Bb][Ll][Ee]/ { split($0, arr, "=") ; LOCAL_ENABLE="local_enable=" arr[2] } '
-        # shellcheck disable=SC2016
-        PARSE_2='/^[Aa][Nn][Oo][Nn][Yy][Mm][Oo][Uu][Ss][_][Ee][Nn][Aa][Bb][Ll][Ee]/ { split($0, arr, "=") ; ANON_ENABLE="anonymous_enable=" arr[2] } '
-        # The default behavior is to permit anonymous FTP
-        PARSE_3='/^[#]+[[:blank:]]*[Aa][Nn][Oo][Nn][Yy][Mm][Oo][Uu][Ss][_][Ee][Nn][Aa][Bb][Ll][Ee]/ { ANON_DEFAULT="anonymous_enable=YES"} '
-        # shellcheck disable=SC2016
-        PARSE_4='/^SHA256/ {FILEHASH="file_hash=" $2}'
-
-        MASSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4"
-
-        $CMD | tee "$TEE_DEST" | $AWK "$MASSAGE $FILL_BLANKS $PRINTF"
-        echo "Cmd = [$CMD];  | $AWK '$MASSAGE $FILL_BLANKS $PRINTF'" >> "$TEE_DEST"
-
-else
-		echo "VSFTPD configuration file not found." >> "$TEE_DEST"
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/who.sh b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/who.sh
deleted file mode 100755
index f99813c1..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/bin/who.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: 2024 Splunk, Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-# shellcheck disable=SC1091
-. "$(dirname "$0")"/common.sh
-
-CMD='who -H'
-HEADER='USERNAME        LINE        HOSTNAME                                  TIME'
-# shellcheck disable=SC2016
-HEADERIZE='{NR == 1 && $0 = header}'
-# shellcheck disable=SC2016
-FORMAT='{length(hostname) || hostname=$NF; gsub("[)(]", "",hostname); time=$3; for (i=4; i<=lastTimeColumn; i++) time = time " " $i}'
-# shellcheck disable=SC2016
-PRINTF='{if (NR == 1) {print $0} else {printf "%-14s  %-10s  %-40.40s  %-s\n", $1,$2,hostname,time}}'
-
-if [ "$KERNEL" = "Linux" ] ; then
-	FILL_BLANKS='{hostname = ""; lastTimeColumn = NF-1; if (NF < 5) {hostname = "<console>"; lastTimeColumn = NF}}'
-elif [ "$KERNEL" = "SunOS" ] ; then
-	FILL_BLANKS='{hostname = ""; lastTimeColumn = NF-1; if (NF < 6) {hostname = "<console>"; lastTimeColumn = NF}}'
-elif [ "$KERNEL" = "AIX" ] ; then
-	FILL_BLANKS='{hostname = ""; lastTimeColumn = NF-1; if (NF < 6) {hostname = "<console>"; lastTimeColumn = NF}}'
-elif [ "$KERNEL" = "HP-UX" ] ; then
-    CMD='who -HR'
-    FILL_BLANKS='{hostname = ""; lastTimeColumn = NF-1; if (NF < 5) {hostname = "<console>"; lastTimeColumn = NF}}'
-elif [ "$KERNEL" = "Darwin" ] ; then
-	FILL_BLANKS='{hostname = ""; lastTimeColumn = NF-1; if (NF < 6) {hostname = "<console>"; lastTimeColumn = NF}}'
-elif [ "$KERNEL" = "FreeBSD" ] ; then
-	FILL_BLANKS='{hostname = ""; lastTimeColumn = NF-1; if (NF < 6) {hostname = "<console>"; lastTimeColumn = NF}}'
-fi
-
-assertHaveCommand "$CMD"
-
-out=$($CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILL_BLANKS $FORMAT $PRINTF"  header="$HEADER")
-lines=$(echo "$out" | wc -l)
-if [ "$lines" -gt 1 ]; then
-	echo "$out"
-	echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILL_BLANKS $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
-else
-	echo "No data is present" >> "$TEE_DEST"
-fi
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/.DS_Store b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/.DS_Store
deleted file mode 100644
index 05960af58af0c1d4c2b0686228f8015587c4b9da..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKO>fgc5S>i}tQ$~spi(bLmbgYGL8_{#7Zb{XD?xAo6zte77O8F74i<_c`CR@3
ze}OB%g#W?`-t2BAr>Qw2gm$9Yw;%Jo*{Aiamx#n<8IFkhL?q#i-CYzn7>~1WS;zGB
zfI>ZEPAMgH_I#1fx1w!_Rlq9nuPMOqt|Xr_{0^z{{sxOQz!)cnC-B2x%1}e1pb(6b
ze16Xxao^hFf~v?&-1i_`#6>wA{t%s=?ycK*q?A4RZu%jurlnsli;17V;nvGET?AKk
zKX?^K)vSO2X_}ONoJ6@I#9@Sxx3A+QOsh${Ou|BOr+Pp-jx*~YtX4<k<AFOG57z^C
zHGVuCxW}WT_1cm94<DVpn0;JaB<ZDE842VuW%mqT!538aD56jB1ZywpGZc%cXj4r*
z0Hdi|k76)0T7uio;(0b%7tnf6IWlWI>*qDrF6LoI*3RjiU*p^bgV$3M&-mxv@U^iU
z958%3Z=Z>HUo;teVC3K=;GE%K=9sa4ZLDLHEvdr)3|e((1)K3`TDwsJv)3i(0BcqO
ztAJIYsQ~8(7tZJztTn3CfkIsYfL(MeL!CbvnByAs4AvSk0u!1F)Kp=v7(&z0@0vKz
zV69QpNtnxrFf$8tLlJ6rJl|E}Bs`6_v<g@SHWk>>%|4(1&)V<*n<U$^3RngHD+NUN
zbb30$lFZq<wKzU&UHE%A8^_fe6$OPkj#Y(^;sdxcjJaF^dIoEa=z-Y}0VRVitO9>k
Ff!}*-(i#8&

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/app.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/app.conf
deleted file mode 100644
index 52645bab..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/app.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-[install]
-is_configured = false
-state = enabled
-build = 1720176219
-
-[ui]
-setup_view = ta_nix_configuration
-is_visible = true
-label = Splunk Add-on for Unix and Linux
-docs_section_override = AddOns:released
-
-[launcher]
-author = Splunk, Inc.
-version = 9.2.0
-description = Splunk Add-on for Unix and Linux
-
-[package]
-id = Splunk_TA_nix
-check_for_updates = true
-
-[id]
-name = Splunk_TA_nix
-version = 9.2.0
-
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/.DS_Store b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/.DS_Store
deleted file mode 100644
index 4033bed14e60e4ebe3317eda1c28d1b0b46d0317..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeH~K}*9h6vvZoYReFMP}nixb!aDyF}&0{4_>Y4L1ngfV6isCw)8LtJ?j_pllXP?
zy(B$M=T*eL2kGx6@4dA7k2NV{jE{<_$C$$yv!Ee4Ix7r^SB4rU8Od>uFp(knIN7m@
z{dM58H(0^qvqav1dH($mWoij3CoHp>$$1NBNu1@b`_3E9*2d<RWm#?O)_;(tp9gu7
zje_TE>|IEigtZ@pm+`cmI6EgY&4W0dKC6N_nnKFWRh&k$9LXY$GF9vAfMwhE#OciE
z{o$Z1dP8^774zYt+ZBUef3dKw-MxdO^T}iKl*$(^IEUXu*|uSg*V-YH0;B*bKnkp_
z0%nh}+H0!-Eu0h}1%6Th-wy&B(le|y)vE(8czniq3yB6k9{-WT&@-$wAp*vADNvVk
z^NGQAIgAUF=NVR-x}0%!XPC#_x&C<J>h3TuR666HCS6GZQeaturtUhp|DVENX5~lz
zatZZF0aD<fDZpD}e>{RknZ5Pf@^G&e(C(n2VP1s}82C$v0O;U*q@#j5F3^WO&#=<O
US#VsH1L+{31fdHl@Cyoj0>foY;Q#;t

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/.DS_Store b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/.DS_Store
deleted file mode 100644
index 669b48d9e091c25139533f40d628402664aa3051..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKO-sW-5S{IZCKRCug&qT5i?%{3#Y>F!;MIs8RBB=i24l7~tvQrJ&iZ4#`b+#f
zI<vbKYVAz~%RHEUo7tI!c?r8201)1!-vp=vfQ3d}uyObSv`)5!g7FlQ1>Hm5g|Q6r
zif+gF4+_w`D?$PRJe|f1@9zj#_C6F;A!T@i2nLWr`YrNxb!3>OL-S3%g~K>X$Bo9j
zC=^TOjZMq4D%OpEFEf7}j3=oVjIQYFT*^3{&x7zH8f3ld_OVRHL6i(eDk16*Fy#6&
zO8PSM<Rs~*D%aNwmTlX;YHd1gb=q~O*=fw`&a`vTs5|XuYc{j3o!$Mzv))7en8;^U
z9SHn_6}Ak|>194)W(8OQR$y%uFgu=AS(}Qu5LSQ{_$>u!e{j%<UBkI%wRPa2S^(q{
zx)pG)e*Tdiav-~gbIs^M2%U<oQ-x_Ugy|iGPRDiE#OIoIItcY-ypMUZFdd38t%q<_
zI0#oWkE{SIu&4m_euyfa|0k>ae-*?7E5Hh@rvjqX^}8O{X3o~7D(S3s&~DKP6qjrM
lO2LUbiZPas;u@L)`W>1eyM}Yk=t1z0fRcd+R^U$+_yqTxTXFyZ

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/nav/default.xml b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/nav/default.xml
deleted file mode 100644
index db16f8a4..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/nav/default.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!--
-  SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
-  SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-
-  -->
-<nav>
-  <view name="ta_nix_configuration" default='true' />
-</nav>
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.env_cloud.xml b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.env_cloud.xml
deleted file mode 100644
index 4968e7e1..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.env_cloud.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-  SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
-  SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-
-  -->
-<dashboard script="setup_cloud.js" stylesheet="setup.css" version="1.1">
-  <label>Splunk Add-on for Unix and Linux: Setup</label>
-  <row>
-    <panel>
-      <html>
-        <p>Please set up this add-on on your forwarders. Documentation on how to configure this add-on is
-          <a target="_blank" href="http://docs.splunk.com/Documentation/UnixAddOn/latest/User/DeploytheSplunkAdd-onforUnixandLinuxinadistributedSplunkenvironment">here</a>.
-          <br/>
-          Click on below button, if you are getting redirected to this page while editing the add-on's knowledge object.
-        </p>
-
-        <div id="btn-bar">
-                <input id="save-btn" class="btn btn-primary" type="submit" value="Click me!" />
-        </div>
-      </html>
-    </panel>
-  </row>
-</dashboard>
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.xml b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.xml
deleted file mode 100644
index 9164c275..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/data/ui/views/ta_nix_configuration.xml
+++ /dev/null
@@ -1,96 +0,0 @@
-<!--
-  SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
-  SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-
-  -->
-<!--
-  || NOTE: The `isVisible` property is a special Splunk Light only property
-  ||       that prevents this dashboard from appearing on the page:
-  ||       http://localhost:8000/en-US/app/search/dashboards .
-  ||       It has no effect on Splunk Enterprise.
-  -->
-<dashboard script="setup.js" stylesheet="setup.css" isVisible="false" version="1.1">
-    <label>Splunk Add-on for Unix and Linux: Setup</label>
-    <row>
-        <html>
-            <p id="overview">
-                The Splunk Add-on for Unix and Linux provides pre-built data inputs to facilitate
-                Linux and Unix system monitoring using Splunk.  Check out the
-                <a href="http://apps.splunk.com/app/833/" target="_blank">
-                    Splunk for Unix Technical Add-on
-                </a> page on <a href="http://apps.splunk.com/" target="_blank">Splunkbase</a>
-                for support information, the latest updates, and more.
-            </p>
-
-            <div id="not-unix-error" class="error-box">
-                This server is not running a known Unix or Linux operating system.
-                Install this add-on on Unix or Linux systems only.
-            </div>
-
-            <div>
-                <h2>File and Directory Inputs:</h2>
-                <table id="monitor-input-table" class="input-table">
-                    <tr>
-                        <th class="table-header">Name</th>
-                        <th>Enable
-                            <a href="#" class="enable-all-btn">(All)</a>
-                        </th>
-                        <th>Disable
-                            <a href="#" class="disable-all-btn">(All)</a>
-                        </th>
-                    </tr>
-                    <!-- Rows will be inserted here -->
-                </table>
-            </div>
-
-            <div>
-                <h2>Scripted Metric Inputs:</h2>
-                <table id="scripted-metric-input-table" class="input-table">
-                    <tr>
-                        <th class="table-header">Name</th>
-                        <th>Enable
-                            <a href="#" class="enable-all-btn">(All)</a>
-                        </th>
-                        <th>Disable
-                            <a href="#" class="disable-all-btn">(All)</a>
-                        </th>
-                        <th>Interval (sec)</th>
-                        <th>Index</th>
-                    </tr>
-                    <!-- Rows will be inserted here -->
-                </table>
-                <h2>Scripted Event Inputs:</h2>
-                <table id="scripted-event-input-table" class="input-table">
-                    <tr>
-                        <th class="table-header">Name</th>
-                        <th>Enable
-                            <a href="#" class="enable-all-btn">(All)</a>
-                        </th>
-                        <th>Disable
-                            <a href="#" class="disable-all-btn">(All)</a>
-                        </th>
-                        <th>Interval (sec)</th>
-                    </tr>
-                    <!-- Rows will be inserted here -->
-                </table>
-            </div>
-
-            <div id="generic-save-error" class="error-box">
-                There was an unexpected problem while saving the inputs.
-                Please reload the page and try again.
-            </div>
-
-            <div id="index-not-selected-error" class="error-box">
-                Field 'Index' is empty or invalid for the metric inputs. Change the index or disable the input.
-            </div>
-
-            <div id="invalid-interval-error" class="error-box">
-                Field 'Interval' must be a positive integer value.
-            </div>
-
-            <div id="btn-bar">
-                <input id="save-btn" class="btn btn-primary" type="submit" value="Save" />
-            </div>
-        </html>
-    </row>
-</dashboard>
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/eventtypes.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/eventtypes.conf
deleted file mode 100644
index ffee2f77..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/eventtypes.conf
+++ /dev/null
@@ -1,722 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-[nix_ta_custom_eventtype]
-search = NOT *
-
-[nix_ta_data]
-search = eventtype=nix_ta_custom_eventtype OR (sourcetype IN (vmstat_metric, iostat_metric, ps_metric, df_metric, interfaces_metric, cpu_metric, vmstat, iostat, ps, top, netstat, bandwidth, protocol, openPorts, time, lsof, df, who, usersWithLoginPrivs, lastlog, interfaces, cpu, auditd, package, hardware, bash_history, Unix:ListeningPorts, Unix:UserAccounts, Linux:SELinuxConfig, Unix:Service, Unix:SSHDConfig, Unix:Update, Unix:Uptime, Unix:Version, Unix:VSFTPDConfig, config_file, dhcpd, nfsiostat, ignored_type, aix_secure, osx_secure, linux_secure, linux_audit, syslog) OR source IN (/Library/Logs/*, /var/log/*, /var/adm/*, /etc/*))
-
-###### Globals ######
-[nix_security]
-search = sourcetype="*_secure"
-#tags = os unix
-
-[nix_configs]
-search = eventtype=nix_ta_data AND (source="/etc/*" OR source="*.conf" OR source="*.cfg")
-
-[nix_errors]
-search = eventtype=nix_ta_data error OR critical OR failure OR fail OR failed OR fatal
-#tags = error
-
-
-###### DHCP ######
-[dhcpd_server]
-search = sourcetype=dhcpd (DHCPACK OR DHCPNAK OR DHCPRELEASE)
-#tags = dhcp network session unix
-
-[dhcpd_start]
-search = sourcetype=dhcpd signature=DHCPACK
-#tags = start
-
-[dhcpd_unable_unexpected]
-search = sourcetype=dhcpd unable OR unexpected
-#tags = error
-
-[dhcpd_server_dhcpack]
-search = sourcetype=dhcpd DHCPACK
-
-[dhcpd_server_dhcpdiscover]
-search = sourcetype=dhcpd DHCPDISCOVER
-
-[dhcpd_server_dhcpoffer]
-search = sourcetype=dhcpd DHCPOFFER
-
-[dhcpd_server_dhcprelease]
-search = sourcetype=dhcpd DHCPRELEASE
-#tags = end
-
-[dhcpd_server_dhcprequest]
-search = sourcetype=dhcpd DHCPREQUEST
-
-
-###### Scripted Inputs ######
-## CPU stats
-[cpu]
-search = sourcetype=cpu
-#tags = performance os resource report unix cpu
-
-[cpu_anomalous]
-search = sourcetype=cpu PercentSystemTime>90
-#tags = enabled
-
-[df]
-search = sourcetype=df
-#tags = df host check success storage performance
-
-[iostat]
-search = sourcetype=iostat
-
-[nfsiostat]
-search = sourcetype=nfsiostat
-
-[lsof]
-search = sourcetype=lsof
-
-[hardware]
-search = sourcetype=hardware
-
-[interfaces]
-search = sourcetype=interfaces
-# tags = Inventory Network
-
-[lastlog]
-search = sourcetype=lastlog
-
-[netstat]
-search = sourcetype=netstat
-# listening port
-
-[openPorts]
-search = sourcetype=openPorts
-
-[package]
-search = sourcetype=package
-
-[protocol]
-search = sourcetype=protocol
-
-[ps]
-search = sourcetype=ps
-#tags = process oshost success ps cpu performance
-
-[top]
-search = sourcetype=top
-
-[time]
-search = sourcetype=time
-
-[usersWithLoginPrivs]
-search = sourcetype=usersWithLoginPrivs
-
-[vmstat]
-search = sourcetype=vmstat
-#tags = performance os avail unix report vmstat resource success memory
-
-[who]
-search = sourcetype=who
-
-[bandwidth]
-search = sourcetype=bandwidth
-
-
-###### System Logs ######
-
-#### Account Management
-[useradd]
-search = eventtype=nix_ta_data useradd user
-#tags = account management add change
-
-# Aug 20 20:21:12 host useradd[12811]: new account added - account=splunk, uid=1003, gid=1000, home=/opt/splunk, shell=/bin/false, by=0
-[useradd-suse]
-search = eventtype=nix_ta_data useradd new account added
-#tags = account management add change
-
-[userdel]
-search = eventtype=nix_ta_data userdel user
-#tags = account management delete change
-
-[groupadd]
-search = eventtype=nix_ta_data groupadd group
-#tags = account management add change
-
-#Aug 20 20:21:12 host useradd[12811]: account added to group - account=splunk, group=services, gid=33, by=0
-[groupadd-suse]
-search = eventtype=nix_ta_data useradd account added group
-#tags = account management add change
-
-[groupdel]
-search = eventtype=nix_ta_data (NOT *deleting-user-from*) (groupdel OR userdel) group
-#tags = account management delete change
-
-[linux-password-change]
-search = eventtype=nix_ta_data process=passwd password changed
-#tags = account management password modify change
-
-#Feb 21 11:24:45 host passwd[17805]: password change failed, pam error 11 - account=root, uid=0, by=0
-[linux-password-change-failed]
-search = eventtype=nix_ta_data process=passwd password change failed
-#tags = account management password modify change
-
-
-#### acpi
-[nix_acpi]
-search = eventtype=nix_ta_data ACPI:
-#tags = os unix power
-
-
-#### agpgart
-[nix_agpgart]
-search = eventtype=nix_ta_data agpgart:
-#tags = os unix graphics
-
-
-#### apm
-[nix_apm]
-search = eventtype=nix_ta_data apm:
-#tags = os unix power
-
-
-#### auditd
-[auditd]
-search = sourcetype=auditd
-#tags = os unix resource file
-
-[auditd_modify]
-search = source=auditd PATH
-#tags = modify
-
-
-#### Authentication
-
-## ksu
-[ksu_authentication]
-# NOTE: May want to restrict search `ksu` to `cmd="ksu"` to reduce false positives.
-search = eventtype=nix_ta_data ksu ("authentication failed" OR authenticated OR (Account authorization (failed OR successful)))
-#tags = authentication
-
-## login
-[login_authentication]
-search = eventtype=nix_ta_data login: "Login failure on"
-#tags = authentication
-
-## pam
-[pam_unix_authentication]
-search = eventtype=nix_ta_data pam_unix (gdm OR sudo OR su) ("authentication failure" OR "session opened")
-#tags = authentication
-
-## passwd
-#Oct  2 20:45:29 host passwd[15323]: User admin: Authentication failure
-[passwd-auth-failure]
-search = eventtype=nix_ta_data process=passwd Authentication failure punct="*__::_*_[]:__:__"
-#tags = application authentication
-
-## rlogin
-[rlogin_too_many_failures]
-search = eventtype=nix_ta_data "general syslog msg" "TOO MANY LOGIN TRIES"
-#tags = application attack watchlist
-
-## Detects a failed user login via Telnet or Rlogin (except root) on Linux Red Hat 6.2 or 7 server.
-[remote_login_failure]
-search = eventtype=nix_ta_data "pam_rhosts_auth" AND ("denied to" OR "access not allowed")
-#tags = application authentication remote
-
-## Detects a allowed user login via Telnet or Rlogin (except root) on Linux Red Hat 6.2 or 7 server.
-[remote_login_allowed]
-search = eventtype=nix_ta_data  "pam_rhosts_auth" AND "allowed to"
-#tags = application authentication remote
-
-## sshd
-[sshd_authentication]
-# osx sshd authentication error
-# Jul 16 11:10:45 mycomputer sshd[34666]: error: PAM: authentication error for xxx from localhost via ::1
-# Apr  2 12:42:08 mycomputer sshd[15578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=host
-search = eventtype=nix_ta_data "sshd[" (((Accepted OR Failed OR failure OR "Invalid user" OR "authentication error") (from OR ())) OR "Authorized to" OR "Authentication tried" OR "Login restricted") NOT ("POSSIBLE BREAK-IN ATTEMPT")
-#tags = authentication remote
-
-[ssh_login_postponed]
-search = eventtype=nix_ta_data punct="*_::_*_[]:____*_...___" sshd Postponed
-# no tags assigned to this eventtype
-
-[ssh_open]
-search = eventtype=nix_ta_data punct="*__::_*_[]:_(:):_____*__(=)" sshd (session opened) OR (connection from)
-#tags = communicate connect
-
-# example = Dec 17 15:15:12 domU-12-31-39-03-01-11 sshd[24912]: Connection closed by 195.43.9.246
-[ssh_close]
-search = eventtype=nix_ta_data punct="*__::_*_[]:____*..." OR punct="*__::_*_[]:_(:):_____" OR punct="*__::_*_()[]:_____" sshd (Closing connection to) OR (Connection closed by) OR (session closed)
-#tags = access stop logoff
-
-# example = Dec 17 18:31:44 domU-12-31-39-03-01-11 sshd[31792]: Received disconnect from 74.53.187.50: 11: Bye Bye
-[ssh_disconnect]
-search = eventtype=nix_ta_data punct="*__::_*_[]:___*...:_:__"  Bye Received disconnect
-#tags = access stop logoff
-
-[ssh_check_pass]
-search = eventtype=nix_ta_data sshd check pass user unknown (punct="__*::_*_()[]:__;__" OR punct="*__::_*_[]:_(:):__;__")
-#no tags assigned to this eventtype
-
-## su
-[su_authentication]
-# Example event, from su on CentOS7
-# type=USER_AUTH msg=audit(1611753517.687:2310): pid=10012 uid=0 auid=2024 ses=181 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=so1 addr=? terminal=pts/1 res=success'
-
-search = eventtype=nix_ta_data NOT "USER_CMD" ((from to) OR succeeded OR success OR successful OR failed OR failure) (cmd="su" OR ("USER_AUTH" AND exe=*/su*) OR ((NOT BAD) su: from to at))
-#tags = authentication
-
-[su_failed]
-search = eventtype=nix_ta_data (("failed SU to another user" AND "Agent platform:" AND "linux-x86") OR ("failed SU to another user" AND "authentication failure" AND "for su service") OR ("failed SU to another user" AND logname=*) OR ("BAD SU "))
-#tags = authentication
-
-[su_session]
-search = eventtype=nix_ta_data su: session
-#tags = session
-
-[su_root_session]
-search = eventtype=nix_ta_data su: session root
-#tags = session privileged
-
-## Telnet
-[wksh_authentication]
-search = eventtype=nix_ta_data wksh "HANDLING TELNET CALL"
-# no tags assigned to this eventtype
-
-#### automount
-[nix_automount]
-search = eventtype=nix_ta_data automount punct="::__::_*:_*"
-#tags = os unix
-
-
-#### Config
-[nix_config_change]
-search = eventtype=nix_ta_data Configuration changed
-#tags = os unix host configuration modify
-
-
-#### Console
-[nix_console]
-search = eventtype=nix_ta_data Console:
-#tags = os unix
-
-
-#### cron
-[nix_cron]
-search = eventtype=nix_ta_data cron OR crond punct="::__::_*:_*" NOT Install: NOT Updated: NOT Erased:
-#tags = os unix
-
-
-#### CUPS
-[nix_cups_access]
-search = eventtype=nix_ta_data punct="_-_-_[//:::_-]_\"_//._/.\"___-_-"
-#tags = os unix access printer
-
-[nix_cups_error]
-search = eventtype=nix_ta_data punct="_[//:::_-]_*"
-#tags = os unix printer
-
-[nix_cups_page]
-search = eventtype=nix_ta_data punct="___[//:::_-]___-_"
-#tags = os unix printer
-
-
-#### dhclient
-[nix_dhclient]
-search = eventtype=nix_ta_data dhclient punct="__::_*:_*" NOT punct="//_::_*:_*." NOT punct="\"///*\"" NOT Rule NOT Name
-#tags = os unix
-
-
-#### DMA
-[nix_dma]
-search = eventtype=nix_ta_data DMA zone:
-#tags = os unix memory access
-
-
-#### Firewall
-# These firewall accept and deny rules are based on iptables logs.  For additional firewalls the user must develop a device add
-# on and tag their events with these tags
-[iptables_firewall_accept]
-search = eventtype=nix_ta_data signature=firewall action=PASS OR action=permit
-#tags = os unix host firewall communicate success
-
-[iptables_firewall_deny]
-search = eventtype=nix_ta_data signature=firewall action=BLOCK OR action=dropped
-#tags = os unix host firewall communicate failure
-
-
-#### FTP
-[nix_ftp_xferlog]
-search = eventtype=nix_ta_data punct="___*::___...__///*"
-#tags = os unix ftp transfer
-
-[nix_ncftpd_logins]
-search = eventtype=nix_ta_data ncftpd punct="*__::_*:_*"
-#tags = os unix ftp authentication
-
-
-#### Fingerprinting
-[nix_fingerprinting]
-search = eventtype=nix_ta_data Client OS detected:
-#tags = os unix
-
-
-#### gconfd
-[nix_gconfd]
-search = eventtype=nix_ta_data gconfd
-#tags = os unix
-
-[nix_gconfd_error]
-search = eventtype=nix_ta_data gconfd Error
-#tags = error
-
-[nix_gconfd_exiting]
-search = eventtype=nix_ta_data gconfd Exiting OR signal
-#tags = stop
-
-[nix_gconfd_resolved_address]
-search = eventtype=nix_ta_data gconfd Resolved address
-
-[nix_gconfd_starting]
-search = eventtype=nix_ta_data gconfd starting
-#tags = start
-
-
-#### gdm
-[nix_gdm]
-search = eventtype=nix_ta_data gdm punct="*__::_*:_*" NOT scrollkeeper NOT Updated: NOT Installed: NOT Erased: NOT pam*
-#tags = os unix
-
-
-#### gpm
-[nix_gpm]
-search = eventtype=nix_ta_data gpm  NOT Installed: NOT Updated: NOT Erased: NOT user NOT *.rpm punct="*__::_*:_*."
-#tags = os unix
-
-
-#### FreeBSD
-[freebsd_refresh_na_answer]
-search = eventtype=nix_ta_data refresh named punct="*__::_*_[]:__./:_:_-____...#_(_...#)"
-#tags = os unix
-
-[freebsd_refresh_retry_exceeded]
-search = eventtype=nix_ta_data refresh named punct="*__::_*_[]:__./:_:_____...#__(_...#)"
-#tags = os unix
-
-
-#### hald
-[nix_hald]
-search = eventtype=nix_ta_data hald punct="*__::_*:_*"
-#tags = os unix
-
-
-#### hpiod
-[hpiod_Linux_syslog]
-search = eventtype=nix_ta_data hpiod punct="*__::_*:_*"
-#tags = os unix
-
-
-#### kernel
-[nix_kernel_attached]
-search = eventtype=nix_ta_data kernel
-#tags = os unix kernel
-
-
-#### kill
-[nix_process_kill]
-search = eventtype=nix_ta_data exiting signal 15
-#tags = os unix process stop
-
-
-#### mDNSResponder
-[nix_mDNSResponder]
-search = eventtype=nix_ta_data mDNSResponder punct="*__::_*:_*"
-#tags = os unix dns
-
-
-#### named
-[nix_named1]
-search = eventtype=nix_ta_data named punct="*__::_/_[]:__*" OR punct="*__::_..._[]:_*"
-#tags = os unix dns
-
-[nix_named2]
-search = eventtype=nix_ta_data named punct="*__::_*_[]:__*" NOT punct="__::_*_[]:_____..."
-#tags = os unix dns
-
-
-#### OSX Crash Log
-[osx_crash_log]
-search = eventtype=nix_ta_data Host Name Date/Time
-#tags = os unix error
-
-
-#### Netlabel
-[nix_netlabel]
-search = eventtype=nix_ta_data NetLabel:
-#tags = os unix kernel
-
-
-#### PCI
-[nix_pci]
-search = eventtype=nix_ta_data PCI: NOT BIOS
-#tags = os unix
-
-
-#### Plug-n-play
-[nix_pnp]
-search = eventtype=nix_ta_data pnp:
-#tags = os unix
-
-
-#### POP3
-[nix_popper]
-search = eventtype=nix_ta_data popper
-#tags = os unix mail
-
-
-#### postfix
-[nix_postfix]
-search = eventtype=nix_ta_data postfix punct="*__::_*:_*"
-#tags = os unix
-
-
-#### Prelink
-[nix_prelink]
-search = eventtype=nix_ta_data /usr/sbin/prelink: OR Prelinking
-#tags = os unix
-
-
-#### RPC
-[nix_rpc_statd]
-search = eventtype=nix_ta_data rpc.statd
-#tags = os unix
-
-
-#### RPM
-[nix_rpm]
-search = eventtype=nix_ta_data *.rpm  punct="*-*.*."
-#tags = os update
-
-
-#### Runlevel
-[nix_runlevel_change]
-search = eventtype=nix_ta_data init: punct="*__::_*:_*"
-#tags = os unix configuration modify
-
-
-#### SNMPD
-[snmpd]
-search = eventtype=nix_ta_data snmpd
-#tags = os unix snmp
-
-[snmpd_failure]
-search = eventtype=nix_ta_data snmpd SNMPD_*_FAILURE
-#tags = failure
-
-
-#### scrollkeeper
-[nix_scrollkeeper]
-search = eventtype=nix_ta_data scrollkeeper punct="__::__*"
-#tags = os unix
-
-
-## Shutdown
-[nix_halt]
-search = eventtype=nix_ta_data shutdown: system halt
-#tags = os unix stop
-
-[nix_restart]
-search = eventtype=nix_ta_data shutdown: system reboot
-#tags = os unix stop
-
-
-#### smartd
-[nix_smartd]
-search = eventtype=nix_ta_data smartd punct="*__::_*:_*"
-#tags = os unix
-
-
-#### Time
-[nix_timesync]
-search = eventtype=nix_ta_data (ntpd OR ntpdate OR xntpd OR xntpdate OR "MS Name/IP address") (("LastRx" AND "stratum") OR "Adjusting system clock" OR "synchronized to" OR "step time server" OR "adjust time server")
-#tags = report time synchronize success
-
-[nix_timesync_failure]
-search = eventtype=nix_ta_data (ntpd OR ntpdate OR xntpd OR xntpdate OR 506) ("NTP Server Unreachable" OR "Cannot talk to daemon")
-#tags = report time synchronize failure
-
-
-#### Update
-[nix_yum_update]
-search = eventtype=nix_ta_data yum Updated
-#tags = report update success
-
-
-#### udevd
-[nix_udevd]
-search = eventtype=nix_ta_data udevd
-#tags = os unix kernel
-
-
-#### USB
-[nix_usb]
-search = eventtype=nix_ta_data usb*: NOT punct="<>:__*"
-#tags = os unix usb
-
-
-#### userhelper
-[nix_userhelper]
-search = eventtype=nix_ta_data userhelper* NOT punct="__*::_*:_*"
-#tags = os unix
-
-
-###### ADDED FROM UNIX APP ######
-[failed_login]
-search = eventtype=nix_ta_data "failed login" OR "FAILED LOGIN" OR "Authentication failure"  OR "Failed to authenticate user" OR "authentication ERROR" OR "Failed password for"
-#tags = authentication
-
-[Failed_SU]
-search = eventtype=nix_ta_data ("failed SU to another user" AND "Agent platform:" AND "linux-x86") OR ("failed SU to another user" AND "authentication failure" AND "for su service") OR ("failed SU to another user" AND logname=*) OR (exe="/bin/su" AND res="failed") OR (FAILED su for) OR (source="/var/adm/sulog" SU " - ") OR ("BAD SU ")
-#tags = authentication
-
-[nix-all-logs]
-search = eventtype=nix_ta_data AND (source="*.log" OR source="*.log.*" OR source="*/log/*" OR source="/var/adm/*" OR source="access*" OR source="*error*" OR sourcetype="syslo*" NOT source=usersWithLoginPrivs NOT sourcetype=lastlog)
-
-###### END FROM UNIX APP ######
-
-###### ADDED FROM TA-deploymentapps ######
-
-###### Scripted Inputs ######
-
-## Global
-[aix_scripted_input]
-search = sourcetype=AIX:*
-#tags = check report
-
-[hpux_scripted_input]
-search = sourcetype=HPUX:*
-#tags = check report
-
-[linux_scripted_input]
-search = sourcetype=Linux:*
-#tags = check report
-
-[osx_scripted_input]
-search = sourcetype=OSX:*
-#tags = check report
-
-[solaris_scripted_input]
-search = sourcetype=Solaris:*
-#tags = check report
-
-[unix_scripted_input]
-search = sourcetype=Unix:*
-#tags = check report
-
-## CPUTime
-[cputime]
-search = NOT (sourcetype=WMI:CPUTime OR sourcetype=Perfmon:CPUTime) sourcetype=*:CPUTime
-#tags = performance os avail cpu
-
-[cputime_anomalous]
-search = NOT (sourcetype=WMI:CPUTime OR sourcetype=Perfmon:CPUTime) sourcetype=*:CPUTime PercentSystemTime>90
-#tags = anomalous
-
-## Disk
-[freediskspace]
-search = NOT (sourcetype=WMI:FreeDiskSpace OR sourcetype=Perfmon:FreeDiskSpace) sourcetype=*:FreeDiskSpace
-#tags = performance os avail disk storage
-
-[freediskspace_anomalous]
-search = NOT (sourcetype=WMI:FreeDiskSpace OR sourcetype=Perfmon:FreeDiskSpace) sourcetype=*:FreeDiskSpace PercentFreeSpace<10
-#tags = anomalous
-
-## Listening Ports
-[listeningports]
-search = (NOT sourcetype=WMI:ListeningPorts) sourcetype=*:ListeningPorts (NOT file_hash=*)
-#tags = os config report
-
-## Local Processes
-[localprocesses]
-search = (NOT sourcetype=WMI:LocalProcesses) sourcetype=*:LocalProcesses
-#tags = os avail process
-
-[localprocesses_anomalous]
-search = (NOT sourcetype=WMI:LocalProcesses) sourcetype=*:LocalProcesses (PercentSystemTime>50 OR PercentMemory>50) NOT app=Total
-#tags = anomalous
-
-## Memory
-[memory]
-search = NOT (sourcetype=WMI:Memory OR sourcetype=Perfmon:Memory) sourcetype=*:Memory
-#tags = performance os avail memory
-
-[memory_anomalous]
-search = NOT (sourcetype=WMI:Memory OR sourcetype=Perfmon:Memory) sourcetype=*:Memory mem_free<104857600
-#tags = anomalous
-
-## SELinux Config
-[selinuxconfig]
-search = sourcetype=Linux:SELinuxConfig
-#tags = application config selinux
-
-## Service
-[service]
-search = (NOT sourcetype=WMI:Service) sourcetype=*:Service (NOT file_hash=*)
-#tags = os config service report
-
-[service_runlevel_anomalous]
-search = sourcetype=*:Service (runlevel0=on OR runlevel6=on)
-#tags = anomalous
-
-## SSHD Config
-[sshdconfig]
-search = sourcetype=*:SSHDConfig
-#tags = application config ssh
-
-[sshd_insecure]
-search = eventtype=nix_ta_data sshd_protocol=*1*
-#tags = insecure
-
-## Update
-[update]
-search = sourcetype=*:Update
-#tags = os info update
-
-[update_status]
-search = sourcetype=*:Update NOT total_updates
-#tags = status
-
-## Uptime
-[uptime]
-search = (NOT sourcetype=WMI:Uptime) sourcetype=*:Uptime
-#tags = os info report uptime performance
-
-[uptime_anomalous]
-search = (NOT sourcetype=WMI:Uptime) sourcetype=*:Uptime SystemUpTime>2592000
-#tags = anomalous
-
-## User Accounts
-[useraccounts]
-search = sourcetype=*:UserAccounts (NOT file_hash=*)
-#tags = (os) config user inventory
-
-[useraccounts_anomalous]
-search = sourcetype=*:UserAccounts NOT password=x NOT password=\* (NOT file_hash=*)
-#tags = anomalous
-
-## Version
-[nix_version]
-search = (NOT sourcetype=WMI:Version) sourcetype=*:Version
-#tags = os info report system version inventory
-
-## VSFTDP Config
-[vsftpd_config]
-search = sourcetype=*:VSFTPDConfig
-#tags = application config ftp cleartext
-
-[vsftpd_config_anonymous]
-search = sourcetype=*:VSFTPDConfig anonymous_enable=YES
-#tags = anonymous
-
-###### END FROM TA-deploymentapps ######
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/inputs.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/inputs.conf
deleted file mode 100644
index 9e0eeb7c..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/inputs.conf
+++ /dev/null
@@ -1,270 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-[script://./bin/vmstat_metric.sh]
-sourcetype = vmstat_metric
-source = vmstat
-interval = 60
-disabled = 1
-
-[script://./bin/iostat_metric.sh]
-sourcetype = iostat_metric
-source = iostat
-interval = 60
-disabled = 1
-
-[script://./bin/ps_metric.sh]
-sourcetype = ps_metric
-source = ps
-interval = 30
-disabled = 1
-
-[script://./bin/df_metric.sh]
-sourcetype = df_metric
-source = df
-interval = 300
-disabled = 1
-
-[script://./bin/interfaces_metric.sh]
-sourcetype = interfaces_metric
-source = interfaces
-interval = 60
-disabled = 1
-
-[script://./bin/cpu_metric.sh]
-sourcetype = cpu_metric
-source = cpu
-interval = 30
-disabled = 1
-
-################################################
-############### Event Inputs ###################
-################################################
-
-[script://./bin/vmstat.sh]
-interval = 60
-sourcetype = vmstat
-source = vmstat
-disabled = 1
-
-[script://./bin/iostat.sh]
-interval = 60
-sourcetype = iostat
-source = iostat
-disabled = 1
-
-[script://./bin/nfsiostat.sh]
-interval = 60
-sourcetype = nfsiostat
-source = nfsiostat
-disabled = 1
-
-[script://./bin/ps.sh]
-interval = 30
-sourcetype = ps
-source = ps
-disabled = 1
-
-[script://./bin/top.sh]
-interval = 60
-sourcetype = top
-source = top
-disabled = 1
-
-[script://./bin/netstat.sh]
-interval = 60
-sourcetype = netstat
-source = netstat
-disabled = 1
-
-[script://./bin/bandwidth.sh]
-interval = 60
-sourcetype = bandwidth
-source = bandwidth
-disabled = 1
-
-[script://./bin/protocol.sh]
-interval = 60
-sourcetype = protocol
-source = protocol
-disabled = 1
-
-[script://./bin/openPorts.sh]
-interval = 300
-sourcetype = openPorts
-source = openPorts
-disabled = 1
-
-[script://./bin/time.sh]
-interval = 21600
-sourcetype = time
-source = time
-disabled = 1
-
-[script://./bin/lsof.sh]
-interval = 600
-sourcetype = lsof
-source = lsof
-disabled = 1
-
-[script://./bin/df.sh]
-interval = 300
-sourcetype = df
-source = df
-disabled = 1
-
-# Shows current user sessions
-[script://./bin/who.sh]
-sourcetype = who
-source = who
-interval = 150
-disabled = 1
-
-# Lists users who could login (i.e., they are assigned a login shell)
-[script://./bin/usersWithLoginPrivs.sh]
-sourcetype = usersWithLoginPrivs
-source = usersWithLoginPrivs
-interval = 3600
-disabled = 1
-
-# Shows last login time for users who have ever logged in
-[script://./bin/lastlog.sh]
-sourcetype = lastlog
-source = lastlog
-interval = 300
-disabled = 1
-
-# Shows stats per link-level Etherner interface (simply, NIC)
-[script://./bin/interfaces.sh]
-sourcetype = interfaces
-source = interfaces
-interval = 60
-disabled = 1
-
-# Shows stats per CPU (useful for SMP machines)
-[script://./bin/cpu.sh]
-sourcetype = cpu
-source = cpu
-interval = 30
-disabled = 1
-
-# This script reads the auditd logs translated with ausearch
-[script://./bin/rlog.sh]
-sourcetype = auditd
-source = auditd
-interval = 60
-disabled = 1
-
-# Run package management tool collect installed packages
-[script://./bin/package.sh]
-sourcetype = package
-source = package
-interval = 3600
-disabled = 1
-
-[script://./bin/hardware.sh]
-sourcetype = hardware
-source = hardware
-interval = 36000
-disabled = 1
-
-[monitor:///Library/Logs]
-disabled = 1
-
-[monitor:///var/log]
-whitelist=(\.log|log$|messages|secure|auth|mesg$|cron$|acpid$|\.out)
-blacklist=(lastlog|anaconda\.syslog)
-disabled = 1
-
-[monitor:///var/adm]
-whitelist=(\.log$|messages)
-disabled = 1
-
-[monitor:///etc]
-whitelist=(\.(conf|cfg|ini|init|cf|cnf|profile|rc|rules|tab|login)$|(config|shrc|tab|policy)$|^ifcfg)
-disabled = 1
-
-### bash history
-[monitor:///root/.bash_history]
-disabled = true
-sourcetype = bash_history
-
-[monitor:///home/*/.bash_history]
-disabled = true
-sourcetype = bash_history
-
-
-
-##### Added for ES support
-# Note that because the UNIX app uses a single script to retrieve information
-# from multiple OS flavors, and is intended to run on Universal Forwarders,
-# it is not possible to differentiate between OS flavors by assigning
-# different sourcetypes for each OS flavor (e.g. Linux:SSHDConfig), as was
-# the practice in the older deployment-apps included with ES. Instead,
-# sourcetypes are prefixed with the generic "Unix".
-
-# May require Splunk forwarder to run as root on some platforms.
-[script://./bin/openPortsEnhanced.sh]
-disabled = true
-interval = 3600
-source = Unix:ListeningPorts
-sourcetype = Unix:ListeningPorts
-
-[script://./bin/passwd.sh]
-disabled = true
-interval = 3600
-source = Unix:UserAccounts
-sourcetype = Unix:UserAccounts
-
-# Only applicable to Linux
-[script://./bin/selinuxChecker.sh]
-disabled = true
-interval = 3600
-source = Linux:SELinuxConfig
-sourcetype = Linux:SELinuxConfig
-
-# Currently only supports SunOS, Linux, OSX.
-# May require Splunk forwarder to run as root on some platforms.
-[script://./bin/service.sh]
-disabled = true
-interval = 3600
-source = Unix:Service
-sourcetype = Unix:Service
-
-# Currently only supports SunOS, Linux, OSX.
-# May require Splunk forwarder to run as root on some platforms.
-[script://./bin/sshdChecker.sh]
-disabled = true
-interval = 3600
-source = Unix:SSHDConfig
-sourcetype = Unix:SSHDConfig
-
-# Currently only supports Linux, OSX.
-# May require Splunk forwarder to run as root on some platforms.
-[script://./bin/update.sh]
-disabled = true
-interval = 86400
-source = Unix:Update
-sourcetype = Unix:Update
-
-[script://./bin/uptime.sh]
-disabled = true
-interval = 86400
-source = Unix:Uptime
-sourcetype = Unix:Uptime
-
-[script://./bin/version.sh]
-disabled = true
-interval = 86400
-source = Unix:Version
-sourcetype = Unix:Version
-
-# This script may need to be modified to point to the VSFTPD configuration file.
-[script://./bin/vsftpdChecker.sh]
-disabled = true
-interval = 86400
-source = Unix:VSFTPDConfig
-sourcetype = Unix:VSFTPDConfig
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/macros.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/macros.conf
deleted file mode 100644
index e959de54..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/macros.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-[nix-netmon-hosts-search]
-definition = eventtype=netstat | stats count by host | sort +host
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/props.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/props.conf
deleted file mode 100644
index 66efd548..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/props.conf
+++ /dev/null
@@ -1,788 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-#####################
-## Configuration Logs
-#####################
-[source::(....(config|conf|cfg|inii|cfg|emacs|ini|license|lng|plist|presets|properties|props|vim|wsdl))]
-sourcetype = config_file
-CHECK_METHOD = modtime
-
-[config_file]
-LINE_BREAKER = ^((?!))$
-TRUNCATE = 1000000
-SHOULD_LINEMERGE = false
-DATETIME_CONFIG = NONE
-CHECK_METHOD = modtime
-KV_MODE = none
-pulldown_type = true
-SEGMENTATION-all      = whitespace-only
-SEGMENTATION-inner    = whitespace-only
-SEGMENTATION-outer    = whitespace-only
-SEGMENTATION-standard = whitespace-only
-LEARN_MODEL = false
-LEARN_SOURCETYPE = false
-
-
-#####################
-## DHCP
-#####################
-[source::....dhcpd]
-sourcetype = dhcpd
-
-[dhcpd]
-KV_MODE = none
-SHOULD_LINEMERGE = false
-# For Load Balancing on UF
-EVENT_BREAKER_ENABLE = true
-pulldown_type = true
-category = Network & Security
-description = DHCP Server system events
-
-REPORT-dhcp_discover_extract = dhcp_discover_extract
-
-REPORT-dhcp_offer_extract  = dhcp_offer_extract
-
-REPORT-dhcp_request_extract = dhcp_request_extract
-
-REPORT-dhcp_ack_nak_extract_0 = dhcp_ack_nak_extract_0
-
-REPORT-dhcp_ack_nak_extract_1 = dhcp_ack_nak_extract_1
-
-REPORT-dhcp_decline_extract = dhcp_decline_extract
-
-REPORT-dhcp_release_extract = dhcp_release_extract
-
-REPORT-dhcp_inform_extract  = dhcp_inform_extract
-
-REPORT-dhcp_unable_to_add_forward_map_extract = dhcp_unable_to_add_forward_map_extract
-
-REPORT-dhcp_add_new_forward_map_extract = dhcp_add_new_forward_map_extract
-
-REPORT-dhcp_added_reverse_map_extract = dhcp_added_reverse_map_extract
-
-REPORT-dhcp_abandon_ip_extract = dhcp_abandon_ip_extract
-
-REPORT-dhcp_lease_duplicate_extract = dhcp_lease_duplicate_extract
-
-REPORT-bind_update_fail_extract = bind_update_fail_extract
-
-REPORT-dhcp_block_action = dhcp_block_action
-
-REPORT-dhcp_icmp_echo_reply = dhcp_icmp_echo_reply
-
-REPORT-dhcp_reuse_lease = dhcp_reuse_lease
-
-EVAL-dest_ip = case(isnotnull(dest_ip),dest_ip,match(dest,"^(:?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"), dest, 1==1, server_ip)
-
-EVAL-action = if(isnotnull(block_action) or dhcp_type=="DHCPNAK" or dhcp_type=="DHCPDECLINE" or dhcp_type=="DHCPRELEASE", "blocked", "added")
-
-FIELDALIAS-signature = dhcp_type as signature
-
-FIELDALIAS-src_nt_host = src_host as src_nt_host
-
-FIELDALIAS-dest_nt_host = dest_host as dest_nt_host
-
-
-#########################
-## Scripted Metric Inputs
-#########################
-
-[vmstat_metric]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = none
-INDEXED_EXTRACTIONS = CSV
-FIELD_DELIMITER=whitespace
-TRANSFORMS-vmstat-metric-dimensions=eval_dimensions
-METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_vmstat
-
-[cpu_metric]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = none
-INDEXED_EXTRACTIONS = CSV
-FIELD_DELIMITER=whitespace
-TRANSFORMS-cpu-metric-dimensions=eval_dimensions
-TRANSFORMS-cpu-metric-field=extract_cpu_metric_field
-METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_cpu
-
-[df_metric]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = none
-INDEXED_EXTRACTIONS = TSV
-TRANSFORMS-df-metrics=extract_df_metrics
-TRANSFORMS-df-metric-dimensions=eval_dimensions
-METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_df
-
-[interfaces_metric]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = none
-INDEXED_EXTRACTIONS = CSV
-FIELD_DELIMITER=whitespace
-EVAL-Duplex=case(Duplex==2,"Full", Duplex==1,"Half", Duplex==0, "Unknown", true(), Duplex)
-TRANSFORMS-interfaces-metric-dimensions=eval_dimensions
-METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_interfaces
-
-[iostat_metric]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = none
-INDEXED_EXTRACTIONS = CSV
-FIELD_DELIMITER=whitespace
-TRANSFORMS-iostat-metrics-field=extract_iostat_metrics_field
-TRANSFORMS-iostat-metric-dimensions=eval_dimensions
-METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_iostat
-
-[ps_metric]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = none
-INDEXED_EXTRACTIONS = CSV
-FIELD_DELIMITER=whitespace
-TRANSFORMS-ps-metric-dimensions=eval_dimensions
-TRANSFORMS-ps-metric-field=extract_ps_metric_field
-METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_ps
-
-#########################
-## Scripted Event Inputs
-#########################
-[cpu]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-FIELDALIAS-dest_for_cpu = host as dest
-FIELDALIAS-src_for_cpu = host as src
-
-EVAL-CPU = coalesce(cpu,CPU)
-EVAL-cpu = coalesce(cpu,CPU)
-EVAL-cpu_instance = coalesce(cpu,CPU)
-
-EVAL-pctIdle = coalesce(id,pctIdle)
-EVAL-PercentIdleTime = coalesce(id,pctIdle)
-EVAL-cpu_load_percent = if(isnull(pctIdle),100-id,100-pctIdle)
-
-EVAL-pctNice = coalesce(pctNice,"0")
-EVAL-PercentNiceTime = coalesce(pctNice,"0")
-
-EVAL-pctUser = coalesce(us,pctUser)
-EVAL-PercentUserTime = coalesce(us,pctUser)
-EVAL-cpu_user_percent = coalesce(us,pctUser)
-
-EVAL-pctSystem = coalesce(sy,pctSystem)
-EVAL-PercentSystemTime = coalesce(sy,pctSystem)
-
-EVAL-pctIowait = coalesce(wa,pctIowait)
-EVAL-PercentWaitTime = coalesce(wa,pctIowait)
-
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-
-[df]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-FIELDALIAS-dest_for_df = host as dest
-FIELDALIAS-filesystem_for_df = Filesystem AS filesystem
-FIELDALIAS-filesystem_type_for_df = Type as filesystem_type
-FIELDALIAS-mount_for_df = MountedOn AS mount
-EVAL-Type = coalesce('Type',"?")
-EVAL-filesystem_type = coalesce('Type',"?")
-EVAL-Size = coalesce('Size','1024_blocks')
-EVAL-INodes = coalesce('INodes','Inodes')
-EVAL-IUsePct = coalesce('IUsePct','IUse_')
-EVAL-UsePct = coalesce('UsePct', 'Use_', 'Capacity')
-EVAL-Avail = coalesce('Avail', 'Available')
-EVAL-IUsed = coalesce('IUsed', 'Iused', 'iused')
-EVAL-IFree = coalesce('IFree', 'ifree', 'Ifree')
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-
-
-EVAL-storage = case(match(coalesce('Size','1024_blocks'), "P[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'), "Pi"),10)*pow(1024,3), match(coalesce('Size','1024_blocks'), "T[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'), "Ti"),10)*pow(1024,2), match(coalesce('Size','1024_blocks'), "G[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Gi"),10)*pow(1024,1), match(coalesce('Size','1024_blocks'), "M[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Mi"), 10), match(coalesce('Size','1024_blocks'), "K[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Ki"), 10)/1024, match(coalesce('Size','1024_blocks'), "B[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Bi"), 10)/pow(1024,2), 1==1, "unknown")
-EVAL-storage_free = case(match(coalesce('Avail', 'Available'), "P[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'), "Pi"),10)*pow(1024,3), match(coalesce('Avail', 'Available'), "T[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Ti"),10)*pow(1024,2), match(coalesce('Avail', 'Available'), "G[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Gi"),10)*pow(1024,1), match(coalesce('Avail', 'Available'), "M[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Mi"), 10), match(coalesce('Avail', 'Available'), "K[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Ki"), 10)/1024, match(coalesce('Avail', 'Available'), "B[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Bi"), 10)/pow(1024,2), 1==1, "unknown")
-# Redundancy required here because calculated fields are not evaluated in sequence.
-EVAL-storage_free_percent = 100.0-tonumber(rtrim(coalesce('UsePct', 'Use_', 'Capacity'),"%%"),10)
-EVAL-storage_used = case(match(Used, "P[i]*$"), tonumber(rtrim(Used, "Pi"),10)*pow(1024,3), match(Used, "T[i]*$"), tonumber(rtrim(Used,"Ti"),10)*pow(1024,2), match(Used, "G[i]*$"), tonumber(rtrim(Used,"Gi"),10)*pow(1024,1), match(Used, "M[i]*$"), tonumber(rtrim(Used,"Mi"), 10), match(Used, "K[i]*$"), tonumber(rtrim(Used,"Ki"), 10)/1024, match(Used, "B[i]*$"), tonumber(rtrim(Used,"Bi"), 10)/pow(1024,2), 1==1, "unknown")
-EVAL-storage_used_percent = tonumber(rtrim(coalesce('UsePct', 'Use_', 'Capacity'),"%%"),10)
-
-## Legacy fields
-
-# Note we don't elimininate one layer of indirection here by
-# eliminating the redundant FIELDALIAS from FreeMegabytes -> FreeMBytes, etc.
-# which was previously used.
-EVAL-FreeMBytes = case(match(coalesce('Avail', 'Available'), "P[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'), "Pi"),10)*pow(1024,3), match(coalesce('Avail', 'Available'), "T[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Ti"),10)*pow(1024,2), match(coalesce('Avail', 'Available'), "G[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Gi"),10)*pow(1024,1), match(coalesce('Avail', 'Available'), "M[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Mi"), 10), match(coalesce('Avail', 'Available'), "K[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Ki"), 10)/1024, match(coalesce('Avail', 'Available'), "B[i]*$"), tonumber(rtrim(coalesce('Avail', 'Available'),"Bi"), 10)/pow(1024,2), 1==1, "unknown")
-EVAL-TotalMBytes = case(match(coalesce('Size','1024_blocks'), "P[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'), "Pi"),10)*pow(1024,3), match(coalesce('Size','1024_blocks'), "T[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'), "Ti"),10)*pow(1024,2), match(coalesce('Size','1024_blocks'), "G[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Gi"),10)*pow(1024,1), match(coalesce('Size','1024_blocks'), "M[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Mi"), 10), match(coalesce('Size','1024_blocks'), "K[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Ki"), 10)/1024, match(coalesce('Size','1024_blocks'), "B[i]*$"), tonumber(rtrim(coalesce('Size','1024_blocks'),"Bi"), 10)/pow(1024,2), 1==1, "unknown")
-EVAL-UsedMBytes = case(match(Used, "P[i]*$"), tonumber(rtrim(Used, "Pi"),10)*pow(1024,3), match(Used, "T[i]*$"), tonumber(rtrim(Used,"Ti"),10)*pow(1024,2), match(Used, "G[i]*$"), tonumber(rtrim(Used,"Gi"),10)*pow(1024,1), match(Used, "M[i]*$"), tonumber(rtrim(Used,"Mi"), 10), match(Used, "K[i]*$"), tonumber(rtrim(Used,"Ki"), 10)/1024, match(Used, "B[i]*$"), tonumber(rtrim(Used,"Bi"), 10)/pow(1024,2), 1==1, "unknown")
-EVAL-PercentUsedSpace = tonumber(rtrim(coalesce('UsePct', 'Use_', 'Capacity'),"%%"),10)
-# Redundancy required here because calculated fields are not evaluated in sequence.
-EVAL-PercentFreeSpace = 100.0-tonumber(rtrim(coalesce('UsePct', 'Use_', 'Capacity'),"%%"),10)
-
-[hardware]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-EXTRACT-RealMemory = (?i)MEMORY_REAL\s+(?P<RealMemory>[^\s]*)[ ]?
-EXTRACT-SwapMemory = (?i)MEMORY_SWAP\s+(?P<SwapMemory>[^\s]*)[ ]?
-EXTRACT-Unit = (?i)MEMORY_REAL\s+\d+\.?\d*\s*(?P<Unit>\w+)?
-EVAL-RealMemoryMB = case(match(Unit, "kB"), RealMemory*pow(1024,-1), match(Unit, "KB"), RealMemory*pow(1024,-1), match(Unit, "mB"), RealMemory, match(Unit, "MB"), RealMemory, match(Unit, "gB"), RealMemory*pow(1024,1), match(Unit, "GB"), RealMemory*pow(1024,1), match(Unit, "tB"), RealMemory*pow(1024,2), match(Unit, "TB"), RealMemory*pow(1024,2), match(Unit, "pB"), RealMemory*pow(1024,3), match(Unit, "PB"), RealMemory*pow(1024,3), 1==1, "unknown")
-EVAL-SwapMemoryMB = case(match(Unit, "kB"), SwapMemory*pow(1024,-1), match(Unit, "KB"), SwapMemory*pow(1024,-1), match(Unit, "mB"), SwapMemory, match(Unit, "MB"), SwapMemory, match(Unit, "gB"), SwapMemory*pow(1024,1), match(Unit, "GB"), SwapMemory*pow(1024,1), match(Unit, "tB"), SwapMemory*pow(1024,2), match(Unit, "TB"), SwapMemory*pow(1024,2), match(Unit, "pB"), SwapMemory*pow(1024,3), match(Unit, "PB"), SwapMemory*pow(1024,3), 1==1, "unknown")
-EXTRACT-cpu_cores = (?i)CPU_COUNT\s+(?P<cpu_cores>[^ \n]*)?
-EXTRACT-cpu_type = (?i)CPU_TYPE\s+(?P<cpu_type>[^\n]*)?
-EXTRACT-cpu_freq = (?<cpu_freq>[^\s]+)(?<cpu_freq_unit>[G|M]Hz)
-EVAL-cpu_mhz = case(match(cpu_freq_unit,"GHz"),cpu_freq*1000,match(cpu_freq_unit,"MHz"),cpu_freq)
-EVAL-mem = case(match(Unit, "kB"), RealMemory*pow(1024,-1), match(Unit, "KB"), RealMemory*pow(1024,-1), match(Unit, "mB"), RealMemory, match(Unit, "MB"), RealMemory, match(Unit, "gB"), RealMemory*pow(1024,1), match(Unit, "GB"), RealMemory*pow(1024,1), match(Unit, "tB"), RealMemory*pow(1024,2), match(Unit, "TB"), RealMemory*pow(1024,2), match(Unit, "pB"), RealMemory*pow(1024,3), match(Unit, "PB"), RealMemory*pow(1024,3), 1==1, "unknown")
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-
-[interfaces]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE=multi
-EVAL-enabled = "true"
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-EVAL-ip = if(isnull(inetAddr), inet6Addr, inetAddr)
-EVAL-Duplex=case(Duplex==2,"Full", Duplex==1,"Half", Duplex==0, "Unknown", true(), Duplex)
-FIELDALIAS-interface = Name as interface
-FIELDALIAS-mac = MAC as mac
-
-[iostat]
-SHOULD_LINEMERGE = false
-LINE_BREAKER = (^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-# coalesce command is used to normalizes field names with the same value and for backward compatibility
-EVAL-mount = coalesce(Device, Device_, device, "?")
-EVAL-read_ops = coalesce(rReq_PS, r_s, "?")
-EVAL-write_ops = coalesce(wReq_PS, w_s, "?")
-EVAL-latency = coalesce(avgWaitMillis, await, wsvc_t, if(isnull(await),if(r_s==0.00 AND w_s==0.00,0,(((r_s * r_await) + (w_s * w_await))/(r_s+ w_s))), await), "?")
-EVAL-total_ops = case(rReq_PS == "?", "?", wReq_PS == "?", "?", isnotnull(rReq_PS) AND isnotnull(wReq_PS), rReq_PS + wReq_PS, isnull(r_s), "?", isnull(w_s), "?", 1==1, r_s + w_s)
-
-EVAL-Device                 = coalesce(Device, Device_, device, "?")
-EVAL-rReq_PS                = coalesce(rReq_PS, r_s, "?")
-EVAL-rKB_PS                 = coalesce(rKB_PS, rkB_s, Kb_read, kr_s, "?")
-EVAL-rrqmPct                = coalesce(rrqmPct, rrqm, "?")
-EVAL-rAvgWaitMillis         = coalesce(rAvgWaitMillis, r_await, "?")
-EVAL-rAvgReqSZkb            = coalesce(rAvgReqSZkb, rareq_sz, "?")
-
-EVAL-wReq_PS                = coalesce(wReq_PS, w_s, "?")
-EVAL-wKB_PS                 = coalesce(wKB_PS, wkB_s, Kb_wrtn, kw_s, "?")
-EVAL-wrqmPct                = coalesce(wrqmPct, wrqm, "?")
-EVAL-wAvgWaitMillis         = coalesce(wAvgWaitMillis, w_await, "?")
-EVAL-wAvgReqSZkb            = coalesce(wAvgReqSZkb, wareq_sz, "?")
-
-EVAL-avgQueueSZ             = coalesce(avgQueueSZ, aqu_sz, avgqu_sz, "?")
-EVAL-bandwUtilPct           = coalesce(bandwUtilPct, util, tm_act, ms_o, b, "?")
-EVAL-avgSvcMillis           = coalesce(avgSvcMillis, svctm, ms_w, asvc_t, "?")
-EVAL-avgWaitMillis          = coalesce(avgWaitMillis, await, wsvc_t, if(isnotnull(ms_o), "?", null()), if(isnull(await),if(r_s==0.00 AND w_s==0.00,0,(((r_s * r_await) + (w_s * w_await))/(r_s+ w_s))), await), "?")
-
-[source::...(nfsiostat)]
-sourcetype = nfsiostat
-HEADER_MODE = always
-SHOULD_LINEMERGE = false
-
-[nfsiostat]
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-LINE_BREAKER = (^$|[\r\n]+[\r\n]+)
-
-FIELDALIAS-mount = Mount as mount
-FIELDALIAS-read_latency = r_avg_exe as read_latency
-FIELDALIAS-write_latency = w_avg_exe as write_latency
-FIELDALIAS-read_ops = r_op_s as read_ops
-FIELDALIAS-write_ops = w_op_s as write_ops
-EVAL-total_ops = read_ops + write_ops
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-
-[lastlog]
-## Override system/default lastlog sourcetype invalidation
-invalid_cause =
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-
-[lsof]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-
-[netstat]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-EVAL-src_port = if(mvindex(split(ForeignAddress, ":"), -1) == ForeignAddress OR match(mvindex(split(ForeignAddress, ":"), -1),"/."),mvindex(split(ForeignAddress, "."), -1),mvindex(split(ForeignAddress, ":"), -1))
-EVAL-src = if(mvindex(split(ForeignAddress, ":"), -1) == ForeignAddress OR match(mvindex(split(ForeignAddress, ":"), -1),"/."),mvjoin(mvindex(split(ForeignAddress, "."), 0, -2), "."),mvjoin(mvindex(split(ForeignAddress, ":"), 0, -2), ":"))
-EVAL-dest_port = if(mvindex(split(LocalAddress, ":"), -1) == LocalAddress OR match(mvindex(split(LocalAddress, ":"), -1),"/."),mvindex(split(LocalAddress, "."), -1),mvindex(split(LocalAddress, ":"), -1))
-EVAL-dest = if(mvindex(split(LocalAddress, ":"), -1) == LocalAddress OR match(mvindex(split(LocalAddress, ":"), -1),"/."),mvjoin(mvindex(split(LocalAddress, "."), 0, -2), "."),mvjoin(mvindex(split(LocalAddress, ":"), 0, -2), ":"))
-FIELDALIAS-transport=Proto as transport
-FIELDALIAS-state=State as state
-EVAL-state = case(state=="LISTEN","listening",state=="ESTAB","established",true(),lower(state))
-EVAL-vendor_product = "nix"
-
-[bandwidth]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-
-EVAL-bytes=(rxKB_PS+txKB_PS)*1024
-EVAL-bytes_in=rxKB_PS*1024
-EVAL-thruput=rxKB_PS*1024 + txKB_PS*1024
-EVAL-bytes_out=txKB_PS*1024
-EVAL-packets=rxPackets_PS+txPackets_PS
-FIELDALIAS-packets_in=rxPackets_PS as packets_in
-FIELDALIAS-packets_out=txPackets_PS as packets_out
-
-[openPorts]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-
-FIELDALIAS-dest_port_for_open_ports_sh = Port AS dest_port
-FIELDALIAS-dest_for_open_ports_sh = host AS dest
-FIELDALIAS-transport_for_open_ports_sh = Proto AS transport
-EVAL-transport_dest_port = Proto + "/" + Port
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-
-# extraction for sourcetype unix:listeningports
-[Unix:ListeningPorts]
-EXTRACT-file_hash = (?i)file_hash=(\s*\(?\w+\)?\s*=)?\s*(?P<file_hash>[a-fA-F0-9]+)
-
-[package]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-
-[protocol]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE=multi
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-
-[ps]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE = multi
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-
-EVAL-pctCPU = coalesce(CPU, pctCPU)
-EVAL-PercentProcessorTime = coalesce(CPU, pctCPU)
-EVAL-cpu_load_percent = coalesce(CPU, pctCPU)
-EVAL-process_cpu_used_percent = coalesce(CPU, pctCPU)
-
-FIELDALIAS-dest_for_ps = host as dest
-FIELDALIAS-src_for_ps = host as src
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-
-FIELDALIAS-process_id_for_ps = PID AS pid,PID as process_id
-
-EVAL-pctMEM = coalesce(MEM, pctMEM)
-EVAL-PercentMemory = coalesce(MEM, pctMEM)
-
-EVAL-RSZ_KB = coalesce(RSS, RSZ_KB)
-EVAL-rss = coalesce(RSS, RSZ_KB)
-EVAL-process_mem_used = if(isnull(RSS), RSZ_KB*1024, RSS*1024)
-# UsedBytes is calculated as RSZ_KB*1024. Previously it was calculated using
-# %MEM and the "Mem:" header from "top -bn 1", which tended to underestimate
-# compared to this value. This is a rough measure of resident set size (i.e.,
-# physical memory in use).
-EVAL-mem_used = if(isnull(RSS), RSZ_KB*1024, RSS*1024)
-EVAL-UsedBytes = if(isnull(RSS), RSZ_KB*1024, RSS*1024)
-
-EVAL-VSZ_KB = coalesce(VSZ, VSZ_KB)
-EVAL-vsz = coalesce(VSZ, VSZ_KB)
-
-EVAL-TTY = coalesce(TTY, TT)
-EVAL-tty = coalesce(TTY, TT)
-
-EVAL-S = coalesce(S, STAT)
-EVAL-stat = coalesce(S, STAT)
-
-FIELDALIAS-user_for_ps = USER AS user
-
-# The "app" field is the conjunction of COMMAND plus ARGS
-# Note that the UNIX app joins arguments with an underscore.
-EVAL-app = if(ARGS!="<noArgs>", COMMAND." ".ARGS,COMMAND)
-EVAL-process = if(ARGS!="<noArgs>", COMMAND." ".ARGS,COMMAND)
-EVAL-process_name = replace(COMMAND, "[\[\]()]", "")
-
-EVAL-CPUTIME = coalesce(TIME, CPUTIME)
-# Truncate needless leading zeroes from the cumulative CPU time field.
-EVAL-cpu_time = if(isnull(TIME), replace(CPUTIME, "^00:[0]{0,1}", ""), replace(TIME, "^00:[0]{0,1}", ""))
-EVAL-time = if(isnull(TIME), replace(CPUTIME, "^00:[0]{0,1}", ""), replace(TIME, "^00:[0]{0,1}", ""))
-
-# Incorporating CIM review changes
-EVAL-action = "allowed"
-EVAL-process_exec = replace(COMMAND, "[\[\]()]", "")
-
-
-[time]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-
-[top]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-EVENT_BREAKER_ENABLE=true
-EVENT_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE=multi
-FIELDALIAS-user = USER as user
-FIELDALIAS-process = COMMAND as process
-FIELDALIAS-cpu_load_percent = pctCPU as cpu_load_percent
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-
-[usersWithLoginPrivs]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE=multi
-
-[who]
-SHOULD_LINEMERGE=false
-LINE_BREAKER=^((?!))$
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-KV_MODE=multi
-
-[vmstat]
-LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
-TRUNCATE=1000000
-DATETIME_CONFIG = CURRENT
-# the following setting is for eventgen stanzas to be able to use the ***SPLUNK*** directive
-HEADER_MODE = always
-
-REPORT-0kv_for_vmstat = fields_for_vmstat_sh,vmstat_linux,vmstat_osx
-FIELDALIAS-dest_for_vmstat = host as dest
-EVAL-mem = if(isnotnull(memFreeMB) AND isnotnull(memUsedMB),(memFreeMB)+(memUsedMB),null())
-EVAL-mem_free = if(isnotnull(memFreeMB),memFreeMB,null())
-EVAL-mem_used = if(isnotnull(memUsedMB),memUsedMB,null())
-EVAL-mem_page_ops = pgPageIn_PS + pgPageOut_PS
-FIELDALIAS-mem_free_percent = memFreePct as mem_free_percent
-FIELDALIAS-wait_threads_count = waitThreads as wait_threads_count
-FIELDALIAS-system_threads_count = threads as system_threads_count
-FIELDALIAS-src_for_vmstat = host as src
-FIELDALIAS-cpu_interrupts = interrupts_PS as cpu_interrupts
-FIELDALIAS-swap_percent = swapUsedPct as swap_percent
-
-## Legacy fields
-FIELDALIAS-FreeMBytes = memFreeMB AS FreeMBytes
-EVAL-UsedBytes = tonumber(memUsedMB, 10)*1048756
-FIELDALIAS-UsedMBytes = memUsedMB AS UsedMBytes
-FIELDALIAS-TotalMBytes = memTotalMB AS TotalMBytes
-
-##Memoey Paging per second fields
-FIELDALIAS-mem_page_in = pgPageIn_PS AS mem_page_in
-FIELDALIAS-mem_page_out = pgPageOut_PS AS mem_page_out
-
-[Unix:UserAccounts]
-EVAL-description = "/etc/passwd file"
-EVAL-enabled = "yes"
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-FIELDALIAS-dest = host as dest
-
-#####################
-## BEGIN SCRIPTED INPUT CONTENT IMPORTED FROM TA-deployment-apps
-#####################
-
-# Stanzas in this section are legacy configuration stanzas
-# intended to support parsing of data created by scripts in
-# TA-deploymentapps, which has since been retired. Systems that use
-# Splunk_TA_nix on the search head but which may be searching data
-# from forwarders on which the older scripts are still in use should
-# be able to search new and old data seamlessly.
-
-###### Global ######
-# [source::...(linux.*|sample.*.linux)]
-# TRANSFORMS-force_host_for_linux_eventgen = force_host_for_linux_eventgen
-
-# [source::...(osx.*|sample.*.osx)]
-# TRANSFORMS-force_host_for_osx_eventgen = force_host_for_osx_eventgen
-
-# [source::...(solaris.*|sample.*.solaris)]
-# TRANSFORMS-force_host_for_solaris_eventgen = force_host_for_solaris_eventgen
-
-# [source::...sample.*.unix]
-# TRANSFORMS-force_host_for_unix_eventgen = force_host_for_unix_eventgen
-
-## support for linux only
-[Linux:SELinuxConfig]
-EVAL-note = "SELinux is a Linux feature that provides a variety of security policies, including U.S. Department of Defense style mandatory access controls, through the use of Linux Security Modules"
-
-[linux_audit]
-LINE_BREAKER = ([\r\n]+)
-SHOULD_LINEMERGE = false
-TIME_PREFIX = audit\(
-MAX_TIMESTAMP_LOOKAHEAD=23
-MAX_DAYS_AGO=3650
-REPORT-command = command_for_linux_audit
-EVAL-status = if('res'=="failed","failure",'res')
-FIELDALIAS-object = id as object
-FIELDALIAS-dvc = hostname as dvc
-FIELDALIAS-dest = hostname as dest
-FIELDALIAS-object_id = id as object_id
-EVAL-op = if(op=="PAM:authentication", res, op)
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-LOOKUP-action = nix_linux_audit_action_lookup op OUTPUT action,object_category
-EVAL-object_attrs= case(type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER",grp)
-EVAL-app = "nix"
-EVAL-change_type = "AAA"
-EVAL-object = if((type="GRP_MGMT" OR type="DEL_GROUP" or type=="ADD_GROUP") AND isnotnull('grp'),'grp','object')
-EVAL-user = case((type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_CMD") AND isnull('user'),'id',(type=="GRP_MGMT" OR type=="DEL_GROUP" or type=="ADD_GROUP") AND uid=="0" AND isnull('user'),"root", type=="USER_AUTH",'acct',isnull('user'),'uid',true(),'user')
-EVAL-user_name = case((type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_CMD") AND isnull('user'),'id',(type=="GRP_MGMT" OR type=="DEL_GROUP" or type=="ADD_GROUP") AND uid=="0" AND isnull('user'),"root", type=="USER_AUTH",'acct',isnull('user'),'uid',true(),'user')
-EVAL-user_id = if(type=="GRP_MGMT" OR type=="DEL_GROUP" or type=="ADD_GROUP" ,'uid','id')
-EVAL-src_user = case((type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_AUTH" ) AND uid=="0" ,"root",type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_AUTH",'uid',true(),'src_user')
-EVAL-src_user_name = case((type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_AUTH" ) AND uid=="0" ,"root",type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_AUTH",'uid',true(),'src_user')
-EVAL-src_user_id = if(type=="ADD_USER" OR type=="USER_MGMT" OR type=="DEL_USER" OR type=="USER_AUTH" ,'uid','src_user_id')
-EVAL-reason = if(type="USER_AUTH" AND (res=="failed" OR res=="failure"),"other",'reason')
-
-[source::...Unix:Service]
-SHOULD_LINEMERGE = false
-EVENT_BREAKER_ENABLE = true
-EVAL-service = coalesce(UNIT, app)
-EVAL-service_name = coalesce(UNIT, app)
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-LOOKUP-StartMode_for_linux_service = nix_linux_service_startmode_lookup runlevel0,runlevel1,runlevel2,runlevel3,runlevel4,runlevel5,runlevel6 OUTPUTNEW StartMode
-EVAL-note = if(match(_raw,"runlevel[06]\=on"),"Runlevels 0 and 6 are reserved for halt and reboot respectively",null())
-EVAL-start_mode=case(isnotnull(StartMode),StartMode,1=1,"Auto")
-FIELDALIAS-start_mode_for_solaris_service = StartMode as start_mode
-FIELDALIAS-status_for_solaris_service = State as status
-FIELDALIAS-dest = host as dest
-
-# extraction for sourcetype Unix:Service
-[Unix:Service]
-EXTRACT-file_hash = (?i)file_hash=(\s*\(?\w+\)?\s*=)?\s*(?P<file_hash>[a-fA-F0-9]+)
-
-# Incorporating CIM review changes
-EVAL-status = case(ACTIVE=="active","started",ACTIVE=="inactive","stopped",ACTIVE=="activating","stopped",ACTIVE=="reloading","stopped",ACTIVE=="failed","critical",ACTIVE=="deactivating","stopped")
-
-## no windows application at this time
-[source::*:SSHDConfig]
-EVAL-note = if(match(sshd_protocol,"1"),"SSH-1 has inherent design flaws which make it vulnerable (e.g., man-in-the-middle attacks)",null())
-
-###### Update ######
-
-[source::...Unix:Update]
-EVENT_BREAKER_ENABLE = true
-FIELDALIAS-signature_for_update = package as signature
-LOOKUP-status_for_update = nix_da_update_status_lookup sourcetype OUTPUTNEW status
-
-###### Uptime ######
-
-[source::...Unix:Uptime]
-FIELDALIAS-uptime_for_unix_uptime = SystemUpTime as uptime
-FIELDALIAS-dest = host as dest
-
-###### Version ######
-
-[source::...Unix:Version]
-SHOULD_LINEMERGE = false
-FIELDALIAS-family_for_nix_version = os_name as family
-LOOKUP-range_for_nix_version = nix_da_version_range_lookup sourcetype OUTPUTNEW range
-FIELDALIAS-version_for_nix_version = os_release as version
-FIELDALIAS-cpu_architecture = machine_architecture_name as cpu_architecture
-EVAL-os = if(isnotnull(os_name) AND isnotnull(os_release),os_name." ".os_release,null())
-EVAL-vendor_product = if(isnotnull(os_name),os_name,null())
-FIELDALIAS-dest_for_nix_version = host as dest
-
-###### VSFTPD Config ######
-## no windows application at this time
-
-[source::*:VSFTPDConfig]
-EVAL-note = "FTP uses clear text to pass authentication credentials.  Consider using SSH instead."
-
-#####################
-## END SCRIPTED INPUT CONTENT IMPORTED FROM TA-deployment-apps
-#####################
-
-
-#####################
-## System Logs
-#####################
-
-###### Global ######
-[source::....nix]
-sourcetype = linux_secure
-
-[source::/etc/passwd*]
-sourcetype = ignored_type
-
-[source::/etc/shadow*]
-sourcetype = ignored_type
-
-## Custom Sourcetype
-#[source::....<your_sourcetype>]
-#sourcetype = <your_sourcetype>
-
-#[<your_sourcetype>]
-### Event extractions by type
-#REPORT-0authentication_for_your_sourcetype = ssh-login-events, ssh-session-close, ssh-disconnect, sshd_authentication_kerberos_success, sshd_authentication_refused, sshd_authentication_tried, sshd_login_restricted, pam_unix_authentication_success, pam_unix_authentication_failure, sudo_cannot_identify, ksu_authentication, ksu_authorization, su_simple, su_authentication, su_successful, wksh_authentication, login_authentication
-#EVAL-action = if(app="su" AND isnull(action),"success",action)
-#REPORT-account_management_for_your_sourcetype = useradd, userdel
-#REPORT-firewall_for_your_sourcetype = ipfw, ipfw-stealth, ipfw-icmp, pf
-#REPORT-routing_for_your_sourcetype = iptables
-#EVAL-signature = if(isnotnull(inbound_interface),"firewall",null())
-#REPORT-signature_for_your_sourcetype_timesync = signature_for_nix_timesync
-
-#REPORT-dest_for_your_sourcetype = host_as_dest
-#LOOKUP-action_for_your_sourcetype = nix_action_lookup vendor_action OUTPUTNEW action
-#REPORT-pid-process_for_your_sourcetype = syslog-extractions
-#REPORT-src_for_your_sourcetype = src_dns_as_src, src_ip_as_src, host_as_src
-
-###### AIX Sourcetype ######
-[source::....aix_secure]
-sourcetype = aix_secure
-
-[aix_secure]
-EVENT_BREAKER_ENABLE = true
-REPORT-0authentication_for_aix_secure = failed_login1, bad-su2, ssh-invalid-user, ssh-login-failed, ssh-login-accepted, ssh-session-close, ssh-disconnect, sshd_authentication_kerberos_success, sshd_authentication_refused, sshd_authentication_tried, sshd_login_restricted, pam_unix_authentication_success, pam_unix_authentication_failure, sudo_cannot_identify, ksu_authentication, ksu_authorization, su_simple, su_authentication, su_successful, wksh_authentication, login_authentication
-EVAL-action = if(app="su" AND isnull(action),"success",action)
-
-REPORT-dest_for_aix_secure = loghost_as_dest
-FIELDALIAS-dvc = dest as dvc
-LOOKUP-action_for_osx_secure = nix_action_lookup vendor_action OUTPUTNEW action
-REPORT-src_for_aix_secure = src_dns_as_src, src_ip_as_src
-
-###### OSX Security ######
-[source::....osx_secure]
-sourcetype = osx_secure
-
-[osx_secure]
-EVENT_BREAKER_ENABLE = true
-
-## Event extractions by type
-REPORT-0authentication_for_osx_secure =  ssh-login-failed, ssh-invalid-user, ssh-login-accepted, ssh-session-close, ssh-disconnect, sshd_authentication_kerberos_success, sshd_authentication_refused, sshd_authentication_tried, sshd_login_restricted, pam_unix_authentication_success, pam_unix_authentication_failure, sudo_cannot_identify, ksu_authentication, ksu_authorization, su_simple, su_authentication, su_successful, wksh_authentication, login_authentication
-EVAL-action = if(app="su" AND isnull(action),"success",action)
-
-REPORT-dest_for_osx_secure = host_as_dest
-LOOKUP-action_for_osx_secure = nix_action_lookup vendor_action OUTPUTNEW action
-REPORT-src_for_osx_secure = src_dns_as_src, src_ip_as_src
-
-###### Linux Security ######
-[source::....linux_secure]
-sourcetype = linux_secure
-
-[linux_secure]
-EVENT_BREAKER_ENABLE = true
-
-## Event extractions by type
-EVAL-app = case(app="ssh", "ssh", app="nix", "nix", true(), app)
-REPORT-0authentication_for_linux_secure = remote_login_allowed, remote_login_failure, passwd-auth-failure, bad-su, failed-su, ssh-invalid-user, ssh-login-failed, ssh-login-accepted, ssh-session-close, ssh-disconnect, sshd_authentication_kerberos_success, sshd_authentication_refused, sshd_authentication_tried, sshd_login_restricted, pam_unix_authentication_success, pam_unix_authentication_failure, sudo_cannot_identify, ksu_authentication, ksu_authorization, su_simple, su_authentication, su_successful, wksh_authentication, login_authentication, ftpd_authentication
-EVAL-action = if(app="su" AND isnull(action),"success",action)
-REPORT-account_management_for_linux_secure = useradd, userdel, userdel-grp, groupdel, groupadd, groupadd-suse
-REPORT-password_change_for_linux_secure = pam-passwd-ok, passwd-change-fail
-REPORT-firewall = ipfw, ipfw-stealth, ipfw-icmp, pf
-REPORT-routing = iptables
-EVAL-signature = if(isnotnull(inbound_interface),"firewall",null())
-
-REPORT-dest_for_linux_secure = loghost_as_dest
-LOOKUP-action_for_linux_secure = nix_action_lookup vendor_action OUTPUTNEW action
-REPORT-src_for_linux_secure = src_dns_as_src, src_ip_as_src
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-EVAL-object = case((command=="useradd" OR command=="userdel" OR command=="passwd") AND isnotnull(user), user, true(), object)
-FIELDALIAS-dvc = dest as dvc
-EVAL-src_user = case('src_user_id'=="0" AND isnull('src_user'),"root",isnull('src_user'),'src_user_id',true(),'src_user')
-FIELDALIAS-user_name = user as user_name
-EVAL-src_user_name = case('src_user_id'=="0" AND isnull('src_user'),"root",isnull('src_user'),'src_user_id',true(),'src_user')
-
-###### Syslog ######
-[source::....syslog]
-sourcetype = syslog
-
-[syslog]
-EVENT_BREAKER_ENABLE = true
-
-## Event extractions by type
-REPORT-0authentication_for_syslog = remote_login_failure, bad-su2, passwd-auth-failure, failed_login1, bad-su, failed-su, ssh-login-failed, ssh-invalid-user, ssh-login-accepted, ssh-session-close, ssh-disconnect, sshd_authentication_kerberos_success, sshd_authentication_refused, sshd_authentication_tried, sshd_login_restricted, pam_unix_authentication_success, pam_unix_authentication_failure, sudo_cannot_identify, ksu_authentication, ksu_authorization, su_simple, su_authentication, su_successful, wksh_authentication, login_authentication
-EVAL-action = if(app="su" AND isnull(action),"success",action)
-REPORT-account_management_for_syslog = useradd, userdel, userdel-grp, groupdel, groupadd, groupadd-suse
-REPORT-password_change_for_syslog = pam-passwd-ok, passwd-change-fail
-REPORT-firewall = ipfw, ipfw-stealth, ipfw-icmp, pf
-REPORT-routing = iptables
-EVAL-signature = if(isnotnull(inbound_interface),"firewall",null())
-REPORT-signature_for_syslog_timesync = signature_for_nix_timesync
-
-REPORT-dest_for_syslog = host_as_dest
-LOOKUP-action_for_syslog = nix_action_lookup vendor_action OUTPUTNEW action
-REPORT-src_for_syslog = src_dns_as_src, src_ip_as_src
-FIELDALIAS-dvc = dest as dvc
-
-EVAL-vendor_product = if(isnull(vendor_product), "nix", vendor_product)
-
-###### bash history ######
-[bash_history]
-SHOULD_LINEMERGE=FALSE
-EVENT_BREAKER_ENABLE = true
-DATETIME_CONFIG=CURRENT
-REPORT-bhist=bash_user,bash_user_root
-FIELDALIAS-bhist=_raw AS bash_command
-FIELDALIAS-dest_for_history = host as dest
-
-###### auditd ######
-[auditd]
-LINE_BREAKER = ([\r\n]+)
-SHOULD_LINEMERGE = false
-TIME_PREFIX = audit\(
-MAX_TIMESTAMP_LOOKAHEAD=23
-MAX_DAYS_AGO=3650
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/restmap.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/restmap.conf
deleted file mode 100644
index 37b3f1a8..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/restmap.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-[script:setup]
-python.version = python3
-match=/SetupService
-handler=setupservice.SetupService
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/tags.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/tags.conf
deleted file mode 100644
index 3c14e47b..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/tags.conf
+++ /dev/null
@@ -1,851 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-###### Globals ######
-[eventtype=nix_security]
-os = enabled
-unix = enabled
-
-[eventtype=nix_errors]
-error = enabled
-
-[eventtype=interfaces]
-inventory = enabled
-network = enabled
-
-###### DHCP ######
-[eventtype=dhcpd_server]
-dhcp = enabled
-network = enabled
-session = enabled
-unix = enabled
-
-[eventtype=dhcpd_start]
-start = enabled
-
-[eventtype=dhcpd_unable_unexpected]
-error = enabled
-
-[eventtype=dhcpd_server_dhcprelease]
-end = enabled
-
-
-###### Scripted Inputs ######
-[eventtype=cpu]
-os = enabled
-resource = enabled
-report = enabled
-unix = enabled
-cpu = enabled
-avail = enabled
-performance = enabled
-oshost = enabled
-
-[eventtype=cpu_anomalous]
-anomalous = enabled
-
-[eventtype=df]
-df = enabled
-host = enabled
-check = enabled
-success = enabled
-storage = enabled
-performance = enabled
-oshost = enabled
-
-[eventtype=iostat]
-report = enabled
-resource = enabled
-iostat = enabled
-performance = enabled
-cpu = enabled
-storage = enabled
-success = enabled
-oshost = enabled
-
-[eventtype=nfsiostat]
-storage = enabled
-performance = enabled
-
-[eventtype=lsof]
-report = enabled
-lsof = enabled
-resource = enabled
-file = enabled
-success = enabled
-
-[eventtype=netstat]
-report = enabled
-netstat = enabled
-os = enabled
-cpu = enabled
-success = enabled
-listening = enabled
-port = enabled
-
-[eventtype=ps]
-performance = enabled
-cpu = enabled
-success = enabled
-ps = enabled
-oshost = enabled
-process = enabled
-
-[eventtype=top]
-top = enabled
-os = enabled
-success = enabled
-process = enabled
-
-[eventtype=time]
-report = enabled
-os = enabled
-success = enabled
-time = enabled
-
-[eventtype=vmstat]
-report = enabled
-vmstat = enabled
-resource = enabled
-success = enabled
-cpu = enabled
-memory = enabled
-performance = enabled
-oshost = enabled
-
-[eventtype=bandwidth]
-network = enabled
-resource = enabled
-success = enabled
-performance = enabled
-oshost = enabled
-
-[eventtype=hardware]
-inventory = enabled
-oshost = enabled
-cpu = enabled
-memory = enabled
-
-# For ESS:
-os = enabled
-avail = enabled
-unix = enabled
-
-###### System Logs ######
-
-#### Account Management
-[eventtype=useradd]
-account = enabled
-management = enabled
-add = enabled
-change = enabled
-
-[eventtype=useradd-suse]
-account = enabled
-management = enabled
-add = enabled
-change = enabled
-
-[eventtype=userdel]
-account = enabled
-management = enabled
-delete = enabled
-change = enabled
-
-[eventtype=groupadd]
-management = enabled
-add = enabled
-change = enabled
-
-[eventtype=groupadd-suse]
-management = enabled
-add = enabled
-change = enabled
-account = enabled
-
-[eventtype=groupdel]
-management = enabled
-delete = enabled
-change = enabled
-
-[eventtype=linux-password-change]
-account = enabled
-management = enabled
-password = enabled
-modify = enabled
-change = enabled
-
-[eventtype=linux-password-change-failed]
-account = enabled
-management = enabled
-password = enabled
-modify = enabled
-change = enabled
-
-
-#### acpi
-[eventtype=nix_acpi]
-os = enabled
-unix = enabled
-power = enabled
-
-
-#### agpgart
-[eventtype=nix_agpgart]
-os = enabled
-unix = enabled
-graphics = enabled
-
-
-#### apm
-[eventtype=nix_apm]
-os = enabled
-unix = enabled
-power = enabled
-
-
-#### auditd
-[eventtype=auditd]
-os = enabled
-unix = enabled
-resource = enabled
-file = enabled
-
-[eventtype=auditd_modify]
-modify = enabled
-
-
-#### Authentication
-
-## ksu
-[eventtype=ksu_authentication]
-authentication = enabled
-
-[app=ksu]
-local = enabled
-privileged = enabled
-
-[app=ksudo]
-local = enabled
-privileged = enabled
-
-## login
-[eventtype=login_authentication]
-authentication = enabled
-
-## pam
-[eventtype=pam_unix_authentication]
-authentication = enabled
-
-## passwd
-[eventtype=passwd-auth-failure]
-application = enabled
-authentication = enabled
-
-## rlogin
-[eventtype=rlogin_too_many_failures]
-application = enabled
-attack = enabled
-watchlist = enabled
-
-[eventtype=remote_login_failure]
-application = enabled
-authentication = enabled
-remote = enabled
-
-[eventtype=remote_login_allowed]
-application = enabled
-authentication = enabled
-remote = enabled
-
-## sshd
-[eventtype=sshd_authentication]
-authentication = enabled
-remote = enabled
-
-[eventtype=ssh_open]
-communicate = enabled
-connect = enabled
-
-[eventtype=ssh_close]
-access = enabled
-stop = enabled
-logoff = enabled
-
-[eventtype=ssh_disconnect]
-access = enabled
-stop = enabled
-logoff = enabled
-
-[eventtype=failed_login]
-authentication = enabled
-
-[eventtype=Failed_SU]
-authentication = enabled
-
-## su
-[eventtype=su_authentication]
-authentication = enabled
-
-[app=su]
-local = enabled
-privileged = enabled
-
-[app=sudo]
-local = enabled
-privileged = enabled
-
-[eventtype=su_failed]
-authentication = enabled
-
-[eventtype=su_session]
-session = enabled
-
-[eventtype=su_root_session]
-session = enabled
-privileged = enabled
-
-## Telnet
-
-[app=wksh]
-cleartext = enabled
-
-
-#### automount
-[eventtype=nix_automount]
-os = enabled
-unix = enabled
-
-
-#### Config
-[eventtype=nix_config_change]
-os = enabled
-unix = enabled
-host = enabled
-configuration = enabled
-modify = enabled
-
-
-#### Console
-[eventtype=nix_console]
-os = enabled
-unix = enabled
-
-
-#### cron
-[eventtype=nix_cron]
-os = enabled
-unix = enabled
-
-
-#### CUPS
-[eventtype=nix_cups_access]
-os = enabled
-unix = enabled
-access = enabled
-printer = enabled
-
-[eventtype=nix_cups_error]
-os = enabled
-unix = enabled
-printer = enabled
-
-[eventtype=nix_cups_page]
-os = enabled
-unix = enabled
-printer = enabled
-
-
-#### dhclient
-[eventtype=nix_dhclient]
-os = enabled
-unix = enabled
-
-
-#### DMA
-[eventtype=nix_dma]
-os = enabled
-unix = enabled
-memory = enabled
-access = enabled
-
-
-#### Firewall
-[eventtype=iptables_firewall_accept]
-os = enabled
-unix = enabled
-host = enabled
-firewall = enabled
-communicate = enabled
-success = enabled
-
-[eventtype=iptables_firewall_deny]
-os = enabled
-unix = enabled
-host = enabled
-firewall = enabled
-communicate = enabled
-failure = enabled
-
-
-#### FTP
-[eventtype=nix_ftp_xferlog]
-os = enabled
-unix = enabled
-ftp = enabled
-transfer = enabled
-
-[eventtype=nix_ncftpd_logins]
-os = enabled
-unix = enabled
-ftp = enabled
-authentication = enabled
-
-
-#### Fingerprinting
-[eventtype=nix_fingerprinting]
-os = enabled
-unix = enabled
-
-
-#### gconfd
-[eventtype=nix_gconfd]
-os = enabled
-unix = enabled
-
-[eventtype=nix_gconfd_error]
-error = enabled
-
-[eventtype=nix_gconfd_exiting]
-stop = enabled
-
-[eventtype=nix_gconfd_starting]
-start = enabled
-
-
-## gdm
-[eventtype=nix_gdm]
-os = enabled
-unix = enabled
-
-
-#### gpm
-[eventtype=nix_gpm]
-os = enabled
-unix = enabled
-
-
-#### FreeBSD
-[eventtype=freebsd_refresh_na_answer]
-os = enabled
-unix = enabled
-
-[eventtype=freebsd_refresh_retry_exceeded]
-os = enabled
-unix = enabled
-
-
-#### hald
-[eventtype=nix_hald]
-os = enabled
-unix = enabled
-
-
-#### hpiod
-[eventtype=hpiod_Linux_syslog]
-os = enabled
-unix = enabled
-
-
-#### kernel
-[eventtype=nix_kernel_attached]
-os = enabled
-unix = enabled
-kernel = enabled
-
-
-#### kill
-[eventtype=nix_process_kill]
-os = enabled
-unix = enabled
-process = enabled
-stop = enabled
-
-
-#### mDNSResponder
-[eventtype=nix_mDNSResponder]
-os = enabled
-unix = enabled
-dns = enabled
-
-
-#### named
-[eventtype=nix_named1]
-os = enabled
-unix = enabled
-dns = enabled
-
-[eventtype=nix_named2]
-os = enabled
-unix = enabled
-dns = enabled
-
-
-#### OSX
-[eventtype=osx_crash_log]
-os = enabled
-unix = enabled
-error = enabled
-
-
-#### Netlabel
-[eventtype=nix_netlabel]
-os = enabled
-unix = enabled
-kernel = enabled
-
-
-#### PCI
-[eventtype=nix_pci]
-os = enabled
-unix = enabled
-
-
-#### Plug-n-play
-[eventtype=nix_pnp]
-os = enabled
-unix = enabled
-
-
-#### POP3
-[eventtype=nix_popper]
-os = enabled
-unix = enabled
-mail = enabled
-
-
-#### postfix
-[eventtype=nix_postfix]
-os = enabled
-unix = enabled
-
-
-#### Prelink
-[eventtype=nix_prelink]
-os = enabled
-unix = enabled
-
-
-#### RPC
-[eventtype=nix_rpc_statd]
-os = enabled
-unix = enabled
-
-
-#### RPM
-[eventtype=nix_rpm]
-os = enabled
-unix = enabled
-update = enabled
-
-
-#### Runlevel
-[eventtype=nix_runlevel_change]
-os = enabled
-unix = enabled
-configuration = enabled
-modify = enabled
-
-
-#### SNMPD
-[eventtype=snmpd]
-os = enabled
-unix = enabled
-snmp = enabled
-
-[eventtype=snmpd_failure]
-failure = enabled
-
-
-#### scrollkeeper
-[eventtype=nix_scrollkeeper]
-os = enabled
-unix = enabled
-
-
-## Shutdown
-[eventtype=nix_halt]
-os = enabled
-unix = enabled
-stop = enabled
-
-[eventtype=nix_restart]
-os = enabled
-unix = enabled
-stop = enabled
-
-
-#### smartd
-[eventtype=nix_smartd]
-os = enabled
-unix = enabled
-
-
-#### Time
-[eventtype=nix_timesync]
-report = enabled
-time = enabled
-synchronize = enabled
-success = enabled
-
-os = enabled
-performance = enabled
-
-[eventtype=nix_timesync_failure]
-report = enabled
-time = enabled
-synchronize = enabled
-failure = enabled
-
-os = enabled
-performance = enabled
-
-#### Update
-[eventtype=nix_yum_update]
-report = enabled
-update = enabled
-success = enabled
-
-
-#### udevd
-[eventtype=nix_udevd]
-os = enabled
-unix = enabled
-kernel = enabled
-
-
-#### USB
-[eventtype=nix_usb]
-os = enabled
-unix = enabled
-usb = enabled
-
-
-#### userhelper
-[eventtype=nix_userhelper]
-os = enabled
-unix = enabled
-
-
-#### Open ports
-[eventtype=openPorts]
-unix = enabled
-report = enabled
-os =  enabled
-
-
-###### BEGIN CONTENT IMPORTED FROM TA-deploymentapps ######
-
-# Stanzas in this section are legacy configuration stanzas
-# intended to support parsing of data created by scripts in
-# TA-deploymentapps, which has since been retired. Systems that use
-# Splunk_TA_nix on the search head but which may be searching data
-# from forwarders on which the older scripts are still in use should
-# be able to search new and old data seamlessly.
-
-###### Scripted Inputs ######
-
-## Global
-[eventtype=aix_scripted_input]
-check = enabled
-report = enabled
-
-[eventtype=hpux_scripted_input]
-check = enabled
-report = enabled
-
-[eventtype=linux_scripted_input]
-check = enabled
-report = enabled
-
-[eventtype=osx_scripted_input]
-check = enabled
-report = enabled
-
-[eventtype=solaris_scripted_input]
-check = enabled
-report = enabled
-
-[eventtype=unix_scripted_input]
-check = enabled
-report = enabled
-
-## CPUTime
-[eventtype=cputime]
-os = enabled
-avail = enabled
-cpu = enabled
-performance = enabled
-oshost = enabled
-
-[eventtype=cputime_anomalous]
-anomalous = enabled
-
-
-## Disk
-[eventtype=freediskspace]
-os = enabled
-avail = enabled
-disk = enabled
-performance = enabled
-oshost = enabled
-storage = enabled
-
-[eventtype=freediskspace_anomalous]
-anomalous = enabled
-
-
-## Listening Ports
-[eventtype=listeningports]
-os = enabled
-config = enabled
-report = enabled
-
-
-## Local Processes
-
-[eventtype=localprocesses_anomalous]
-anomalous = enabled
-
-
-## Memory
-[eventtype=memory]
-os = enabled
-avail = enabled
-memory = enabled
-performance = enabled
-oshost = enabled
-
-[eventtype=memory_anomalous]
-anomalous = enabled
-
-
-## SELinux Config
-[eventtype=selinuxconfig]
-application = enabled
-config = enabled
-selinux = enabled
-
-[selinux=disabled]
-insecure = enabled
-
-
-## Service
-[eventtype=service]
-os = enabled
-config = enabled
-service = enabled
-report = enabled
-
-[eventtype=service_runlevel_anomalous]
-anomalous = enabled
-
-[app=ntpd]
-time = enabled
-synchronize = enabled
-
-[app=%2Fnetwork%2Fntp%3Adefault]
-time = enabled
-synchronize = enabled
-
-[app=yum-updatesd]
-automatic = enabled
-update = enabled
-
-
-## SSHD Config
-[eventtype=sshdconfig]
-application = enabled
-config = enabled
-ssh = enabled
-
-[eventtype=sshd_insecure]
-insecure = enabled
-
-
-## Update
-[eventtype=update]
-os = enabled
-info = enabled
-system = enabled
-update = enabled
-
-[eventtype=update_status]
-status = enabled
-
-
-## Uptime
-[eventtype=uptime]
-os = enabled
-info = enabled
-report = enabled
-uptime = enabled
-performance = enabled
-
-[eventtype=uptime_anomalous]
-anomalous = enabled
-
-
-## User Accounts
-[eventtype=useraccounts]
-os = disabled
-config = enabled
-user = enabled
-inventory = enabled
-
-[eventtype=useraccounts_anomalous]
-anomalous = enabled
-
-[shell=%2Fbin%2Fbash]
-interactive = enabled
-
-[shell=%2Fbin%2Fsh]
-interactive = enabled
-
-[shell=%2Fusr%2Fbin%2Fbash]
-interactive = enabled
-
-[shell=%2Fusr%2Fbin%2Fpfksh]
-interactive = enabled
-
-[shell=%2Fusr%2Fbin%2Fpfsh]
-interactive = enabled
-
-
-## Version
-[eventtype=nix_version]
-os = enabled
-info = enabled
-report = enabled
-system = enabled
-version = enabled
-inventory = enabled
-oshost = enabled
-cpu = enabled
-memory = enabled
-
-
-## VSFTDP Config
-[eventtype=vsftpd_config]
-application = enabled
-config = enabled
-ftp = enabled
-cleartext = enabled
-
-[eventtype=vsftpd_config_anonymous]
-anonymous = enabled
-
-###### END CONTENT IMPORTED FROM TA-deploymentapps ######
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/transforms.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/transforms.conf
deleted file mode 100644
index e0183dcf..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/transforms.conf
+++ /dev/null
@@ -1,531 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-
-###### Globals ######
-
-## Lookups
-[nix_action_lookup]
-filename = nix_vendor_actions.csv
-case_sensitive_match = false
-
-## Aliases
-[host_as_dest]
-SOURCE_KEY = host
-REGEX = (.+)
-FORMAT = dest::"$1"
-
-[host_as_src]
-SOURCE_KEY = host
-REGEX = (.+)
-FORMAT = src::"$1"
-
-[src_dns_as_src]
-SOURCE_KEY = src_dns
-REGEX = (.+)
-FORMAT = src::"$1"
-
-[src_ip_as_src]
-SOURCE_KEY = src_ip
-REGEX = (.+)
-FORMAT = src::"$1"
-
-[dest_nt_host_as_dest]
-SOURCE_KEY = dest_nt_host
-REGEX = (.+)
-FORMAT = dest::"$1"
-
-[dest_mac_as_dest]
-SOURCE_KEY = dest_mac
-REGEX = (.+)
-FORMAT = dest::"$1"
-
-[dest_ip_as_dest]
-SOURCE_KEY = dest_ip
-REGEX = (.+)
-FORMAT = dest::"$1"
-
-###### DHCP ######
-[dhcp_prefix_dest]
-#when dhcp server is the dest, extract the dest and process fields
-#format as below (fields are within the angle brackets):
-#<dest> <dest_host>[process_id]|<process>:
-REGEX=\s+(?<dest>\S+)\s+(?:(?<dest_host>[^\s\[\]]+)\[(?<process_id>[^\]\s]+)\]|(?<process>[^\s\[\]]+)):\s+
-
-[dhcp_prefix_src]
-#when dhcp server is the src, extract the src and process fields
-#format as below (fields are within the angle brackets):
-#<src> <src_host>[process_id]|<process>:
-REGEX=\s+(?<src>\S+)\s+(?:(?<src_host>[^\s\[\]]+)\[(?<process_id>[^\]\s]+)\]|(?<process>[^\s\[\]]+)):\s+
-
-
-[dhcp_mac_hostname_for_dest]
-#extract mac address and hostname for dest
-#format as below (fields are within the angle brackets):
-#<dest_mac> (<dest_host>)
-#Note: dest_host may not exist
-REGEX=\s+(?<dest_mac>\S+)\s+(?:\((?<dest_host>[^)]+)\)\s+)?
-
-[dhcp_mac_hostname_for_src]
-#extract mac address and hostname for src
-#format as below (fields are within the angle brackets):
-#<src_mac> (<src_host>)
-#Note: src_host may not exist
-REGEX=\s+(?<mac_address>\S+)\s+(?:\((?<src_host>[^)]+)\)\s+)?
-
-[dhcp_relay]
-#extract relay field
-REGEX = (?<relay>[^\s:\\]+)
-
-[dhcp_block_action]
-#extract blocked actions
-REGEX = (?<block_action>(REFUSED|Invalid|ignored|rejected|not authoritative|[uU]nable to add forward map))
-
-[dhcp_discover_extract]
-# for event of DHCPDISCOVER, format as below (fields are within the angle brackets):
-# <dest> <process>: DHCPDISCOVER from <src_mac> (<src_host>) via <relay>
-# Note: src_host may not exist
-REGEX=[[dhcp_prefix_dest]](?<dhcp_type>DHCPDISCOVER)\s+from[[dhcp_mac_hostname_for_src]]via\s+[[dhcp_relay]]
-
-
-[dhcp_offer_extract]
-# for event of DHCPOFFER, format as below (fields are within the angle brackets):
-# <src> <process>: DHCPOFFER on <dest_ip> to  <dest_mac> (<dest_host>) via <relay>
-# Note: dest_host may not exist
-REGEX=[[dhcp_prefix_src]](?<dhcp_type>DHCPOFFER)\s+on\s+(?<dest_ip>\S+)\s+to[[dhcp_mac_hostname_for_dest]]via\s+[[dhcp_relay]]
-
-
-[dhcp_request_extract]
-# for event of DHCPREQUEST, format as below (fields are within the angle brackets):
-# <dest> <process>: DHCPREQUEST for <src> (<server_ip>) from  <src_mac> (<src_host>) via <relay> uid <uuid>
-# Note: server_ip, src_host, uuid may not exist
-REGEX=[[dhcp_prefix_dest]](?<dhcp_type>DHCPREQUEST)\s+for\s+(?<src>\S+)\s+(?:\((?<server_ip>[^)]+)\)\s+)?from[[dhcp_mac_hostname_for_src]]via\s+[[dhcp_relay]](?:\s+uid\s+(?<uuid>[^\s]+))?
-
-
-[dhcp_ack_nak_extract_0]
-# for event of DHCPACK or DHCPNAK, format as below (fields are within the angle brackets):
-# <src> <process>: DHCPACK|DHCPNAK on <dest_ip> to <dest_mac> (<dest_host>) via (<relay>) relay <relay_ip> lease-duration <lease_duration> uid <uuid>
-# Note: dest_host, relay_ip, lease_duration, uuid may not exist
-REGEX=[[dhcp_prefix_src]](?<dhcp_type>DHCPACK|DHCPNAK)\s+on\s+(?<dest_ip>\S+)\s+to[[dhcp_mac_hostname_for_dest]]via\s+[[dhcp_relay]](?:\s+relay\s+(?<relay_ip>\S+)\s+lease-duration\s+(?<lease_duration>\S+)\s+.*uid\s+(?<uuid>\S+))?
-
-
-[dhcp_ack_nak_extract_1]
-# for event of DHCPACK or DHCPNAK, format as below (fields are within the angle brackets):
-# <src> <process>: DHCPACK|DHCPNAK to <dest_ip> (<dest_mac>) via <relay>
-REGEX=[[dhcp_prefix_src]](?<dhcp_type>DHCPACK|DHCPNAK)\s+to\s+(?<dest_ip>\S+)\s+\((?<dest_mac>[^)]+)\)\s+via\s+[[dhcp_relay]]
-
-
-[dhcp_decline_extract]
-# for event of DHCPDECLINE, format as below (fields are within the angle brackets):
-# <dest> <process>: DHCPDECLINE of <src> from <src_mac> (<src_host>) via <relay>
-# Note: src_host may not exist
-REGEX=[[dhcp_prefix_dest]](?<dhcp_type>DHCPDECLINE)\s+of\s+(?<src>\S+)\s+from[[dhcp_mac_hostname_for_src]]via\s+[[dhcp_relay]]
-
-
-[dhcp_release_extract]
-# for event of DHCPRELEASE, format as below (fields are within the angle brackets):
-# <src> <process>: DHCPRELEASE of <dest> from <dest_mac> (<dest_host>) via <relay>
-# Note: src_host may not exist
-REGEX=[[dhcp_prefix_src]](?<dhcp_type>DHCPRELEASE)\s+of\s+(?<dest>\S+)\s+from[[dhcp_mac_hostname_for_dest]]via\s+[[dhcp_relay]]
-
-
-[dhcp_inform_extract]
-# for event of DHCPINFORM, format as below (fields are within the angle brackets):
-# <dest> <process>: DHCPINFORM from <src> via <relay>
-REGEX=[[dhcp_prefix_dest]](?<dhcp_type>DHCPINFORM)\s+from\s+(?<src>\S+)\s+via\s+[[dhcp_relay]]
-
-
-[dhcp_unable_to_add_forward_map_extract]
-# for event of unable to add forward map, format as below (fields are within the angle brackets):
-# <src> <process>: Unable to add forward map from <dest> to <dest_ip>
-REGEX=[[dhcp_prefix_src]][uU]nable\s+to\s+add\s+forward\s+map\s+from\s+(?<dest>\S+)\s+to\s+(?<dest_ip>[^\s:]+)
-
-
-[dhcp_add_new_forward_map_extract]
-# for event of add new forward map, format as below (fields are within the angle brackets):
-# <src> <process>: Added new forward map from <dest> to <dest_ip>
-REGEX=[[dhcp_prefix_src]][aA]dded\s+new\s+forward\s+map\s+from\s+(?<dest>\S+)\s+to\s+(?<dest_ip>[^\s:]+)
-
-
-[dhcp_added_reverse_map_extract]
-# for event of add reverse map, format as below (fields are within the angle brackets):
-# <dest> <process>: [aA]dded reverse map from <src_ptr> to <src>
-REGEX=[[dhcp_prefix_dest]][aA]dded\s+reverse\s+map\s+from\s+(?<src_ptr>\S+)\s+to\s+(?<src>\S+)
-
-
-[dhcp_abandon_ip_extract]
-# for event of Abandon IP address, format as below (fields are within the angle brackets):
-# <src> <process>: Abandoning IP address <dest_ip>
-REGEX=[[dhcp_prefix_src]]Abandoning\s+IP\s+address\s+(?<dest_ip>[^\s:]+)
-
-
-[dhcp_lease_duplicate_extract]
-# for event of lease duplicate, format as below (fields are within the angle brackets):
-# <server> <process>: uid lease <dest_ip> for client <dest_mac> is duplicate on <src>
-REGEX=\s+(?<server>\S+)\s+(?<server_process>[^\s:]+):\s+uid\s+lease\s+(?<dest_ip>\S+)\s+for\s+client\s+(?<dest_mac>\S+)\s+is\s+duplicate\s+on\s+(?<src>\S+)/
-
-[bind_update_fail_extract]
-# for event of bind update reject, format as below (fields are within the angle brackets):
-# <dest> <process>: bind update on <src> from <failover_peer> rejected
-REGEX=[[dhcp_prefix_dest]]bind\s+update\s+on\s+(?<src>\S+)\s+from\s+(?<failover_peer>\S+)\s+rejected.*
-
-[dhcp_icmp_echo_reply]
-REGEX=[[dhcp_prefix_src]]ICMP\s+Echo\s+reply\s+while\s+lease\s+(?<dest>\S+)
-
-[dhcp_reuse_lease]
-REGEX=[[dhcp_prefix_src]]reuse_lease:\s+lease\s+age.*under.*threshold,\s+reply\s+with\s+unaltered,\s+existing\s+lease\s+for\s+(?<dest>[^$]+)
-
-###### Scripted Metric Inputs ######
-
-[eval_dimensions]
-# Support for omitting the IPv6 Address field when the script output doesn't include an IPv6 Address
-INGEST_EVAL = metric_name=sourcetype, entity_type="TA_Nix", OS_name=replace(OSName, "_", " "), IPv6_address = if(IPv6_Address=="?", null(), IPv6_Address)
-
-[extract_df_metrics]
-INGEST_EVAL = UsePct=coalesce('UsePct','Capacity','Use'), Size_KB=coalesce('Size','1K_blocks','1024_blocks'), Used_KB='Used', Avail_KB=coalesce('Avail','Available'), INodes=coalesce('INodes','Inodes'), IUsed=coalesce('IUsed','iused','Iused'), IFree=coalesce('IFree','ifree','Ifree'), IUsePct=coalesce('IUsePct','IUse'), Size=coalesce('Size','1K_blocks','1024_blocks'), Avail=coalesce('Avail','Available'), Type=coalesce('Type',"?")
-
-[metric-schema:extract_metrics_interfaces]
-METRIC-SCHEMA-MEASURES= Collisions,RXbytes,RXerrors,TXbytes,TXerrors,RXdropped,TXdropped
-METRIC-SCHEMA-BLACKLIST-DIMS= OSName, IPv6_Address
-
-# added extract_iostat_metrics_field for backward compatibility
-[extract_iostat_metrics_field]
-INGEST_EVAL = rReq_PS=r_s, rKB_PS=coalesce(rkB_s, Kb_read, kr_s), rrqmPct=rrqm, rAvgWaitMillis=r_await, rAvgReqSZkb=rareq_sz, wReq_PS=w_s, wKB_PS=coalesce(wkB_s, Kb_wrtn, kw_s), wrqmPct=wrqm, wAvgWaitMillis=w_await, wAvgReqSZkb=wareq_sz, avgQueueSZ=coalesce(aqu_sz, avgqu_sz), bandwUtilPct=coalesce(util, tm_act, ms_o, b), avgSvcMillis=coalesce(svctm, ms_w, asvc_t), avgWaitMillis=coalesce(await, wsvc_t, if(isnull(await),if(r_s==0.00 AND w_s==0.00,0,(((r_s * r_await) + (w_s * w_await))/(r_s+ w_s))), await), null())
-
-[extract_ps_metric_field]
-INGEST_EVAL = pctCPU=coalesce(CPU,pctCPU), pctMEM=coalesce(MEM,pctMEM), RSZ_KB=coalesce(RSS,RSZ_KB), VSZ_KB=coalesce(VSZ, VSZ_KB)
-
-[extract_cpu_metric_field]
-INGEST_EVAL = pctIdle=coalesce(id,pctIdle), pctIowait=coalesce(wa,pctIowait), pctSystem=coalesce(sy,pctSystem), pctUser=coalesce(us,pctUser), pctNice=coalesce(pctNice,"0"), CPU=coalesce(cpu,CPU)
-
-[metric-schema:extract_metrics_iostat]
-METRIC-SCHEMA-MEASURES= _NUMS_EXCEPT_ OS_name, OS_version, IP_address
-METRIC-SCHEMA-BLACKLIST-DIMS= OSName
-
-[metric-schema:extract_metrics_vmstat]
-METRIC-SCHEMA-MEASURES= memTotalMB,memFreeMB,memUsedMB,memFreePct,memUsedPct,pgPageOut,swapUsedPct,pgSwapOut,cSwitches,interrupts,forks,processes,threads,loadAvg1mi,waitThreads,interrupts_PS,pgPageIn_PS,pgPageOut_PS
-METRIC-SCHEMA-BLACKLIST-DIMS= OSName
-
-[metric-schema:extract_metrics_df]
-METRIC-SCHEMA-MEASURES= _NUMS_EXCEPT_ OS_name, OS_version, IP_address, Filesystem, Type, MountedOn, IPv6_Address, IPv6_address
-METRIC-SCHEMA-BLACKLIST-DIMS= IPv6_Address
-
-[metric-schema:extract_metrics_cpu]
-METRIC-SCHEMA-MEASURES= _NUMS_EXCEPT_ OSName, OS_name, OS_version, IP_address, cpu, CPU
-METRIC-SCHEMA-BLACKLIST-DIMS= OSName
-
-[metric-schema:extract_metrics_ps]
-METRIC-SCHEMA-MEASURES = _NUMS_EXCEPT_ ARGS,COMMAND,CPUTIME,ELAPSED,PID,PSR,S,STAT,START,STARTED,TT,TTY,USER,OSName,OS_name,OS_version,IP_address,IPv6_Address,IPv6_address
-METRIC-SCHEMA-BLACKLIST-DIMS= IPv6_Address
-
-###### Scripted Event Inputs ######
-
-[vmstat_osx]
-REGEX = (?m)(?:Pages free:\s*(\d+)\.).*(?:Pages active:\s*(\d+)\.).*(?:Pages inactive:\s*(\d+)\.).*(?:Pages wired down:\s*(\d+)\.).*(?:Pageins:\s*(\d+)\.).*(?:Pageouts:\s*(\d+)\.)
-FORMAT = free::$1 active::$2 inactive::$3 wired::$4 pageins::$5 pageouts::$6
-
-#procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
-# r  b   swpd   free  inact active   si   so    bi    bo   in   cs us sy id wa
-# 0  0     24   4272 172660  67124    0    0     2     1    0    1  0  0 100  0
-[vmstat_linux]
-REGEX = (\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)
-FORMAT = proc_waiting::$1 proc_unitsleep::$2 swap::$3 free::$4 inactive::$5 active::$6 swap_in::$7 swap_out::$8 blocks_in::$9 blocks_out::$10 interrupts::$11 contextswitch::$12 usermode::$13 kernelmode::$14 idle::$15 waiting::$16
-
-
-#memTotalMB   memFreeMB   memUsedMB  memFreePct  memUsedPct   pgPageOut  swapUsedPct   pgSwapOut   cSwitches  interrupts       forks   processes     threads  loadAvg1mi  waitThreads   interrupts_PS   pgPageIn_PS pgPageOut_PS
-#      8192        4153        4039        50.7        49.3     1585619          5.0           ?           ?           ?           ?          82         566        0.72         0.00   714.2   1.0     133.0
-[fields_for_vmstat_sh]
-REGEX = \s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)\s+([0-9.?]+)
-FORMAT = memTotalMB::"$1" memFreeMB::"$2" memUsedMB::"$3" memFreePct::"$4" memUsedPct::"$5" pgPageOut::"$6" swapUsedPct::"$7" pgSwapOut::"$8" cSwitches::"$9" interrupts::"$10" forks::"$11" processes::"$12" threads::"$13" loadAvg1mi::"$14" waitThreads::"$15" interrupts_PS::"$16" pgPageIn_PS::"$17" pgPageOut_PS::"$18"
-
-
-###### System Logs ######
-
-# General
-
-[loghost_as_dest]
-REGEX = ^\w{3}\s+\d+\s+\d{2}:\d{2}:\d{2}\s(\S+)\s\w+[\w\s\[]*
-FORMAT = dest::$1
-
-## Account Management
-[useradd]
-REGEX = (useradd).*?(?:new (?:user|account))(?:: | (?:added) - )(?:name|account)=([^\,]+),(?:\s)(?:(?:UID|uid)=(\w+),)?(?:\s)(?:(?:GID|gid)=(\w+),)?(?:\s)*(?:home=((?:\/[^\/ ]*)+\/?),)?(?:.*uid=(\d+))?
-FORMAT = vendor_action::"added" action::"created" command::$1 object_category::"user" user::$2 change_type::"AAA" object_id::$3 object_path::$5 status::"success" object_attrs::$4 src_user_id::$6
-
-[userdel]
-REGEX = (userdel).*?(?:(?:delete)(?:\s)*(?:user|account)) .(\S+).
-FORMAT = vendor_action::"delete" object_category::"user" action::"deleted" change_type::"AAA" command::$1 user::$2 status::"success"
-
-[userdel-grp]
-REGEX = (userdel).*?(?:(?:removed)(?:\s)*(?:\w+)?(?:\s)*(group))\s+\'(\S+)\'\s+owned\s+by\s+\'(\S+)\'
-FORMAT = action::"deleted" change_type::"AAA" command::$1 object_category::$2 object::$3 status::"success" "object_attrs"::$4
-
-[groupdel]
-REGEX = (groupdel).*(?:group)\s+'(\S+)'\s+removed(?:\s)*(?:(?:from\s+))?(\S+)?
-FORMAT = action::"deleted" change_type::"AAA" command::$1 object::$2 object_category::"group" status::"success" object_path::$3
-
-[groupadd]
-REGEX = (groupadd).*?(?:group added to |new group: )(?:((?:\/[^\/ ]*)+\/?):)?\s*(?:name=(\w+))?(?:,\s*GID=(\w+))?
-FORMAT = vendor_action::"added" action::"created" command::$1 object_category::"group" object::$3 change_type::"AAA" object_id::$4 object_path::$2 status::"success"
-
-[groupadd-suse]
-REGEX = (useradd).*?(?:account added to group -)\s*(?:account=([^,]+))?(?:,\s*)?(?:group=([^,]+))(?:,\s*)?(?:gid=(?:[^,]+))?\,\s+(?:by\s+\(uid=(\d+)\))?
-FORMAT = vendor_action::"account added to group" action::"modified" command::$1 object_category::"user" user::$2 change_type::"AAA" object_attrs::$3 status::"success" src_user_id::$4
-
-## password change
-[pam-passwd-ok]
-REGEX = (passwd).*pam_unix\((?:passwd):chauthtok\): password changed for (\S+)
-FORMAT = action::"modified" change_type::"AAA" command::$1 object_attrs::"password" object_category::"user" status::"success" user::$2
-
-[passwd-change-fail]
-REGEX = (passwd).*(?:password change failed).*(?:account=)([^,\s]+),\s+uid=([^,\s]+)\,\s+by(?:\s+\(uid=(\d+)\))?
-FORMAT = action::"modified" change_type::"AAA" command::$1 user::$2 object_attrs::"password" object_category::"user" status::"failure" object_id::$3 src_user_id::$4
-
-[command_for_linux_audit]
-REGEX = exe=.*\/(\S+)\"
-FORMAT = command::$1
-
-
-## Authentication
-
-# Jan 14 12:14:04 host sshd[16247]: Accepted publickey for mark from ::ffff:XXX.XXX.XX.XXX port 50710 ssh2
-# Aug 21 11:25:06 host sshd[2544]: Accepted keyboard-interactive/pam for root from XXX.XXX.XX.XXX port 1274 ssh2
-[ssh-login-accepted]
-REGEX = (?:sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?.*?(Accepted).*?(\S+)\s+from.*?((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))(?:\s+port\s+(\S+)\s+\w?\s*(ssh\d))?
-FORMAT = app::"ssh" action::"success" vendor_action::$1 user::$2 src::$3 src_port::$4 sshd_protocol::$5
-
-# Aug 21 10:31:01 host sshd[1468]: error: PAM: Authentication failure for root from XXX.XXX.XX.XXX
-# Nov  5 11:37:47 host sshd[3003]: Failed password for root from XXX.XXX.XX.XXX port 58356 ssh2
-[ssh-login-failed]
-REGEX = (?:sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?.*?(failure|Failed).*?(\S+)\s+from.*?((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))(?:\s+port\s+(\S+)\s+\w?\s*(ssh\d))?
-FORMAT = app::"ssh" action::"failure" vendor_action::$1 src::$3 user::$2 reason::"Failed password" src_port::$4 sshd_protocol::$5
-
-# Apr 14 12:14:04 host sshd[16247]: Failed password for invalid user player from XXX.XXX.XX.XXX port 343 ssh2
-# Apr 24 04:02:57 magmum.google.com sshd[12128]: Invalid user player from XXX.XXX.XX.XXX
-[ssh-invalid-user]
-REGEX = (?:sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?.*?(Invalid user|invalid user).*?(\S+)\s+from.*?((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))(?:\s+port\s+(\S+)\s+\w?\s*(ssh\d))?
-FORMAT = app::"ssh" action::"failure" src::$3 user::$2 reason::$1 src_port::$4 sshd_protocol::$5
-
-
-# Jan 11 03:16:49 crest-aix-dev auth|security:info syslog: ssh: failed login attempt for root from XXX.XXX.XX.XXX
-# Jan  8 06:00:56 crest-aix-dev auth|security:info syslog: pts/2: failed login attempt for root from qa-centos7x64-267.sv.splunk.com
-[failed_login1]
-REGEX = (?:syslog):.*(?:failed login attempt for)\s+(\S+)\s+from\s+(\S+)
-FORMAT = app::"nix" action::"failure" src::$2 user::$1 reason::"failed login"
-
-# Mar 18 16:54:02 splunk5 sshd(pam_unix)[17183]: session opened for user mark by (uid=0)
-# Mar 18 16:58:23 splunk5 sshd(pam_unix)[31639]: session closed for user mark
-# Apr 30 17:45:35 magnum.google.com sshd[5019]: Connection closed by XXX.XXX.XX.XXX
-[ssh-session-close]
-REGEX = .* ((?:session|Connection) (?:opened|closed))(?: for user ([^\s\(]+))?(?: by \(uid=(\d+)\))?(?: by ((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)))?
-FORMAT = name::$1 user::$2 user_id::$3 src_ip::$4
-
-# Apr 24 04:02:57 magmum.google.com sshd[12128]: Received disconnect from XXX.XXX.XX.XXX: 11: Bye Bye
-[ssh-disconnect]
-REGEX = (Received disconnect) from ([^\s]+):
-FORMAT = name::$1 src_ip::$2
-
-[sshd_authentication_kerberos_success]
-REGEX = (sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?(Authorized\s+to)\s+([^,]+)\,\s+krb5\s+principal\s+([^@]+)
-FORMAT = app::$1 vendor_action::"$2" user::"$3" src_user::"$4"
-
-[sshd_authentication_refused]
-REGEX = (sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?(Authentication\s+refused)\:.*?directory\s+\/home\/([^\/]+)
-FORMAT = app::$1 vendor_action::"$2" user::"$3"
-
-[sshd_authentication_tried]
-REGEX = (sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?(Authentication\s+tried)\s+for\s+([^\s]+)(?:.*?host\=([^,]+),\s+ip=((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)))?
-FORMAT = app::$1 vendor_action::$2 user::"$3" src_dns::"$4" src_ip::"$5"
-
-[sshd_login_restricted]
-REGEX = (sshd)\[\d+\]\:\s+(?:\[[^]]+]\s+)?(Login\s+restricted)\s+for\s+([^:]+)
-FORMAT = app::$1 vendor_action::"$2" user::"$3"
-
-[pam_unix_authentication_failure]
-REGEX = pam_unix\((?:[^:]+):\w+\)\:\s+authentication\s+(failure)\;\s+logname\=(?:[^\s]+)?\s+uid\=(?:[^\s]+)?\s+euid=(?:[^\s]+)?\s+tty=(?:[^\s]+)?\s+ruser=([^\s]+)?\s+rhost=([^\s]+)?\s*(?:user=([^\s]+)?)?
-FORMAT = app::"ssh" action::$1 src::$3 user::$4 reason::"other" src_user::$2
-
-[pam_unix_authentication_success]
-REGEX = pam_unix\(([^:]+):\w+\)\:\s+(session\s+opened)\s+for\s+user\s+([^\s\(]+)(?:\(uid=(\d+)\))?\s+by\s+([^\s\(]+)(?:\(uid=(\d+)\))?
-FORMAT = app::"$1" vendor_action::"$2" user::$3 user_id::$4 src_user::$5 action::"success" src_user_id::$6
-
-[passwd-auth-failure]
-REGEX = (passwd)\[(?:\d+)\]:\s+User\s+(\w+):\s+(?:Authentication failure)
-FORMAT = app::$1 action::"failure" user::$2 reason::"Authentication failure"
-
-[sudo_cannot_identify]
-REGEX = pam_unix\(([^:]+):\w+\)\:\s+auth\s+(could\s+not\s+identify\s+password)\s+for\s+\[([^]]+)
-FORMAT = app::"$1" vendor_action::"$2" user::"$3" reason::"could not identify password"
-
-[remote_login_allowed]
-REGEX = (pam_rhosts_auth)\[\d+\]:\s+allowed\s+to\s+(\w+)@(?:\S+)\s+as\s+(?:\w+)
-FORMAT = action::"success" app::$1 user::$2 vendor_action::"allowed"
-
-[remote_login_failure]
-REGEX = (pam_rhosts_auth)\[\d+\]:\s+denied\s+to\s+(\w+)@(?:\S+)\s+as\s+(?:\w+)
-FORMAT = action::"failure" app::$1 user::$2 vendor_action::"denied" reason::"access not allowed"
-
-[failed-su]
-REGEX = \'(?:su)\s+(?:[^']+)\'\s+(failed)\s+for\s+([^\s]+)
-FORMAT = vendor_action::$1 action::"failure" app::"nix" user::$2 reason::"other"
-
-[bad-su]
-REGEX = (?:su):\s+BAD\s+SU\s+dcid\s+to\s+(\w+)\s+on\s+(?:(?:\/[^\/ \n]*)+)
-FORMAT = action::"failure" app::"nix" user::$1 reason::"BAD SU dcid"
-
-[bad-su2]
-REGEX = (?:su):\s+BAD\s+SU\s+from\s+(\S+)\s+to\s+(\S+)\s+at\s+(?:(?:\/[^\/ \n]*)+)
-FORMAT = action::"failure" app::"nix" user::$2 src_user::$1 reason::"BAD SU"
-
-[ksu_authentication]
-REGEX = (ksu)\[\d+\]\:\s+(?:\[[^]]+]\s+)?\'ksu\s+([^']+)\'\s+(authentication\s+failed|authenticated).*?for\s+(\w+)
-FORMAT = app::$1 user::"$2" vendor_action::"$3" src_user::$4
-
-[ksu_authorization]
-REGEX = (ksu)\[\d+\]\:\s+(?:\[[^]]+]\s+)?Account\s+([^:]+)\:\s+authorization\s+for\s+([^@]+).*?(failed|successful)
-FORMAT = app::$1 user::"$2" src_user::"$3" vendor_action::$4
-
-[login_authentication]
-REGEX = (login)\:.*(failure).*from\s+((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))(?:\,\s+(\S+))?
-FORMAT = app::$1 action::$2 user::$4 src::$3 reason::"login failure"
-
-[su_simple]
-REGEX = (?:su)\:\s+(?:\[[^]]+]\s+)?from\s+([^\s]+)\s+to\s+([^\s]+)
-FORMAT = app::"nix" src_user::$1 user::$2 action::"success"
-
-[su_authentication]
-REGEX = \'(?:su)\s+([^']+)\'\s+(succeeded|failed)\s+for\s+([^\s]+)
-FORMAT = app::"nix" user::"$1" vendor_action::$2 src_user::$3
-
-[su_successful]
-REGEX = (Successful)\s+(?:su)\s+for\s+([^\s]+)\s+by\s+([^\s]+)
-FORMAT = app::"nix" vendor_action::$1 user::$2 src_user::$3
-
-[wksh_authentication]
-REGEX = (wksh):\s+(HANDLING\s+TELNET\s+CALL)\s+\(User:\s+([^,]+),\s+Branch:\s+(?:[^,]+),\s+Client:\s+([^)]+)
-FORMAT = app::$1 vendor_action::"$2" user::$3 src_dns::$4
-
-[ftpd_authentication]
-REGEX = (ftpd)\[\d+\]\:.*(FTP\s+LOGIN)\s+FROM\s+([^\s]+)\s+\[((?::?[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))\]\,\s+(.*)
-FORMAT = app::$1 vendor_action::"$2" src::$3 src_ip::$4 user::"$5"
-
-
-## Firewall
-[ipfw]
-REGEX = ^.* \d{2}:\d{2}:\d{2}.*? ipfw:\s*(\d+) (Deny|Accept) (UDP|TCP) \[?((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)|(?:[^:]+))(?:[:\]]+)?(\d+)? \[?((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)|(?:[^:]+))(?:[:\]]+)?(\d+)? (in|out) via ([^\s]+)
-FORMAT = rule_number::$1 action::$2 proto::$3 dest_ip::$4 dest_port::$5 src_ip::$6 src_port::$7 direction::$8 interface::$9
-
-[ipfw-stealth]
-REGEX = ^.* \d{2}:\d{2}:\d{2}.*? ipfw:\s*Stealth Mode connection (attempt) to (UDP|TCP) \[?((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)|(?:[^:]+))(?:[:\]]+)?(\d+)? from \[?((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)|(?:[^:]+))(?:[:\]]+)?(\d+)?
-FORMAT = action::$1 proto::$2 src_ip::$3 src_port::$4 dest_ip::$5 dest_port::$6
-
-[ipfw-icmp]
-#REGEX = ^.*? ipfw:\s*(\d+) (Deny|Accept) (ICMP):([^ ]*) ([^ ]*) ([^ ]*) (out|in) via ([^\s])*\s*
-REGEX = ^.*? ipfw:\s*(\d+) (Deny|Accept) (ICMP|ICMPv6):([^ ]*) ([^ ]*) ([^ ]*) (out|in) via (.*)
-FORMAT = rule_number::$1 action::$2 proto::$3 application::$4 src_ip::$5 dest_ip::$6 direction::$7 interface::$8
-
-[pf]
-REGEX = rule ([-\d]+\/\d+)\(.*?\): (pass|block) (in|out) on (\w+): \[?((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))(?:[:\]]+)?(\d+)? [<>] \[?((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+))(?:[:\]]+)?(\d+)?: (?:.*)
-FORMAT = rule_number::$1 action::$2 direction::$3 interface::$4 src_ip::$5 src_port::$6 dest_ip::$7 dest_port::$8
-
-
-## Routing
-# Mar 26 11:03:20 splunk4 kernel: BLOCK IN=eth0 OUT= MAC=00:15:c5:e0:ba:45:00:10:db:ff:20:70:08:00 SRC=10.1.5.78 DST=10.2.1.44 LEN=64 TOS=0x10 PREC=0x00 TTL=61 ID=64317 DF PROTO=TCP SPT=57293 DPT=110 WINDOW=65535 RES=0x00 SYN URGP=0
-[iptables]
-REGEX = kernel:\s+(\w+ ?\w*) IN=(\w+) OUT=(\w*) .*SRC=((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)) DST=((?:[0-9a-fA-F:]{0,4}:[0-9a-fA-F:]*[.\d]*)|(?:[\d+\.]+)).*PROTO=(\w+) SPT=(\w+) DPT=(\w+)
-FORMAT = action::"$1" inbound_interface::$2 outbound_interface::$3 src_ip::$4 dest_ip::$5 proto::$6 src_port::$7 dest_port::$8
-
-## bash
-[bash_user]
-SOURCE_KEY=source
-REGEX=^\/home\/([^\/]+)\/
-FORMAT=user_name::$1
-
-[bash_user_root]
-SOURCE_KEY=source
-REGEX=^\/(root)\/
-FORMAT=user_name::$1
-
-## Time synchronization
-[signature_for_nix_timesync]
-REGEX = ((?:Adjusting\s+system\s+clock)|(?:synchronized\s+to)|(?:step\s+time\s+server)|(?:adjust\s+time\s+server)|(?:NTP\s+Server\s+Unreachable))
-FORMAT = signature::$1
-
-
-###### BEGIN CONTENT IMPORTED FROM TA-deploymentapps ######
-
-# Stanzas in this section are legacy configuration stanzas
-# intended to support parsing of data created by scripts in
-# TA-deploymentapps, which has since been retired. Systems that use
-# Splunk_TA_nix on the search head but which may be searching data
-# from forwarders on which the older scripts are still in use should
-# be able to search new and old data seamlessly.
-
-###### Scripted Inputs ######
-
-## Global
-
-##
-
-[force_host_for_linux_eventgen]
-DEST_KEY = MetaData:Host
-REGEX = .
-FORMAT = host::ACME-001
-
-[force_host_for_osx_eventgen]
-DEST_KEY = MetaData:Host
-REGEX = .
-FORMAT = host::ACME-002
-
-[force_host_for_solaris_eventgen]
-DEST_KEY = MetaData:Host
-REGEX = .
-FORMAT = host::ACME-003
-
-[force_host_for_unix_eventgen]
-DEST_KEY = MetaData:Host
-REGEX = .
-FORMAT = host::ACME-004
-
-## Service
-[nix_linux_service_startmode_lookup]
-filename = nix_linux_service_startmodes.csv
-
-## Update
-[nix_da_update_status_lookup]
-filename = nix_da_update_status.csv
-
-[Description_for_installedupdates]
-REGEX = ^Description=([^\r\n]+)
-FORMAT = Description::$1
-
-## Version
-[nix_da_version_range_lookup]
-filename = nix_da_version_ranges.csv
-
-[nix_linux_audit_action_lookup]
-filename = nix_linux_audit_action_object_category.csv
-
-[force_host_for_linux_cpu]
-DEST_KEY=MetaData:Host
-REGEX=^\S+\s+\S+\s+\S+\s+(\S+)
-FORMAT=host::$1
-
-[force_host_for_linux_memory]
-DEST_KEY=MetaData:Host
-REGEX=^\S+\s+\S+\s+\S+\s+(\S+)
-FORMAT=host::$1
-
-[force_host_for_linux_io]
-DEST_KEY=MetaData:Host
-REGEX=^\S+\s+\S+\s+\S+\s+(\S+)
-FORMAT=host::$1
-
-[force_host_for_linux_disk]
-DEST_KEY=MetaData:Host
-REGEX=^\S+\s+\S+\s+\S+\s+(\S+)
-FORMAT=host::$1
-
-###### END CONTENT IMPORTED FROM TA-deploymentapps ######
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/web.conf b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/web.conf
deleted file mode 100644
index 8bc828ac..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/default/web.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-##
-## SPDX-FileCopyrightText: 2024 Splunk, Inc.
-## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
-##
-##
-[expose:setup]
-pattern=SetupService
-methods=GET,POST
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_update_status.csv b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_update_status.csv
deleted file mode 100644
index 945da42e..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_update_status.csv
+++ /dev/null
@@ -1,8 +0,0 @@
-sourcetype,status
-AIX:Update,available
-FreeBSD:Update,available
-HPUX:Update,available
-Linux:Update,available
-OSX:Update,available
-Solaris:Update,available
-Unix:Update,available
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_version_ranges.csv b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_version_ranges.csv
deleted file mode 100644
index e97a2e5b..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_da_version_ranges.csv
+++ /dev/null
@@ -1,8 +0,0 @@
-sourcetype,range
-AIX:Version,aix
-FreeBSD:Version,freebsd
-HPUX:Version,hpux
-Linux:Version,linux
-OSX:Version,osx
-Solaris:Version,solaris
-Unix:Version,unix
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_audit_action_object_category.csv b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_audit_action_object_category.csv
deleted file mode 100644
index a5c101dc..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_audit_action_object_category.csv
+++ /dev/null
@@ -1,12 +0,0 @@
-op,action,object_category
-add-user,created,user
-add-home-dir,created,user
-add-group,created,group
-add-shadow-group,created,group
-delete-user,deleted,user
-deleting-user-from-group,modified,user
-deleting-user-from-shadow-group,modified,user
-delete-shadow-group,deleted,group
-delete-group,deleted,group
-success,success,user
-failed,failure,user
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_service_startmodes.csv b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_service_startmodes.csv
deleted file mode 100644
index 24c83034..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_linux_service_startmodes.csv
+++ /dev/null
@@ -1,129 +0,0 @@
-runlevel0,runlevel1,runlevel2,runlevel3,runlevel4,runlevel5,runlevel6,StartMode
-off,off,off,off,off,off,off,Disabled
-off,off,off,off,off,off,on,Auto
-off,off,off,off,off,on,off,Auto
-off,off,off,off,off,on,on,Auto
-off,off,off,off,on,off,off,Auto
-off,off,off,off,on,off,on,Auto
-off,off,off,off,on,on,off,Auto
-off,off,off,off,on,on,on,Auto
-off,off,off,on,off,off,off,Auto
-off,off,off,on,off,off,on,Auto
-off,off,off,on,off,on,off,Auto
-off,off,off,on,off,on,on,Auto
-off,off,off,on,on,off,off,Auto
-off,off,off,on,on,off,on,Auto
-off,off,off,on,on,on,off,Auto
-off,off,off,on,on,on,on,Auto
-off,off,on,off,off,off,off,Auto
-off,off,on,off,off,off,on,Auto
-off,off,on,off,off,on,off,Auto
-off,off,on,off,off,on,on,Auto
-off,off,on,off,on,off,off,Auto
-off,off,on,off,on,off,on,Auto
-off,off,on,off,on,on,off,Auto
-off,off,on,off,on,on,on,Auto
-off,off,on,on,off,off,off,Auto
-off,off,on,on,off,off,on,Auto
-off,off,on,on,off,on,off,Auto
-off,off,on,on,off,on,on,Auto
-off,off,on,on,on,off,off,Auto
-off,off,on,on,on,off,on,Auto
-off,off,on,on,on,on,off,Auto
-off,off,on,on,on,on,on,Auto
-off,on,off,off,off,off,off,Auto
-off,on,off,off,off,off,on,Auto
-off,on,off,off,off,on,off,Auto
-off,on,off,off,off,on,on,Auto
-off,on,off,off,on,off,off,Auto
-off,on,off,off,on,off,on,Auto
-off,on,off,off,on,on,off,Auto
-off,on,off,off,on,on,on,Auto
-off,on,off,on,off,off,off,Auto
-off,on,off,on,off,off,on,Auto
-off,on,off,on,off,on,off,Auto
-off,on,off,on,off,on,on,Auto
-off,on,off,on,on,off,off,Auto
-off,on,off,on,on,off,on,Auto
-off,on,off,on,on,on,off,Auto
-off,on,off,on,on,on,on,Auto
-off,on,on,off,off,off,off,Auto
-off,on,on,off,off,off,on,Auto
-off,on,on,off,off,on,off,Auto
-off,on,on,off,off,on,on,Auto
-off,on,on,off,on,off,off,Auto
-off,on,on,off,on,off,on,Auto
-off,on,on,off,on,on,off,Auto
-off,on,on,off,on,on,on,Auto
-off,on,on,on,off,off,off,Auto
-off,on,on,on,off,off,on,Auto
-off,on,on,on,off,on,off,Auto
-off,on,on,on,off,on,on,Auto
-off,on,on,on,on,off,off,Auto
-off,on,on,on,on,off,on,Auto
-off,on,on,on,on,on,off,Auto
-off,on,on,on,on,on,on,Auto
-on,off,off,off,off,off,off,Auto
-on,off,off,off,off,off,on,Auto
-on,off,off,off,off,on,off,Auto
-on,off,off,off,off,on,on,Auto
-on,off,off,off,on,off,off,Auto
-on,off,off,off,on,off,on,Auto
-on,off,off,off,on,on,off,Auto
-on,off,off,off,on,on,on,Auto
-on,off,off,on,off,off,off,Auto
-on,off,off,on,off,off,on,Auto
-on,off,off,on,off,on,off,Auto
-on,off,off,on,off,on,on,Auto
-on,off,off,on,on,off,off,Auto
-on,off,off,on,on,off,on,Auto
-on,off,off,on,on,on,off,Auto
-on,off,off,on,on,on,on,Auto
-on,off,on,off,off,off,off,Auto
-on,off,on,off,off,off,on,Auto
-on,off,on,off,off,on,off,Auto
-on,off,on,off,off,on,on,Auto
-on,off,on,off,on,off,off,Auto
-on,off,on,off,on,off,on,Auto
-on,off,on,off,on,on,off,Auto
-on,off,on,off,on,on,on,Auto
-on,off,on,on,off,off,off,Auto
-on,off,on,on,off,off,on,Auto
-on,off,on,on,off,on,off,Auto
-on,off,on,on,off,on,on,Auto
-on,off,on,on,on,off,off,Auto
-on,off,on,on,on,off,on,Auto
-on,off,on,on,on,on,off,Auto
-on,off,on,on,on,on,on,Auto
-on,on,off,off,off,off,off,Auto
-on,on,off,off,off,off,on,Auto
-on,on,off,off,off,on,off,Auto
-on,on,off,off,off,on,on,Auto
-on,on,off,off,on,off,off,Auto
-on,on,off,off,on,off,on,Auto
-on,on,off,off,on,on,off,Auto
-on,on,off,off,on,on,on,Auto
-on,on,off,on,off,off,off,Auto
-on,on,off,on,off,off,on,Auto
-on,on,off,on,off,on,off,Auto
-on,on,off,on,off,on,on,Auto
-on,on,off,on,on,off,off,Auto
-on,on,off,on,on,off,on,Auto
-on,on,off,on,on,on,off,Auto
-on,on,off,on,on,on,on,Auto
-on,on,on,off,off,off,off,Auto
-on,on,on,off,off,off,on,Auto
-on,on,on,off,off,on,off,Auto
-on,on,on,off,off,on,on,Auto
-on,on,on,off,on,off,off,Auto
-on,on,on,off,on,off,on,Auto
-on,on,on,off,on,on,off,Auto
-on,on,on,off,on,on,on,Auto
-on,on,on,on,off,off,off,Auto
-on,on,on,on,off,off,on,Auto
-on,on,on,on,off,on,off,Auto
-on,on,on,on,off,on,on,Auto
-on,on,on,on,on,off,off,Auto
-on,on,on,on,on,off,on,Auto
-on,on,on,on,on,on,off,Auto
-on,on,on,on,on,on,on,Auto
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_vendor_actions.csv b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_vendor_actions.csv
deleted file mode 100644
index 2293e087..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/lookups/nix_vendor_actions.csv
+++ /dev/null
@@ -1,22 +0,0 @@
-vendor_action,action
-accepted,success
-add,created
-added,created
-create,created
-authenticated,success
-"authentication failed",failure
-"authentication refused",failure
-"authentication tried",failure
-"authorized to",success
-"could not identify password",failure
-delete,deleted
-failed,failure
-"ftp login",success
-"handling telnet call",success
-"invalid user",failure
-"login restricted",failure
-remove,deleted
-"session opened",success
-succeeded,success
-successful,success
-"account added to group",modified
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/metadata/default.meta b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/metadata/default.meta
deleted file mode 100644
index bbfc245f..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/metadata/default.meta
+++ /dev/null
@@ -1,11 +0,0 @@
-# Application-level permissions
-[]
-access = read : [ * ], write : [ admin , sc_admin ]
-export = system
-
-[savedsearches]
-owner = admin
-
-## Exclude export of custom alert actions
-[alert_actions/email]
-export = none
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/splunkbase.manifest b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/splunkbase.manifest
deleted file mode 100644
index 934b98e3..00000000
--- a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/splunkbase.manifest
+++ /dev/null
@@ -1,359 +0,0 @@
-{
-  "version": "1.0",
-  "date": "2024-10-18T12:52:23.073000921Z",
-  "hashAlgorithm": "SHA-256",
-  "app": {
-    "id": 833,
-    "version": "9.2.0",
-    "files": [
-      {
-        "path": "LICENSES/Apache-2.0.txt",
-        "hash": "d3910dee6fe9fe134856d76268fe82adb1ade1ecf51b3568b7da6b94894b88f3"
-      },
-      {
-        "path": "LICENSES/LicenseRef-Splunk-8-2021.txt",
-        "hash": "37906d637abbbeca35cfb2efcb658cabbc0208d101848372c1e55fbf9ba62e47"
-      },
-      {
-        "path": "README/restmap.conf.spec",
-        "hash": "5cc8f9508cd792137e1a2129763dd78e9275a0c2f8d3cf7fc25b72848a07d869"
-      },
-      {
-        "path": "README.txt",
-        "hash": "106e6203d3ff66f04cac953385cb517cff459b572f8d52adf71a8a59c5851776"
-      },
-      {
-        "path": "THIRDPARTY",
-        "hash": "6340a3cf0959b37d83e10ce4e12bc4ab53d2ae2729ee506451b8d554418d1ab3"
-      },
-      {
-        "path": "VERSION",
-        "hash": "4b083d27782e80fd5bce34252adc7de9e9ab611475e170cb507e49586483025e"
-      },
-      {
-        "path": "app.manifest",
-        "hash": "24b4bb6f47bc1472038f5c983ec91705052162da89555f52a78c9f3c830cfd82"
-      },
-      {
-        "path": "appserver/static/appIcon.png",
-        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
-      },
-      {
-        "path": "appserver/static/components/js_sdk_extensions/common.js",
-        "hash": "295fe307ec286b9b4eb89c4b59dbd6204376e63b7346c26fd1b087446db372c2"
-      },
-      {
-        "path": "appserver/static/components/js_sdk_extensions/monitor_inputs.js",
-        "hash": "27af704acaeb3b98c78ad5322a6171e1b748b5650be809f5d92a4e5618529123"
-      },
-      {
-        "path": "appserver/static/components/js_sdk_extensions/scripted_inputs.js",
-        "hash": "6fe5d6f31a60a86d9988170e1641f13eb315351f890c2247c6de83b3aa372e26"
-      },
-      {
-        "path": "appserver/static/setup.css",
-        "hash": "f27882e6a07bbd87f99f95d77211439e71959efae6d52ce4771ce26d06e0bcc9"
-      },
-      {
-        "path": "appserver/static/setup.js",
-        "hash": "a3d4e2567779b605a97daa3ced2fc49a8e487a5ec4ee95080392824eb74e7e11"
-      },
-      {
-        "path": "appserver/static/setup_cloud.js",
-        "hash": "00875c907fd0dc80fa5d05130c28410a8abd99a0ff43da86c6af87e01d8a21da"
-      },
-      {
-        "path": "bin/bandwidth.sh",
-        "hash": "14682eacdc5ab8849ce3e786c05d0140ea166b6f28403106e433048c09533146"
-      },
-      {
-        "path": "bin/common.sh",
-        "hash": "6569707362169122ec6a41c9345ed00e09e0913e3855ccb68a21ade3c1c9012d"
-      },
-      {
-        "path": "bin/cpu.sh",
-        "hash": "e34d912324ceb3f6add524722adc9057b4177015fad844a5e37634ef40cbb9c7"
-      },
-      {
-        "path": "bin/cpu_metric.sh",
-        "hash": "2d175a98ded5f141b20fd3b3847217447b5489b4d989512d8b8679a4f2777a0b"
-      },
-      {
-        "path": "bin/df.sh",
-        "hash": "27b0ad779340e6bd8a26e296ce9b0b9cd2721eaadcf4669e5579560a676c9db7"
-      },
-      {
-        "path": "bin/df_metric.sh",
-        "hash": "4457b92d8d8ee24441eb38df2134113f5a821111b7c3573b48313adcee39d3e8"
-      },
-      {
-        "path": "bin/hardware.sh",
-        "hash": "20e341826d21047e9cc3b7cd632422f6b9a0364282333616c1f912b4dddb7093"
-      },
-      {
-        "path": "bin/interfaces.sh",
-        "hash": "ebdd6823f6db05bc76ebdbfb61d1fda63959fd334cf59d2e038ea7bae64355b7"
-      },
-      {
-        "path": "bin/interfaces_metric.sh",
-        "hash": "9458deb6ba4c56a22264df75d42945e170f6f1a729d93220617c85810733ef19"
-      },
-      {
-        "path": "bin/iostat.sh",
-        "hash": "505a4694c4879fd8ed155394be51431c9839fc9f980077abb0416f844f09d722"
-      },
-      {
-        "path": "bin/iostat_metric.sh",
-        "hash": "4af68e89e6a93fa34ccd724ff78a509b7868bc06e60a4f16a6aa24d300d8efc8"
-      },
-      {
-        "path": "bin/lastlog.sh",
-        "hash": "8d8c0744767d9426cb98122d33eb6acd5447db4a03cfccfd5fdc014f1e15ea3e"
-      },
-      {
-        "path": "bin/lsof.sh",
-        "hash": "a98a9c64496a081c395e00b692f5eca25ae186cc050c0f31d5425a561fdc63a1"
-      },
-      {
-        "path": "bin/netstat.sh",
-        "hash": "a5ef9833cf21c6572431f32991d153a625510a4b0553fe6f56d07bb4f4914b2e"
-      },
-      {
-        "path": "bin/nfsiostat.sh",
-        "hash": "eccc2bf3701840173206ecf7603c20861b4ce106b6be795df2fa312744958107"
-      },
-      {
-        "path": "bin/openPorts.sh",
-        "hash": "9f7cb2a7f9e8b43ceb7e22930ea125855e64527caa13d76b5c219ec473b899c5"
-      },
-      {
-        "path": "bin/openPortsEnhanced.sh",
-        "hash": "d7e19798aec7fb3244b6fe36fce28ca3fc8951a0e38d0516f5ef8c1b06197246"
-      },
-      {
-        "path": "bin/package.sh",
-        "hash": "d9da2664cc2b913285d595e7c74dab9e5a6f1703d44e8f517e9b62a5ba70496a"
-      },
-      {
-        "path": "bin/passwd.sh",
-        "hash": "4ab37e3c9d07842777ed42f8b22adfe8fe05a9ab0758e833fdc885a26237bafe"
-      },
-      {
-        "path": "bin/protocol.sh",
-        "hash": "61e372f670cb74131890a2c0ff381891c83337687b6809f31bf920a99f5bd432"
-      },
-      {
-        "path": "bin/ps.sh",
-        "hash": "3a6ebc99c1b5207d54c885338cf06b22f343c1f64a6048d03fd0bf48b82d41b5"
-      },
-      {
-        "path": "bin/ps_metric.sh",
-        "hash": "0c3dc356f47728b9b99be79fffe40256eded1644f599b1bbe8b1a9e8db05b10d"
-      },
-      {
-        "path": "bin/rlog.sh",
-        "hash": "271fcaf091527670df3e794c29d7bf57d1371909c72c25d56c79dd136b029513"
-      },
-      {
-        "path": "bin/selinuxChecker.sh",
-        "hash": "07135df789924f8d4f5ae8228ccbfe0a5e47756de202fcf00a019a12712d8312"
-      },
-      {
-        "path": "bin/service.sh",
-        "hash": "d579051391bd1af365bdda6016e3529009e0e7b62e1846fdcdb755b36f0d7c49"
-      },
-      {
-        "path": "bin/setup.sh",
-        "hash": "b0263d112fa183411bfe141840d697217025856d44fa67be6d14b240728b7062"
-      },
-      {
-        "path": "bin/setupservice.py",
-        "hash": "c69d1b0b4a10ec966c2e752b7ec1c3f4be5ca3721626bbab62ddfe1509d15137"
-      },
-      {
-        "path": "bin/sshdChecker.sh",
-        "hash": "ba9ada21b413a1f7ea5ab7850314e96b03c8a3369267af24d9cf2d8f76edb6dc"
-      },
-      {
-        "path": "bin/time.sh",
-        "hash": "5ad0ed71a9c4637046da43656aea4a614e331217fb707e9df7443aaa6036eeba"
-      },
-      {
-        "path": "bin/top.sh",
-        "hash": "f380506de00a3bb51d9351108057e498cd8211e3ade7c16fa65121d3ff66ba1d"
-      },
-      {
-        "path": "bin/update.sh",
-        "hash": "048f6e678f873d2b856ec851c52389d9f8d5ccde0fee0ead0dcf5348cc3cb587"
-      },
-      {
-        "path": "bin/uptime.sh",
-        "hash": "2770952e0c29a92e37d2d23a8a93223812e2facd4597c50e3e832439fdbdf600"
-      },
-      {
-        "path": "bin/usersWithLoginPrivs.sh",
-        "hash": "0006baa9bc57e6b5711e557b6532b8c48b29d42bca6364d664042d2aa6f2cf12"
-      },
-      {
-        "path": "bin/version.sh",
-        "hash": "4d484fc3e1853d0e07d47ba9c4401266a1fbe0712a554e9eeaeb835b96d8a59f"
-      },
-      {
-        "path": "bin/vmstat.sh",
-        "hash": "b816aa5e67ad18b995eb577e16ca7c91ae3ecdeeb019d0b79321ade83a90daef"
-      },
-      {
-        "path": "bin/vmstat_metric.sh",
-        "hash": "47df351e2afd7abedb49f8d38f5350ce6276fdb512005ba56e7ff9692f581515"
-      },
-      {
-        "path": "bin/vsftpdChecker.sh",
-        "hash": "0009c03f72289e5b7b692cb74951382d1a6d4c3698ef5b08b74e468f3dfe199f"
-      },
-      {
-        "path": "bin/who.sh",
-        "hash": "47318dee6246abfd577984383ac134225a84e0dcf0753413f88b7f2be5a8087d"
-      },
-      {
-        "path": "default/app.conf",
-        "hash": "451c717df6073aabd78b5ba4abb33ac71b6d61df8d46a243913b01ed9ac77040"
-      },
-      {
-        "path": "default/data/ui/nav/default.xml",
-        "hash": "36078398f91fa377c21f2369271797cc0016b8ba1a6f271e327cce2809f2711d"
-      },
-      {
-        "path": "default/data/ui/views/ta_nix_configuration.env_cloud.xml",
-        "hash": "7176b693e2eeb2757d6a5a9651e793141a52b5b36f4b229c31f4ab3e970e8510"
-      },
-      {
-        "path": "default/data/ui/views/ta_nix_configuration.xml",
-        "hash": "2d30308510e08aea0a190984fda45b708ab373768796494202a4813c37ef74d2"
-      },
-      {
-        "path": "default/eventtypes.conf",
-        "hash": "c52b63bf8b429e406a1488c59c1945531123bed647b08460d85ca3a6a4f8f81e"
-      },
-      {
-        "path": "default/inputs.conf",
-        "hash": "0eff320f7aba6d35e27e8a0ae0837ad6c4340f9e84a9cdfb71e8162a97ecc782"
-      },
-      {
-        "path": "default/macros.conf",
-        "hash": "0daf589bcfbd430f45b55ed3f3d0784f8ad6e79d75300fac9c2604a79fc7f4dc"
-      },
-      {
-        "path": "default/props.conf",
-        "hash": "8742759e63baf3dc737adecec95fb7370741cb5f2268064593cb2e5a1ba8b260"
-      },
-      {
-        "path": "default/restmap.conf",
-        "hash": "2774f5332efc8bfeebb88a1d771b8d65cca9197666d0c5e9a4a371b8ed468d73"
-      },
-      {
-        "path": "default/tags.conf",
-        "hash": "ad29e489018a892f8d50731e32efa48a01dcdb438096d443f7b6e068cfd1ca15"
-      },
-      {
-        "path": "default/transforms.conf",
-        "hash": "d13792dde1aa85d9e864782787948d6f10b888e4a689d6668de3cc604e2ad1ab"
-      },
-      {
-        "path": "default/web.conf",
-        "hash": "75f12a6541d22c27d526ab544973398ae4b6d5aa1e57e8e4b22e845e564a2e56"
-      },
-      {
-        "path": "lookups/nix_da_update_status.csv",
-        "hash": "a9a794b39377946e0dcb5f70c9c8ba6114fec1728512c9f39cfb0f3eca46159c"
-      },
-      {
-        "path": "lookups/nix_da_version_ranges.csv",
-        "hash": "992529c548d8273e073a988d089fbd5c7fa5c1ef47d51243e9da9dfb77eba6d2"
-      },
-      {
-        "path": "lookups/nix_linux_audit_action_object_category.csv",
-        "hash": "5838950fd3cade537dea91d1dcdcbd10532457fa7de07d397bfc699e56a19867"
-      },
-      {
-        "path": "lookups/nix_linux_service_startmodes.csv",
-        "hash": "dd669b358909f4d9be9d0aef9f4720e78a290e422a90ec3e3cdabe39ed9b8be2"
-      },
-      {
-        "path": "lookups/nix_vendor_actions.csv",
-        "hash": "f287b03905a705fed92dd4a1d1cf060c16b9521aba80b06494af8d5e8530fa97"
-      },
-      {
-        "path": "metadata/default.meta",
-        "hash": "6fa3057938996152cdfeddb46b20a1c079966ba87a56cf7c13c9d35f3caaf2e7"
-      },
-      {
-        "path": "static/appIcon.png",
-        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
-      },
-      {
-        "path": "static/appIconAlt.png",
-        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
-      },
-      {
-        "path": "static/appIconAlt_2x.png",
-        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
-      },
-      {
-        "path": "static/appIconLg.png",
-        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
-      },
-      {
-        "path": "static/appIconLg_2x.png",
-        "hash": "11ca7ef68587f5f1bacbbcb24b85924089724bcf02610b512f899fadac186f34"
-      },
-      {
-        "path": "static/appIcon_2x.png",
-        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
-      }
-    ]
-  },
-  "products": [
-    {
-      "platform": "splunk",
-      "product": "enterprise",
-      "versions": [
-        "9.0",
-        "9.1",
-        "9.2",
-        "9.3"
-      ],
-      "architectures": [
-        "x86_64"
-      ],
-      "operatingSystems": [
-        "windows",
-        "linux",
-        "macos",
-        "freebsd",
-        "solaris",
-        "aix"
-      ]
-    },
-    {
-      "platform": "splunk",
-      "product": "cloud",
-      "versions": [
-        "9.0",
-        "9.1",
-        "9.2",
-        "9.3"
-      ],
-      "architectures": [
-        "x86_64"
-      ],
-      "operatingSystems": [
-        "windows",
-        "linux",
-        "macos",
-        "freebsd",
-        "solaris",
-        "aix"
-      ]
-    }
-  ]
-}
\ No newline at end of file
diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIcon.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIcon.png
deleted file mode 100644
index 88f67e7257157937dd747b21af2c7af4d3432386..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3348
zcma)<2{=@HAIGO|3uDQ?moauRW5!r!EEzL)(?znh&=`Y>S<H;>RYdl!8)Zv)O(+#g
zWeN4h;963WrLIC_DM?ACYw*rUx9(H#a-QdZ&j0++@B8^J|K)j3it}Du5ugGP004;C
z+hJXKPc?oM*v7k$1M>2Ck4+3$TPr}-eWjPY7eShx7XttglH|8dfPz9f0ANcT$<34L
ziE}~`sALG<kLpW=M38AbYXHD30>$f+iA+2wf*ed?pd!q{>lP?ppFa!*gVs%$LFQmj
zoHGbRr4vDh5ClXYYykv;KxTA5f0QfMW<$<<GY1DUnKTp>8Xg`F2{(XH=>bp}5{ZQB
z!=Z4v9?wFL5lLa<BlIW?)i02*94wJRpp$4!5|sktbMd~^P^LK;%y;zHwGk(ohQs~k
zio)2)i<coZ0#Ad&Ao@@;8TvCNgXv2A7UWNr47W%c5$Z~0P($eiBF|j)XCNlY|37f}
zU)DqTnT%KO{~q^WHQ}Xf#<RxZP*@_J6h`#3p;O80g`wf;3?e^BbMV(FzgO{v>uI7$
z6b2JdArS4c7CaJ!MDjx+;0A_<L<B+)hQQ<X5HL7W&&1cjM2~1fz!MGqktW6nLo?_P
z^1sc&2HlTJ2qhCK%niC9k8Xo8wt>Nn5&Fh(eIpYX3=K2FV6aGxwK38dV}n3^C4VRV
zMmB@~knZ{-`!e@mYw@E~0~0Hl3DO3Qurfr#VAh5va5&c5NZ$sIHa37EOnB*RaKA~v
zbNc0*{g0K}z#{(__B-hh*k9?S01^csjQ!@CKN0_5slG(^6U29J_-hTtGvQ4Gp1*M{
zU}n%C#=f)XF;N&g5znO3-Kf-H3pD>c067OznN&s~l?K9KKyZB+0;Gk*6G#;Pp!RzC
z{wCVsnL+ux^t)aA<w#f`<(&x@K%VmJ`C<VqA0g%d00O)1v1m6>LALwBV5I=*)v4>X
zwX+{a+pA^=!tAn#heIF~)nLr4j6lcD*ks4uodkOl8WbXKC$KeTyIOpNB~Zf7%x!X$
zbQdNvFy7%}mYl#<R@)KNOx&ws`@);Gw{LxdN97Amb88KDnTnR~*xOOG(pR{)-1m8^
z&|rG4teQJPx}68bJlb!U6~AMGuC%=@PO#bG<blq!_$x9h#$C>C@+H47Lp2)Du10fg
zde`di-%{fATaQ~kzNd3$oBaOJM#n%FJ88l1oKY|^UcuEea<dvRUH8qH;x%qGBy()p
zt2Q%SDurtxZaK*f$@$})UvX<=8>OkD<Td8_zpNwkdRaT(Z<U=N=HybsN*4+%#0Xn^
z+MBu$Pg!gwQlsC`;Ehh93ynJ(Kb+84DF|V4th*An$!-xLC-ubEymU`ax0B!VR&V5%
zz|%036(6G&VHc@nv5MdonRh}{j-CsZ<7j_n#Qe+Vkl7DP!W!(B`Dzt^xu$r%{z#)p
zPS7v9OO^nt$jL25?Vz@sV{8A=CJeptn5syh?L4ggnl?RU+oiGcP)bm@d+}gHd?qor
z>_gKDeF=ij>}J;ON~^pKfzzsO(Sp#_0@Jc1q!ErIK4{>gZodm;R6RbYq*FLt=_xz`
z?|-RNCH5vcdr;f?f|yc@yO3~{cy)WrFS*@kR`i3;aZNNFGxw#4g*t%QQTg^U99J=d
z(3WsjEJdhH80n_I{~>$U6Z=H#s<^gDfvfu9WRKc$y@Cq~rB12$u!;H7*26mwd1GT=
zAGlDO;*i*RRxR~OnwV^Od4%l90zzRCBXId~lduZ1r+SOL3fxDdMZyh?7LmCQ?h<3u
zMPJ^N!p}P2GRSnVv?bS%;;)|}L?29z7wm?(c(~)e)EBZX-N<n|FDG_S3urHAh85ic
zp0KhIF~|sr^0}K5OI69$I|4x_7SMM4&#&0il|-O>-b*qOOh;LNZ}z=cw*ymOw-05m
z$u+vA)s^>+akBTcPH(@Hi8<d<)^k9-uK$JWh>mY>y}EivH};A`<AJ2$5cyLBuhC7@
zk;CQj2QS%oPU>j29iH;d(w-mj%^EfWN6*M5?nobdalE4@FF($u$Je7(Fra2uD1v*9
za>H<rHZ?@S$8<B~X3TV$k53<H(qD2s28os^sKozjd+L3EK+CDB#MZsK192Vais^}{
zme`|LrOU3zKJUHbczOWV1kEh>RE*vewYA)9N`ZN1m36qHJ2B(NXVHn#ikdpsj=Ef#
z2Zx@=#W)?puCZ+2_NOS1-F>6!B6*p8^OMGdU32V9zsAU#n=XrsCcq40L|T_$*i}7i
z9WS28;Jh*16he(7JTa=snmZOE{4t}X_LAa|tVYQ7Pu(W<L1J@yJ10~lN*iR|(e2F>
zx?7VRYTV!#O=5TKxi0(o;nA*&gg*<mE!MGN^tbyauEs1+RiF08sZ@H5XDhGhy4PM_
zYCTvD_UUA491uF3c0@Z;HvjhBo2CRUDIvehGUVR5PQ^&4(Y&$Ff8L%0CH^@vd?y?r
zZl3z4%3EotNv5qL>Nle*S6qK?@%=kVRRyXu&qlT<q`Kuu&)|1rnu|*&_PdnRsyJEB
z()~d$e^yGJ>2_0WkOGejls&ctH)svUP&w9>tZFM(=V-k-?xR!>^#1s(9#erJyxijE
zzVpcRp;ayr-XMH`bxx$|Sh;L&fXzb*#qxy;1qb==nF}>9{kX5$#`+77j_2i{v)MPA
z^tLa><)1O{+QPLu;AM<mx$RJ2+aS%B#UAa{_*hOC+<VU_pmk$1HTqqW$sfk)cYGR7
zFkZx{ZQgd=OQzXV;Bvk+2PofD9^2Nn^U9U7wkHgG6fCRg{uO771-E4qCv@ht*3^8@
zc>khL$x}x=-N~6=${2TG)=tgU)3dPSDS_&{FeP1Bd`u)?T5^cGcf6Vq0L!h<Ok4Xb
z?LVF43>mIptQK18ZJ_>gE7K32k<!rZ=~=|i*xD$WJyTh!ktI5EC*|{`yqQdD?5t;+
z%f9GUTjkmz8KK_@>S{obhwh<(Yc$C>{vD?)EFO9r#Gkv&vUABWOo;vSEv10kese%;
zhLeI48K`Y^Q6#mxeta&6)2zv+nP*^18z5JTY(pb74e!h4FkS>^h*)ZFPM{~k4H8k!
z%8jmRXD1C2Z!U%is>=>KKa!LD-~t!=gWG9|y>QV9*OlFH@?cp0l-|(-@rQKeq=upC
zU{YX4<%2<VeHJNM&w3xLROQJ9A#Hq(c{eQOibHYBw(Mi?G>dW44{opu!lItZ&)jm7
zOw0~hM%}C_B@5(-gIl{6?&8k*FDdVRwop?Q7n2rNgfe2)L({HW>71cw*0tZbI8^_L
zGl-4-X!_1+l}$mf9C}TBwh5OfE)+js!r5*2mbj@z+2b0z_qI-7a%?pB_f+p5;1*U>
zbNWZovzv;nBs8}vD@rX{o3YTyWWlao{_o}5mf*{>#<t0$^_oTspYvWcd>B_tKL5lc
zIDw|woFCd$@y_OX@_dq3)FzeRRjj1Lj%kd)w^tvY-CgJ7n=5*r9kF;ySxMbO6gc;h
zF+7GA^IcP`4>&5Z<j80`6EdYdF<G9@&F*t>F+hUZ3iHu<@$u9!r}(@CpUFc<s#aC{
zRXn6cm4uCnYA|uMe~{I)>2B=Fg_FrqdA%=kBAy$Mgrzk)B^`T~cd-KKdJyu|Mjc69
zJ7iSpg*e@kExF_R!reX#xw;ZAD2JC!y<w5_rKesu=18=G#zDEpQ#VvEXiMp*zTGYk
jrax`GyestT{v~MTSw^BnV~!X9SH<3XFSg3+NZh{xjo5?@

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconAlt.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconAlt.png
deleted file mode 100644
index 88f67e7257157937dd747b21af2c7af4d3432386..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3348
zcma)<2{=@HAIGO|3uDQ?moauRW5!r!EEzL)(?znh&=`Y>S<H;>RYdl!8)Zv)O(+#g
zWeN4h;963WrLIC_DM?ACYw*rUx9(H#a-QdZ&j0++@B8^J|K)j3it}Du5ugGP004;C
z+hJXKPc?oM*v7k$1M>2Ck4+3$TPr}-eWjPY7eShx7XttglH|8dfPz9f0ANcT$<34L
ziE}~`sALG<kLpW=M38AbYXHD30>$f+iA+2wf*ed?pd!q{>lP?ppFa!*gVs%$LFQmj
zoHGbRr4vDh5ClXYYykv;KxTA5f0QfMW<$<<GY1DUnKTp>8Xg`F2{(XH=>bp}5{ZQB
z!=Z4v9?wFL5lLa<BlIW?)i02*94wJRpp$4!5|sktbMd~^P^LK;%y;zHwGk(ohQs~k
zio)2)i<coZ0#Ad&Ao@@;8TvCNgXv2A7UWNr47W%c5$Z~0P($eiBF|j)XCNlY|37f}
zU)DqTnT%KO{~q^WHQ}Xf#<RxZP*@_J6h`#3p;O80g`wf;3?e^BbMV(FzgO{v>uI7$
z6b2JdArS4c7CaJ!MDjx+;0A_<L<B+)hQQ<X5HL7W&&1cjM2~1fz!MGqktW6nLo?_P
z^1sc&2HlTJ2qhCK%niC9k8Xo8wt>Nn5&Fh(eIpYX3=K2FV6aGxwK38dV}n3^C4VRV
zMmB@~knZ{-`!e@mYw@E~0~0Hl3DO3Qurfr#VAh5va5&c5NZ$sIHa37EOnB*RaKA~v
zbNc0*{g0K}z#{(__B-hh*k9?S01^csjQ!@CKN0_5slG(^6U29J_-hTtGvQ4Gp1*M{
zU}n%C#=f)XF;N&g5znO3-Kf-H3pD>c067OznN&s~l?K9KKyZB+0;Gk*6G#;Pp!RzC
z{wCVsnL+ux^t)aA<w#f`<(&x@K%VmJ`C<VqA0g%d00O)1v1m6>LALwBV5I=*)v4>X
zwX+{a+pA^=!tAn#heIF~)nLr4j6lcD*ks4uodkOl8WbXKC$KeTyIOpNB~Zf7%x!X$
zbQdNvFy7%}mYl#<R@)KNOx&ws`@);Gw{LxdN97Amb88KDnTnR~*xOOG(pR{)-1m8^
z&|rG4teQJPx}68bJlb!U6~AMGuC%=@PO#bG<blq!_$x9h#$C>C@+H47Lp2)Du10fg
zde`di-%{fATaQ~kzNd3$oBaOJM#n%FJ88l1oKY|^UcuEea<dvRUH8qH;x%qGBy()p
zt2Q%SDurtxZaK*f$@$})UvX<=8>OkD<Td8_zpNwkdRaT(Z<U=N=HybsN*4+%#0Xn^
z+MBu$Pg!gwQlsC`;Ehh93ynJ(Kb+84DF|V4th*An$!-xLC-ubEymU`ax0B!VR&V5%
zz|%036(6G&VHc@nv5MdonRh}{j-CsZ<7j_n#Qe+Vkl7DP!W!(B`Dzt^xu$r%{z#)p
zPS7v9OO^nt$jL25?Vz@sV{8A=CJeptn5syh?L4ggnl?RU+oiGcP)bm@d+}gHd?qor
z>_gKDeF=ij>}J;ON~^pKfzzsO(Sp#_0@Jc1q!ErIK4{>gZodm;R6RbYq*FLt=_xz`
z?|-RNCH5vcdr;f?f|yc@yO3~{cy)WrFS*@kR`i3;aZNNFGxw#4g*t%QQTg^U99J=d
z(3WsjEJdhH80n_I{~>$U6Z=H#s<^gDfvfu9WRKc$y@Cq~rB12$u!;H7*26mwd1GT=
zAGlDO;*i*RRxR~OnwV^Od4%l90zzRCBXId~lduZ1r+SOL3fxDdMZyh?7LmCQ?h<3u
zMPJ^N!p}P2GRSnVv?bS%;;)|}L?29z7wm?(c(~)e)EBZX-N<n|FDG_S3urHAh85ic
zp0KhIF~|sr^0}K5OI69$I|4x_7SMM4&#&0il|-O>-b*qOOh;LNZ}z=cw*ymOw-05m
z$u+vA)s^>+akBTcPH(@Hi8<d<)^k9-uK$JWh>mY>y}EivH};A`<AJ2$5cyLBuhC7@
zk;CQj2QS%oPU>j29iH;d(w-mj%^EfWN6*M5?nobdalE4@FF($u$Je7(Fra2uD1v*9
za>H<rHZ?@S$8<B~X3TV$k53<H(qD2s28os^sKozjd+L3EK+CDB#MZsK192Vais^}{
zme`|LrOU3zKJUHbczOWV1kEh>RE*vewYA)9N`ZN1m36qHJ2B(NXVHn#ikdpsj=Ef#
z2Zx@=#W)?puCZ+2_NOS1-F>6!B6*p8^OMGdU32V9zsAU#n=XrsCcq40L|T_$*i}7i
z9WS28;Jh*16he(7JTa=snmZOE{4t}X_LAa|tVYQ7Pu(W<L1J@yJ10~lN*iR|(e2F>
zx?7VRYTV!#O=5TKxi0(o;nA*&gg*<mE!MGN^tbyauEs1+RiF08sZ@H5XDhGhy4PM_
zYCTvD_UUA491uF3c0@Z;HvjhBo2CRUDIvehGUVR5PQ^&4(Y&$Ff8L%0CH^@vd?y?r
zZl3z4%3EotNv5qL>Nle*S6qK?@%=kVRRyXu&qlT<q`Kuu&)|1rnu|*&_PdnRsyJEB
z()~d$e^yGJ>2_0WkOGejls&ctH)svUP&w9>tZFM(=V-k-?xR!>^#1s(9#erJyxijE
zzVpcRp;ayr-XMH`bxx$|Sh;L&fXzb*#qxy;1qb==nF}>9{kX5$#`+77j_2i{v)MPA
z^tLa><)1O{+QPLu;AM<mx$RJ2+aS%B#UAa{_*hOC+<VU_pmk$1HTqqW$sfk)cYGR7
zFkZx{ZQgd=OQzXV;Bvk+2PofD9^2Nn^U9U7wkHgG6fCRg{uO771-E4qCv@ht*3^8@
zc>khL$x}x=-N~6=${2TG)=tgU)3dPSDS_&{FeP1Bd`u)?T5^cGcf6Vq0L!h<Ok4Xb
z?LVF43>mIptQK18ZJ_>gE7K32k<!rZ=~=|i*xD$WJyTh!ktI5EC*|{`yqQdD?5t;+
z%f9GUTjkmz8KK_@>S{obhwh<(Yc$C>{vD?)EFO9r#Gkv&vUABWOo;vSEv10kese%;
zhLeI48K`Y^Q6#mxeta&6)2zv+nP*^18z5JTY(pb74e!h4FkS>^h*)ZFPM{~k4H8k!
z%8jmRXD1C2Z!U%is>=>KKa!LD-~t!=gWG9|y>QV9*OlFH@?cp0l-|(-@rQKeq=upC
zU{YX4<%2<VeHJNM&w3xLROQJ9A#Hq(c{eQOibHYBw(Mi?G>dW44{opu!lItZ&)jm7
zOw0~hM%}C_B@5(-gIl{6?&8k*FDdVRwop?Q7n2rNgfe2)L({HW>71cw*0tZbI8^_L
zGl-4-X!_1+l}$mf9C}TBwh5OfE)+js!r5*2mbj@z+2b0z_qI-7a%?pB_f+p5;1*U>
zbNWZovzv;nBs8}vD@rX{o3YTyWWlao{_o}5mf*{>#<t0$^_oTspYvWcd>B_tKL5lc
zIDw|woFCd$@y_OX@_dq3)FzeRRjj1Lj%kd)w^tvY-CgJ7n=5*r9kF;ySxMbO6gc;h
zF+7GA^IcP`4>&5Z<j80`6EdYdF<G9@&F*t>F+hUZ3iHu<@$u9!r}(@CpUFc<s#aC{
zRXn6cm4uCnYA|uMe~{I)>2B=Fg_FrqdA%=kBAy$Mgrzk)B^`T~cd-KKdJyu|Mjc69
zJ7iSpg*e@kExF_R!reX#xw;ZAD2JC!y<w5_rKesu=18=G#zDEpQ#VvEXiMp*zTGYk
jrax`GyestT{v~MTSw^BnV~!X9SH<3XFSg3+NZh{xjo5?@

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconAlt_2x.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconAlt_2x.png
deleted file mode 100644
index c638b3f159fc4047a35e86d577c49cb0234f6933..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6738
zcma)Bby!sC+a6LH1W6HwMrs(kTV&{^Lt=mdhMHj*O36V$1OaJ8LMf4uP6?$`9h8t1
z7(i5F5NY_(-Tm!;*X|eRx=y|4zVGLLo;Ut@Pn@ygO==1@3IG5=4bjmuxwz~6JjqBe
zuIAtBZeH97{7i0Y0IJ5=KVQ6%BXz9(002scpC<v}(PI_>fEWWevqD=L=qorQyv3j{
z2q&0WkT>!I4FD(wDO@~y!_ZJ*khhnQpF)r__b-IP#q-Z*5I67_1nsHJZDn8#)I^|Q
zKxr{4F>!7c3Lp@ugmQ6JFwxTfgMRU*%<YawBNafPz`#JUKuIwK$_)gTmzM{LOMoOK
zL@yAce!)IyXppFnAJ6Y1f9hz#{G3s6BpQzJ0shp5IwAbg%G}&P1O4at!>2dWz~Dcj
zeEj~%>mox?5EKali;080y+QxR^h2A#{xbQmOh2<=Bn)H%^F#QfoM9Jmo_`ZU!(IOe
zou6NRS@<{FMZN!b-~Xw}MaoJSXafTUEf@+O0CUksA-sPT1_?#^!G4-l=Kj;=-&sG2
zztU8I`}m=uKF%<Rmdb^a7#!}RASEFwEe(^B5(P^^p`ub?33*XDCrLR`n4B{dChaOO
zCo3hb1o{X4zxBZ%>MjUpe{Yx%`VV!N3w3QxS#2;_R!Uq}LR>};3|0rrXliQ7Yu=ER
zm(|pklKNBmZ`8k(l|cVU_tzl%z3>05#Xo~e%4vY*<h9kMG^FLh;2Y9%5)xWBWW=>4
z)MX{XQgRpR{Gt07^>0Cc{|5PIrT&nW|G#AaM*WAZ5en`G_knt8{T2FWNBsXv^}Dlw
zk@#DfpJPqo0&>v}(4P}W1*`=6N88`<7n%y1C>RutK$#&BUMlK8*8`xjI|7aHb4MV7
znwmffaj+Cn&;aTT_xag){a5+^8|e={CD6}V`nOs8`;zdh^<qs>p}1iFxxT1SluW}i
z002ffL`&T)hyZtsG9kCuUuC~#e{+03cK@^8i*I&6BEexqGQIvzRL>L0b#<|X8V?Gd
zLKqsJK7VTQ{0bku+@jcEyySY?-6C^$v)>A?lTd)cpi5VsoujD37Mt2VU+f15ZrwQ!
zbvrxU3g4Rd&oF;q-&S`L=sNaTUUDtRZ*1gb-)SMUvq|}CQgP23!_Hyoqe9-`xDSw6
z3A^d>$Xfovt?gES+9amwv6TS}6(hTu`=KL_G#@L~I`o7~;w8s;`Bk!eiSl%;buh$h
z@7qr46N&f8iBFek4++xJ?Y(0BlC&Lb%PL&3){wsOqk6k09ZV0G7E<>R0FGFuU5u1&
zfzvlG`b|vR2C!04WR!}79CJ(>PE6UVG_nlxxtD6IA9*Q!(IevBQKSKoVbJABUf`!^
zH9$fwVeUDD2|Jzb47(T%26ugga;n5k^gJ!5oX&N;^qyR+IqBj75r9m$){qLbQrt_7
zAt2$WlW4Iqrr|N{=0{9pDg1^_vzYOW6Qbc<ryhIL-v=`<k=Fxz7^!n3(SR(Mv`b>E
zn!QT(?4j$f_LM`+vI3qegm<-uYl7&mHUOEV1iPJBQb$rH^X21oB2C0OKIACAh`$tc
z1=vuIp-I?iHDG?b=JJ8XD9?k50nlSX%(q&wAs;dIHsU^dBvm3-h*;|ZhUM9kSs2z?
z-37Uik|+%A2x9fWA(5;Gclz`eW9UOh!NXQFet1$c{_>zcf{w~2nTVpUfG8(YpOp-f
z7}s!KDRuQlo<aWgBe||-t7qhqlxP7RMf=iqR%93}_}=bGGh8P0{(~oD%kLbPFS9TL
z;~zr_%~|8)vb&{jx;Z)S6g2i>)WDY?^Y*ug{idh+@SHY<P}Ajr^OY09pf8x7k&XJT
z%l3}0Qy|y};dfZ;p*~2q$>ss{0EwwlWWdFnYc#{Y*G1GOHI3Y^aS5i_b$V(42)B<7
zvk#UDEg6zh7&okF5HuRY%#tSDl);(h1@A!7CG(_+s4I2}YJx!GKGD|`t0ZDoDfV-I
zYEvv)FMdN->;d=tfR-cdqH@|!OG#1D%Nm<9h`Ax|GJ@M2)|dBW=Cwdi8(5s*mdD7v
zb`nV)9E9>T%#ESavZqp-nk47V+pN#ZB^af~N{kG(3~%-ln}e9VqDferhO#ruj%!&y
zQftZYp^9h4$J0e#jFv9feb2^QhppCqUjFui9#~`?-oUN1-^_B;`KvFW&g3gqvsq_F
zkNk+sNjCmB+86eM!fGMqI#g4u^<TtF+=H*K`@9@g)E{v3H7-&sUEuWz_)#!8h~uke
z)n@M~S*!CK{1SivS~vD0&bR0m+*(Om^c(R@KvD)b=5C;vhgbCjdF$sDm6%U!VglQ}
z@rZE1wYmenavkBWQ7-;PN<zg>7Xit|VLD->TE;}TNB11nh1N~qDtJpf<ZXBxBWoNj
z*9yp7Nd{N>PmJ%<f?_ad^wJ~&1NtSrsRng&-cRX2dzqxK9@}+d)EH_h#+{A(FYL*o
zLgtnz9YvIqb&bhw#OZtwsw<9e6D%vD4snd~s)iD)aD796j8B=DM!)RQxUmSSb|aB-
z7*Y0tG}$XI79NH*E_bTEg0yHR2&8&e(1<UWm91C*8BjEjBR$S6|1Ke;35O4$ciToK
zfX8upkO1OBS|s&e@ZF+DgKUFPf->7yrtiQ2p;kVK_n~8@+1)P$u4KEqW%`~*?Bf~N
za|Xvo-;V?l$H^$m`O?JacFk@;d$}$ZvC9!B3{qp$v>m++k+staRbF}@bR+1ayAl$5
zK$<(3LzY=cg|B4{Qaz8-?9;lf<72yHiyaSWzs0ec$+;D(q0K-<Pm`hHs!MoQ-2)iG
zxYvDc-XVZjd8Y3hT}x)B4Rg>X#IXp75-rCTOJK#?shjj*=qLKT&ZvNG%@(;vOD65x
zyzKV~o258BFqd{=<ht9YsbQwh!Z8@uWo?Qtwr2B@!NhzSENN)|xUdLjJ5f??7J!NV
z_7iF<0y$Q&aWo+ximUOajOgjhkRJ@RI<P}RlCPstZ7Vgo;Xum5Zwkg1g*Hr4(T^c+
zFkWB7Du)jHs!rG3gq|2&F_F<At|qA<gw>*)*uskB%X;el6pt2ouWMO(Ri=)d(3@}P
zG*62-CuBuz+d2eoEzTd+ON*wvL(J&Qif%QdE$kJyYnAplRk;fcb;;tHwlC2UYNR|(
zc`L+1#?y}>cxlF81-mV<=RBix^74IJ<8ahW2e&k(2ksK+r2S>^l0#ABcbmJ>zI}8!
zKGhnqnD#p@BfleezzEz*xAS{r<->`-fcmU@r)eSU`cg|$CxN0?bX?ImID$2u7q3@C
z%llA86dV$rqdQKbm13NbF_5J`%$nB>wB$D&iu=T4V%s>2(<?4>G(PIH&ph@yNt|uK
zaa@0p=45Zp%69EFq4^*-g9eVU7o!|1$F;ScSv?Pl=gZ)T@XzbQ>^Yi}4fQ^3pQ5iC
zzzld?2bGOm>C9y{`|?VHb8p%%o1|M4d|@}ryBz*mcm0ic*OYs;c<4ddl_)D2O3#Sn
zggy|&?lX05MR7bk>Szg)<)pje$yVIvdo3-5_H>(C<Rp+-H;IqHwOeL->I_yEC+5pI
z*<8?;$61hPcGeKzG%Q+~-)&ay$jY$ITJ(l$E8V}6cJP~QsP3y4sVRXZ)#E^XY|^|y
zlFI2MRuy@<W<a26zS_>m>pbCBVmoLLmy5Lv7g!;Mxi2-}n*0v8I^E(aF&}13=<h8#
z2CjI@uM2C^2pc&0b#d-dA9`{zJG9J<_Q=!zwsk8x#+J3ti5D87#9wY3ZfbKi0|<0o
zX<t4r<~4f?@R!=Ve-7+?Gd2)JSbi0r@@DR&t@gQRWm=}iK+D;}tBA2l?$&q`z?h2u
zi5|YpU|;uU4#BC{0z6K8NRHP0gd)M+bYCVbEEgMAyB2)-aSSy0e8c{*Fqc*j_L;Ed
zc;c9kFw=IS!8%X=fVyS3?-&MKW1BvI#nF7r$|CTErLu~`9sRu7!)NT9Gtp|d1WIq(
zlhSb=BBl7s;qSyLJQO5U1mEmAWO#qJtX}UnVctl)_x|~4L>xd~rT?)a^Bm>b<B<d%
z%iTQ_Hqq2qp9rQygG!|)>IK#Gaui*BaTasrwW*Mnz}-n)MuV+++0;Rn6v##d8c{~R
zIs}-xRb#z5^Mk~?vDtL6u;#M${Ot#Qbo9++-(Zx*WmPw3UO0~I8+G#7;iR!9{<*V+
z@(9j5=00t{v1XPZFo+tn7@=ZP+{SaZ>6e=p4Wu?OAYB?`ZaH1lX6C}3r5UV!Xs4IM
zZfH-fME1S@YQf?oWI>LlSE|6(+jK;FPud0|Y4-;_x0Hp?Dr)K<lf2tn+?vHZ?QoTm
z`4380PMX9Zi#uD7b5L{i#P(JYJ<S}nbVcgT`J<Q+-_h>s$9qG8D?NAcM(2B$wbk|7
z9L>AXGTUYyOUaC8?k4mC4pZm3rH7{loy2{$Ixd(!EDzL!$YHE9v}e~NJ=4o8f}Aw?
z>7A{ldS0)vjC=q&??55E3?Ik3>^SWCotF!3O83s!s!CTDZz2YjXE;*$Mu%M>;}Y<)
zX6r{x^+Tmi^My=>BY8<VmWZAA+vT;!*(YD#oM}AL6!yPl8Sy?(9MGhHw4rnI?7PfD
z<h3F@#Yv5K`6}O2q$XrM+n-jLwAxteE*L&+ypf9(E_}bK*|xHfq$GAZXi{Ku(>TKY
zNrJgI^>F>x+x3Ez{h2odv`OuelB3+y=u;+mmBYw~NIVZ<h<G1Z0lZhRnQ20P9PHSG
z$U-8iNHv56B3bCWeFiHZ!QEHxpX^qtW`-*^7|Gb*DJNXnKQ1nNu4(9?!heUR;|bFh
zBg3xNZfr}@&A@(IBaRHH7vU4fdjjF|0Y}yEyZA^l{Wsr^*-`Bl-cf%@Wr0$X=A9cY
zFP?}adEh_#x<4la)S;~)tj6_>ZbWO>`>xxkNhzf1?lBvdbzGzM^icu3UV<*@NJ3CT
zM}nl_VCPemgm?(#%LhsiKv-<Z)*Pi=9o6ur-Z4&iF8@PrELA8G^UAE1s>O7Vg1#mb
z)bhk-j$j0G!_mV!E@l{4nVK|Q#@S9JYdA1i!+^E*iwfDLG!j-bYR3~De%w?|7yXbs
z1yxPMtI>)Cm-Y0I8gzy1QAO5sv@+91D!r(e^?wdZ>ea?QI8{y8(+s7v68dr*k<$CX
z8*4nn+f@HG*);TKjWeILTGhrZ@J)wl(ziCtD8*6;p!wL2V`I|V(p)6%!Ccc2&vAb8
zrAHR<6GtM;JAnD!&38?()B6uvhioTi#RRy*Cu<PHF9PRd=f2Q1JI7Uh?cizi1;UV)
zHAk;}V;ETDY5Qb+(<v>iotWg}7*vdwNqZs600(Bq2&@qF6-4D*cjYT$UkZOGI--U+
z)l31JLHv<7_QQO6l>N&P`;N2s0WIQOs4HvF)>O{x343x~cN+o+ctA_Q;7tPS`HAaS
zEqqcC=AA+?WJ}CP?QcfWug{*59(rGG`XUxMQ*sTj-VY@{A;s}IlQF$FwH7|F*+RJV
z;y<8vABkdXiu5?n9=sS*&J45Nr~x)mj&A-q>abkt4eS&iz3d$PkyA{=MM7MMgCqNO
zfp00s<2GJEbX|BdiZ4*<ql}#lG2rvq%lzUU**Hyp(G<uxQ(-g+$lU*`JoL9rGjkE+
zm}R%bje>kDJnLb)M+EvPl=W_>WW!Q*FUiTL_@u#X%2IT>{lv#eZ#nKewBIH)xoHy^
zAF@sRpMZl`1yoJKLEU3h<T%zOnrqQ|Kt2=Sim&wgUM3vjXCPekWEj=Fy7IRl0TpJ*
z<{XvtjXM0gUw911J;Nu(NY4s3?12_ltYZ(A{=FRt++A<^@r`6`^HLG=9qw9UhD;)|
zOVdjteen~kcZ?ycJ`->uYT;vs^3IPNr_r7e;!L&hTTGMwdT*9KP)yZO#;&~YQor8a
z0L;4^tnFD;8eA#z>{<HRD?ilAiHf}9No|E!i=_o<rpT>0FtPLc+NGr7n8eE4j!MW4
ze|G-kPaT=CQ*7J!M480FPTv)h?VB}<KFRTxV*^hl5nbjyw{;90pG=6f=mo6`C0Pt1
zy^Is{RCy8kx9Kg@Wv*XZk2BM6eI%o!=iQc&NIQ6D`eNypj7YBBfSC6>p|{n%;x1EP
zN725T(AbxokY{EVjovBP6qJ0>h8qh0U8>@xS)j>TvS~P}QeH~2Cz}?5LI*QIz7s_q
z?fW8|J=L$~G);gSrrazkiseysHWO0h3ax2!VTo-$au?l{o)iC^{5|Pf$`h?ldk0}n
z^)jIrrofg{aodL__^aO)URyFUBhwwf7LZJ8e|*c4URT3o!dw<rAy&a|*f>>5|JgTT
zmtTY}LCUm9P^q*dq_DB{iJ(!ZCIcsAp@)@SPu#NJ*Yav&e(G+Gvq>bt#G!-Wl2)H+
z9lV-$m>HZTrz6VfIYPqPALqr^i8gTKjU?ya5wX>aI18}-F*Q$VLf;Ex03JdMUpX3E
zW=JmIxhB+?d#@?bp8Oy$MqT>B;^V%tu10aO#91ck3}{M-!RtZp*3Zvt9sqXf^(EIJ
zIg_M$edOYZ?avAF%hj~b8iHi@&19gwuU}}19UuDoGq+Nw#$AJ&E0krLCM<s+brLXu
z9d-<o3x15^Joqe$USv1PCU={kGT!DvopQ-{LG+7U4nJx$6oEMzpJI@RClbC{2(cad
ze)W)zwQR4d2MoC5^tksdj+hoT_?>t|d5SvD^O0eh2<l{T!4ICf;eIe=8J>q8D&o$D
z2ojPc@Q(HK;#c-%L-!bCYUNhfwsWZ5#H^k{N^)E8a4JT)G4p8B2paNcenq3M*h+M<
z7CWjw4+?WY*@$I~5@w|YQkjg%1xO8nC9drwS69;e>|0#!tO{C`WTrR-^q~o!QuMrj
zYZqZAt1Rn?C0j{7bBe;n=T*s!=Skw~mP2lZ%^<Yp{Z~mzsYVoX-T{(h)gIkQT8N)^
z(SI%SxXEjV(hr|JgU5Q6*apxzuR4t+OWT6dY%6^Fg(iN0-95mmsYj-F(&prw7b>t%
zb&4$#{hzq3CT`I}WEc^_t>nqE*ZURQhvqZb!!HlId>64v>`u%moNC#Sy8q)hd*O#I
z@AC6Ve1Tc59h;85T+g$gd~Ie{l;GO8iD>d-DGB>{-NxQFe<<6i=H$?<$<=LzUaqCA
zc6SOdl$TiIZc9x%fuS;95myaYe+5-bl=lG5n3Dtx&)3Qro-PJXxCoDwqE<~s!d3P*
z8m7Nz3%#ph>r!(bEL$grqYHG8SV$REZmG|k<1_3?nXb?muPa*U`UQFC_1hPjJO&9g
z=`aUUZ5{L;P*rA$V6S9V)BpvY#5JNQlZ)SCu2h_W1%GX*%+A8=m7-gQWer~8jo^8W
zuNIf^4$)g1O6%_Drq%4~6v^OgPsvzU@L5^H{)x<HZhelIh)j{912xy{g`9o$@@MF*
zyOHA6+Dlf+>WS;0ySuSU$DA7@Z^BS=Z&R}#v$!OKCp3jM;=2oO?Jn|^wq1&6S0k0b
z8tzq)cd5Bq$Yu-7A{S&8@!qEEQy(WT;CL(v6P4V+`$fGaiW@3EA#G$gvV3ELHzL-L
zS<<&(TGA<6I}iVOMVbBfaAUi8lTvgrmjiST&y0Oxk#CT%6m0x~_m=H5St=6NbFbtH
z*YTx#e0!!uR^Ggm{WLr;Wg1Mmdp&`Kc-TR$!^8h#$AhfM^SamxTGvIWW7Kcp1lnG{
zB5K4sz-5*9Iz%B%uj!;wB{k#%H&BdQ^tBHZ)E-I=OtI)RF|5ZCtyBgNo06i)F1En(
z6Bn?eot1BRFHDr7s5K_;T@jTa0LGG%b}!eTI>qEFJUlPF@?vwtC-JNgBMyfxu1q^}
zPORyn&=U!qh9(i{Edil=?o-Y3*g=UmxY-YnGnSq%h8C{Btna&ec{e8d34(*qU-%SD
zxGjgUDC^+3Qg?t-h)0|ru21d}UsekamsekHdBk4$&LPT*{T_MyKr>6SB=FU3zyfa=
z$OMoWD7=?Z+C755vO2zF+lp)2%U-GbEO|prosje(T>1)Smzpqvn%Cm~+xskJCxKBV
zr~UKw!?#Wfpl=%hG<jFHb&9tYdETOPj0#`7M1E2gFJh*4<!6=4#ZzUB;F(t~=Fu&<
z{Hk`AP?=CX?iq1E%Gi)k(n(xBS<II1p+R6^4$ZbOGebN^4?sy0{N*bQuAuWU06*mt
z>>b)VE9}{df;xa4pgEOyf~^``ty;U?0{kyK?W(do%u(WAnEmkcM-SwNp;ncKBj&#V
DQ5yUX

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconLg.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconLg.png
deleted file mode 100644
index c638b3f159fc4047a35e86d577c49cb0234f6933..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6738
zcma)Bby!sC+a6LH1W6HwMrs(kTV&{^Lt=mdhMHj*O36V$1OaJ8LMf4uP6?$`9h8t1
z7(i5F5NY_(-Tm!;*X|eRx=y|4zVGLLo;Ut@Pn@ygO==1@3IG5=4bjmuxwz~6JjqBe
zuIAtBZeH97{7i0Y0IJ5=KVQ6%BXz9(002scpC<v}(PI_>fEWWevqD=L=qorQyv3j{
z2q&0WkT>!I4FD(wDO@~y!_ZJ*khhnQpF)r__b-IP#q-Z*5I67_1nsHJZDn8#)I^|Q
zKxr{4F>!7c3Lp@ugmQ6JFwxTfgMRU*%<YawBNafPz`#JUKuIwK$_)gTmzM{LOMoOK
zL@yAce!)IyXppFnAJ6Y1f9hz#{G3s6BpQzJ0shp5IwAbg%G}&P1O4at!>2dWz~Dcj
zeEj~%>mox?5EKali;080y+QxR^h2A#{xbQmOh2<=Bn)H%^F#QfoM9Jmo_`ZU!(IOe
zou6NRS@<{FMZN!b-~Xw}MaoJSXafTUEf@+O0CUksA-sPT1_?#^!G4-l=Kj;=-&sG2
zztU8I`}m=uKF%<Rmdb^a7#!}RASEFwEe(^B5(P^^p`ub?33*XDCrLR`n4B{dChaOO
zCo3hb1o{X4zxBZ%>MjUpe{Yx%`VV!N3w3QxS#2;_R!Uq}LR>};3|0rrXliQ7Yu=ER
zm(|pklKNBmZ`8k(l|cVU_tzl%z3>05#Xo~e%4vY*<h9kMG^FLh;2Y9%5)xWBWW=>4
z)MX{XQgRpR{Gt07^>0Cc{|5PIrT&nW|G#AaM*WAZ5en`G_knt8{T2FWNBsXv^}Dlw
zk@#DfpJPqo0&>v}(4P}W1*`=6N88`<7n%y1C>RutK$#&BUMlK8*8`xjI|7aHb4MV7
znwmffaj+Cn&;aTT_xag){a5+^8|e={CD6}V`nOs8`;zdh^<qs>p}1iFxxT1SluW}i
z002ffL`&T)hyZtsG9kCuUuC~#e{+03cK@^8i*I&6BEexqGQIvzRL>L0b#<|X8V?Gd
zLKqsJK7VTQ{0bku+@jcEyySY?-6C^$v)>A?lTd)cpi5VsoujD37Mt2VU+f15ZrwQ!
zbvrxU3g4Rd&oF;q-&S`L=sNaTUUDtRZ*1gb-)SMUvq|}CQgP23!_Hyoqe9-`xDSw6
z3A^d>$Xfovt?gES+9amwv6TS}6(hTu`=KL_G#@L~I`o7~;w8s;`Bk!eiSl%;buh$h
z@7qr46N&f8iBFek4++xJ?Y(0BlC&Lb%PL&3){wsOqk6k09ZV0G7E<>R0FGFuU5u1&
zfzvlG`b|vR2C!04WR!}79CJ(>PE6UVG_nlxxtD6IA9*Q!(IevBQKSKoVbJABUf`!^
zH9$fwVeUDD2|Jzb47(T%26ugga;n5k^gJ!5oX&N;^qyR+IqBj75r9m$){qLbQrt_7
zAt2$WlW4Iqrr|N{=0{9pDg1^_vzYOW6Qbc<ryhIL-v=`<k=Fxz7^!n3(SR(Mv`b>E
zn!QT(?4j$f_LM`+vI3qegm<-uYl7&mHUOEV1iPJBQb$rH^X21oB2C0OKIACAh`$tc
z1=vuIp-I?iHDG?b=JJ8XD9?k50nlSX%(q&wAs;dIHsU^dBvm3-h*;|ZhUM9kSs2z?
z-37Uik|+%A2x9fWA(5;Gclz`eW9UOh!NXQFet1$c{_>zcf{w~2nTVpUfG8(YpOp-f
z7}s!KDRuQlo<aWgBe||-t7qhqlxP7RMf=iqR%93}_}=bGGh8P0{(~oD%kLbPFS9TL
z;~zr_%~|8)vb&{jx;Z)S6g2i>)WDY?^Y*ug{idh+@SHY<P}Ajr^OY09pf8x7k&XJT
z%l3}0Qy|y};dfZ;p*~2q$>ss{0EwwlWWdFnYc#{Y*G1GOHI3Y^aS5i_b$V(42)B<7
zvk#UDEg6zh7&okF5HuRY%#tSDl);(h1@A!7CG(_+s4I2}YJx!GKGD|`t0ZDoDfV-I
zYEvv)FMdN->;d=tfR-cdqH@|!OG#1D%Nm<9h`Ax|GJ@M2)|dBW=Cwdi8(5s*mdD7v
zb`nV)9E9>T%#ESavZqp-nk47V+pN#ZB^af~N{kG(3~%-ln}e9VqDferhO#ruj%!&y
zQftZYp^9h4$J0e#jFv9feb2^QhppCqUjFui9#~`?-oUN1-^_B;`KvFW&g3gqvsq_F
zkNk+sNjCmB+86eM!fGMqI#g4u^<TtF+=H*K`@9@g)E{v3H7-&sUEuWz_)#!8h~uke
z)n@M~S*!CK{1SivS~vD0&bR0m+*(Om^c(R@KvD)b=5C;vhgbCjdF$sDm6%U!VglQ}
z@rZE1wYmenavkBWQ7-;PN<zg>7Xit|VLD->TE;}TNB11nh1N~qDtJpf<ZXBxBWoNj
z*9yp7Nd{N>PmJ%<f?_ad^wJ~&1NtSrsRng&-cRX2dzqxK9@}+d)EH_h#+{A(FYL*o
zLgtnz9YvIqb&bhw#OZtwsw<9e6D%vD4snd~s)iD)aD796j8B=DM!)RQxUmSSb|aB-
z7*Y0tG}$XI79NH*E_bTEg0yHR2&8&e(1<UWm91C*8BjEjBR$S6|1Ke;35O4$ciToK
zfX8upkO1OBS|s&e@ZF+DgKUFPf->7yrtiQ2p;kVK_n~8@+1)P$u4KEqW%`~*?Bf~N
za|Xvo-;V?l$H^$m`O?JacFk@;d$}$ZvC9!B3{qp$v>m++k+staRbF}@bR+1ayAl$5
zK$<(3LzY=cg|B4{Qaz8-?9;lf<72yHiyaSWzs0ec$+;D(q0K-<Pm`hHs!MoQ-2)iG
zxYvDc-XVZjd8Y3hT}x)B4Rg>X#IXp75-rCTOJK#?shjj*=qLKT&ZvNG%@(;vOD65x
zyzKV~o258BFqd{=<ht9YsbQwh!Z8@uWo?Qtwr2B@!NhzSENN)|xUdLjJ5f??7J!NV
z_7iF<0y$Q&aWo+ximUOajOgjhkRJ@RI<P}RlCPstZ7Vgo;Xum5Zwkg1g*Hr4(T^c+
zFkWB7Du)jHs!rG3gq|2&F_F<At|qA<gw>*)*uskB%X;el6pt2ouWMO(Ri=)d(3@}P
zG*62-CuBuz+d2eoEzTd+ON*wvL(J&Qif%QdE$kJyYnAplRk;fcb;;tHwlC2UYNR|(
zc`L+1#?y}>cxlF81-mV<=RBix^74IJ<8ahW2e&k(2ksK+r2S>^l0#ABcbmJ>zI}8!
zKGhnqnD#p@BfleezzEz*xAS{r<->`-fcmU@r)eSU`cg|$CxN0?bX?ImID$2u7q3@C
z%llA86dV$rqdQKbm13NbF_5J`%$nB>wB$D&iu=T4V%s>2(<?4>G(PIH&ph@yNt|uK
zaa@0p=45Zp%69EFq4^*-g9eVU7o!|1$F;ScSv?Pl=gZ)T@XzbQ>^Yi}4fQ^3pQ5iC
zzzld?2bGOm>C9y{`|?VHb8p%%o1|M4d|@}ryBz*mcm0ic*OYs;c<4ddl_)D2O3#Sn
zggy|&?lX05MR7bk>Szg)<)pje$yVIvdo3-5_H>(C<Rp+-H;IqHwOeL->I_yEC+5pI
z*<8?;$61hPcGeKzG%Q+~-)&ay$jY$ITJ(l$E8V}6cJP~QsP3y4sVRXZ)#E^XY|^|y
zlFI2MRuy@<W<a26zS_>m>pbCBVmoLLmy5Lv7g!;Mxi2-}n*0v8I^E(aF&}13=<h8#
z2CjI@uM2C^2pc&0b#d-dA9`{zJG9J<_Q=!zwsk8x#+J3ti5D87#9wY3ZfbKi0|<0o
zX<t4r<~4f?@R!=Ve-7+?Gd2)JSbi0r@@DR&t@gQRWm=}iK+D;}tBA2l?$&q`z?h2u
zi5|YpU|;uU4#BC{0z6K8NRHP0gd)M+bYCVbEEgMAyB2)-aSSy0e8c{*Fqc*j_L;Ed
zc;c9kFw=IS!8%X=fVyS3?-&MKW1BvI#nF7r$|CTErLu~`9sRu7!)NT9Gtp|d1WIq(
zlhSb=BBl7s;qSyLJQO5U1mEmAWO#qJtX}UnVctl)_x|~4L>xd~rT?)a^Bm>b<B<d%
z%iTQ_Hqq2qp9rQygG!|)>IK#Gaui*BaTasrwW*Mnz}-n)MuV+++0;Rn6v##d8c{~R
zIs}-xRb#z5^Mk~?vDtL6u;#M${Ot#Qbo9++-(Zx*WmPw3UO0~I8+G#7;iR!9{<*V+
z@(9j5=00t{v1XPZFo+tn7@=ZP+{SaZ>6e=p4Wu?OAYB?`ZaH1lX6C}3r5UV!Xs4IM
zZfH-fME1S@YQf?oWI>LlSE|6(+jK;FPud0|Y4-;_x0Hp?Dr)K<lf2tn+?vHZ?QoTm
z`4380PMX9Zi#uD7b5L{i#P(JYJ<S}nbVcgT`J<Q+-_h>s$9qG8D?NAcM(2B$wbk|7
z9L>AXGTUYyOUaC8?k4mC4pZm3rH7{loy2{$Ixd(!EDzL!$YHE9v}e~NJ=4o8f}Aw?
z>7A{ldS0)vjC=q&??55E3?Ik3>^SWCotF!3O83s!s!CTDZz2YjXE;*$Mu%M>;}Y<)
zX6r{x^+Tmi^My=>BY8<VmWZAA+vT;!*(YD#oM}AL6!yPl8Sy?(9MGhHw4rnI?7PfD
z<h3F@#Yv5K`6}O2q$XrM+n-jLwAxteE*L&+ypf9(E_}bK*|xHfq$GAZXi{Ku(>TKY
zNrJgI^>F>x+x3Ez{h2odv`OuelB3+y=u;+mmBYw~NIVZ<h<G1Z0lZhRnQ20P9PHSG
z$U-8iNHv56B3bCWeFiHZ!QEHxpX^qtW`-*^7|Gb*DJNXnKQ1nNu4(9?!heUR;|bFh
zBg3xNZfr}@&A@(IBaRHH7vU4fdjjF|0Y}yEyZA^l{Wsr^*-`Bl-cf%@Wr0$X=A9cY
zFP?}adEh_#x<4la)S;~)tj6_>ZbWO>`>xxkNhzf1?lBvdbzGzM^icu3UV<*@NJ3CT
zM}nl_VCPemgm?(#%LhsiKv-<Z)*Pi=9o6ur-Z4&iF8@PrELA8G^UAE1s>O7Vg1#mb
z)bhk-j$j0G!_mV!E@l{4nVK|Q#@S9JYdA1i!+^E*iwfDLG!j-bYR3~De%w?|7yXbs
z1yxPMtI>)Cm-Y0I8gzy1QAO5sv@+91D!r(e^?wdZ>ea?QI8{y8(+s7v68dr*k<$CX
z8*4nn+f@HG*);TKjWeILTGhrZ@J)wl(ziCtD8*6;p!wL2V`I|V(p)6%!Ccc2&vAb8
zrAHR<6GtM;JAnD!&38?()B6uvhioTi#RRy*Cu<PHF9PRd=f2Q1JI7Uh?cizi1;UV)
zHAk;}V;ETDY5Qb+(<v>iotWg}7*vdwNqZs600(Bq2&@qF6-4D*cjYT$UkZOGI--U+
z)l31JLHv<7_QQO6l>N&P`;N2s0WIQOs4HvF)>O{x343x~cN+o+ctA_Q;7tPS`HAaS
zEqqcC=AA+?WJ}CP?QcfWug{*59(rGG`XUxMQ*sTj-VY@{A;s}IlQF$FwH7|F*+RJV
z;y<8vABkdXiu5?n9=sS*&J45Nr~x)mj&A-q>abkt4eS&iz3d$PkyA{=MM7MMgCqNO
zfp00s<2GJEbX|BdiZ4*<ql}#lG2rvq%lzUU**Hyp(G<uxQ(-g+$lU*`JoL9rGjkE+
zm}R%bje>kDJnLb)M+EvPl=W_>WW!Q*FUiTL_@u#X%2IT>{lv#eZ#nKewBIH)xoHy^
zAF@sRpMZl`1yoJKLEU3h<T%zOnrqQ|Kt2=Sim&wgUM3vjXCPekWEj=Fy7IRl0TpJ*
z<{XvtjXM0gUw911J;Nu(NY4s3?12_ltYZ(A{=FRt++A<^@r`6`^HLG=9qw9UhD;)|
zOVdjteen~kcZ?ycJ`->uYT;vs^3IPNr_r7e;!L&hTTGMwdT*9KP)yZO#;&~YQor8a
z0L;4^tnFD;8eA#z>{<HRD?ilAiHf}9No|E!i=_o<rpT>0FtPLc+NGr7n8eE4j!MW4
ze|G-kPaT=CQ*7J!M480FPTv)h?VB}<KFRTxV*^hl5nbjyw{;90pG=6f=mo6`C0Pt1
zy^Is{RCy8kx9Kg@Wv*XZk2BM6eI%o!=iQc&NIQ6D`eNypj7YBBfSC6>p|{n%;x1EP
zN725T(AbxokY{EVjovBP6qJ0>h8qh0U8>@xS)j>TvS~P}QeH~2Cz}?5LI*QIz7s_q
z?fW8|J=L$~G);gSrrazkiseysHWO0h3ax2!VTo-$au?l{o)iC^{5|Pf$`h?ldk0}n
z^)jIrrofg{aodL__^aO)URyFUBhwwf7LZJ8e|*c4URT3o!dw<rAy&a|*f>>5|JgTT
zmtTY}LCUm9P^q*dq_DB{iJ(!ZCIcsAp@)@SPu#NJ*Yav&e(G+Gvq>bt#G!-Wl2)H+
z9lV-$m>HZTrz6VfIYPqPALqr^i8gTKjU?ya5wX>aI18}-F*Q$VLf;Ex03JdMUpX3E
zW=JmIxhB+?d#@?bp8Oy$MqT>B;^V%tu10aO#91ck3}{M-!RtZp*3Zvt9sqXf^(EIJ
zIg_M$edOYZ?avAF%hj~b8iHi@&19gwuU}}19UuDoGq+Nw#$AJ&E0krLCM<s+brLXu
z9d-<o3x15^Joqe$USv1PCU={kGT!DvopQ-{LG+7U4nJx$6oEMzpJI@RClbC{2(cad
ze)W)zwQR4d2MoC5^tksdj+hoT_?>t|d5SvD^O0eh2<l{T!4ICf;eIe=8J>q8D&o$D
z2ojPc@Q(HK;#c-%L-!bCYUNhfwsWZ5#H^k{N^)E8a4JT)G4p8B2paNcenq3M*h+M<
z7CWjw4+?WY*@$I~5@w|YQkjg%1xO8nC9drwS69;e>|0#!tO{C`WTrR-^q~o!QuMrj
zYZqZAt1Rn?C0j{7bBe;n=T*s!=Skw~mP2lZ%^<Yp{Z~mzsYVoX-T{(h)gIkQT8N)^
z(SI%SxXEjV(hr|JgU5Q6*apxzuR4t+OWT6dY%6^Fg(iN0-95mmsYj-F(&prw7b>t%
zb&4$#{hzq3CT`I}WEc^_t>nqE*ZURQhvqZb!!HlId>64v>`u%moNC#Sy8q)hd*O#I
z@AC6Ve1Tc59h;85T+g$gd~Ie{l;GO8iD>d-DGB>{-NxQFe<<6i=H$?<$<=LzUaqCA
zc6SOdl$TiIZc9x%fuS;95myaYe+5-bl=lG5n3Dtx&)3Qro-PJXxCoDwqE<~s!d3P*
z8m7Nz3%#ph>r!(bEL$grqYHG8SV$REZmG|k<1_3?nXb?muPa*U`UQFC_1hPjJO&9g
z=`aUUZ5{L;P*rA$V6S9V)BpvY#5JNQlZ)SCu2h_W1%GX*%+A8=m7-gQWer~8jo^8W
zuNIf^4$)g1O6%_Drq%4~6v^OgPsvzU@L5^H{)x<HZhelIh)j{912xy{g`9o$@@MF*
zyOHA6+Dlf+>WS;0ySuSU$DA7@Z^BS=Z&R}#v$!OKCp3jM;=2oO?Jn|^wq1&6S0k0b
z8tzq)cd5Bq$Yu-7A{S&8@!qEEQy(WT;CL(v6P4V+`$fGaiW@3EA#G$gvV3ELHzL-L
zS<<&(TGA<6I}iVOMVbBfaAUi8lTvgrmjiST&y0Oxk#CT%6m0x~_m=H5St=6NbFbtH
z*YTx#e0!!uR^Ggm{WLr;Wg1Mmdp&`Kc-TR$!^8h#$AhfM^SamxTGvIWW7Kcp1lnG{
zB5K4sz-5*9Iz%B%uj!;wB{k#%H&BdQ^tBHZ)E-I=OtI)RF|5ZCtyBgNo06i)F1En(
z6Bn?eot1BRFHDr7s5K_;T@jTa0LGG%b}!eTI>qEFJUlPF@?vwtC-JNgBMyfxu1q^}
zPORyn&=U!qh9(i{Edil=?o-Y3*g=UmxY-YnGnSq%h8C{Btna&ec{e8d34(*qU-%SD
zxGjgUDC^+3Qg?t-h)0|ru21d}UsekamsekHdBk4$&LPT*{T_MyKr>6SB=FU3zyfa=
z$OMoWD7=?Z+C755vO2zF+lp)2%U-GbEO|prosje(T>1)Smzpqvn%Cm~+xskJCxKBV
zr~UKw!?#Wfpl=%hG<jFHb&9tYdETOPj0#`7M1E2gFJh*4<!6=4#ZzUB;F(t~=Fu&<
z{Hk`AP?=CX?iq1E%Gi)k(n(xBS<II1p+R6^4$ZbOGebN^4?sy0{N*bQuAuWU06*mt
z>>b)VE9}{df;xa4pgEOyf~^``ty;U?0{kyK?W(do%u(WAnEmkcM-SwNp;ncKBj&#V
DQ5yUX

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconLg_2x.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIconLg_2x.png
deleted file mode 100644
index b67ed66dba9c459cdeb380f469b39378789f8f19..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 15057
zcmajG18}8J5HA{MW82=?=Ek<o6Wg|J+qUhEwXrtI#<r7p{&jENci+49>eZ?5Ox1kV
z-7`J?b^oTPCsI*f0s$5m76b$YK}u3o8Q3QL_xykY{vV6)cK{n=6G>$`5D+g)5RiZn
z5Rf-uSHKAfh$|Ba$eAGs2u}tG2$n-mml7ZF1(dOjgeb`Of4_p>@?>BSjDw_>GYCjW
z%zqE)^iww@uoK!vN=^*=7y=p^ms_mVyA=cktjbGO(?!|Ho!G(29$;x>M(pD0U`Fg=
z>i_~G8JVj7t1X)ee(M~aKPb_3T>x>k;oMvA>4g9X6^;0Vya#zajjgybq|o30Ymw0>
z>{o`VwANTkZJFV+u`(Xli+{F_{JynvrY%$J=vq<C`Nxu%(UA~8Jf(lP%(S-2-vVQq
zATsDkzUY0t3^PPB=zgI<lr7Vk8fh!&57!0me<dA3F$22F?>9MyBhJB+J->-Z8TBQD
zm?*KIyPyW^OM)5-a#=K>Zw_Y<e@iZtQZNsST2^9IFa_@cK=iQJ6o+txBhrQ5Y0WmG
z&!jDvz2s{ev%3Fci~OpV<PLVf`4dJ-O6mJX=n73EMF!@^ev0=8+9Ig}#&`g5>yThh
z@^io;!rBMxQAED3!gtET`7CGF;Q^{1<~#PpW%^r}ajxpLdxNGNBlZ{ahm<V+PO}s7
z-vq8sKz2^8CC4u!Fa5v;IKb|og`T$2>dhR#KSeb6ldv!tx-`W<qx8w8$qi|6n~JQr
zEC(c+0S^kPHg-q0sLYr(!;nm3P2_80nLXI}c~>{PSVMvQB~&ij4^+{dr-6NS4;Y-|
zAajMcKlb(T=S$X){~X8uVO62-kibUoAeP9#XyLuWc^b^phiP}~SU250I8QlMCBmv0
zH}wTiNmLZ44Ev*cI~^xE&N}L62s%?1)hHztR8trA5@$@W&*V3>$i12E)mKTsfw2l_
zbOW(B_qqtV7jJDfm;U#JO1SZ#7|ii0>tOt{*y`b<i0kF6J=;m%cy<V(!ng#shazup
zTd*XcA@dE*(f-BC9jbr<XX_&*dIl7<$XVAWN$VYrdBku%4M1Z12hkk^=^v~S912#s
zz#_WN+&W;gwEB*aCgxawlVJE*#p4@x!L~j9hk>qAd_5<^sh}J#!YBOWP&3ewLG7L7
zRYB*9+_OMH*nOo$f2n$GT=r_D<4dI-KeO)9xRgM!ph2db)LosO3h>L!?)gFVB^=+V
z+$8RXU4Njyk4emC>RmYj%3Y}os)&`%O-~%$Sr3Av9pWQoLDYVx=C;$I>=9l8jsUCI
zp9V&N{qL9lFRb$zGC8^xE@VU!2-EN5{2&@`j)acA@pgWHm4(#v?aAA*-Q9}$86*mI
zKX?1JS<b3!-iP7rw(rfA?nX&yhHKShe6B!MuuG{B)RQ1j%q56q%@7C@Na2VJG~`3U
z>xST+rh}-n+)bbFjq6=UkjXo{m(SW$^8umiL+)dTfM$kwJA&DuJ90KYHdH;Pxf5e?
zJ{cwHf)-J$$QqWUX)m>&xWubdbGgivO4is`#B6O@E9S9137+nby~0|@j1km1WuVYn
zib;*12Z}T%gqi+;s>{5<E4I!YN7*s1S)Le2ocob5wpNe~{5y*f5y^zke@cC#-l&Ia
zB?-DLien<QvMG^+rHbhF+}|rmt;&e?++THkUv(RwDwW4_*$4P_ih3(BnXHLSm?Y9{
zDRAgQTrP!0DQOl4MSP(&0;||RP4c{PTsS9`m=x-UQigHE6EnrsdMc%-lnX4J$`Z5-
zWGOvU^uI9R$(^A{(}nS@!?OpsyAxsU8NzqO?E9wf{4Tt9N~m$5_wY57D;Y^(Syxm0
zW$2}4^su1PrW@mw!79m>&BmJy^P+Hdy#Kbh_Vn3O^;7rK0(><NKi3|6#B^Z)(m`m7
zFnB`DN~O4RwW3pk{r=nX^CnhQGLuz~q0AI;Jp~IzL)0=WYInJ1d%XJvs(~_mIlkK~
zvTN%p=*HjPUijf6|2Je9_80;&P>d#1%S4$}TF_|4P_Iqbbil&0En1nzcIel$%X0<O
zUL)~TGuUxe-!GapkH|nxuzy>LKjFfQYBKJGdoopS^Ze4tb;E*lKx8PjL(n8o8=6QB
zVL??5i7T>CLL+GA)H<&9-?ofUNe_s#<6E6+dlZ+2j3Wa@TLbp351n!FCf6_XBCp7~
zkADZ{$7L7T4U&y=cWVD;c~X0&z5c8NE%bh?RI!br<x|wut1j7_sWm-@r9Sr4t=`Mq
z;ZFs8=;-y4209_@moe55Y%T3VA0Aw;^w%{7*6sYIu{oJ^29pSzw|6DnS=uh78AkWn
zOOseOIJ|3`+{TlpweL31;gzwITeSHLdDc^;;aANRQE{7P_&QoEUF`k#nq2L_awyBO
zW_O4Sa>{|ezoiXxo)6SYWmF(XOn-0`MAdiNd6${~F)m`4c}cefr>5~0W<ayuST}<I
z>#O$BU@vU9&OddgD_iY~J2m^B8}-}$of*2&e6CN$peHJ_`E7*VDQDWP<nM`P@0`tm
zqAl3)&l3f2g<ZT(*b^<s@6;u4n)KD$hM^Vr(L?`!zXGDOTfd}j&3lrrEk;eYw%K1z
zUaMK?v>8=JMAx4}?&-Q>H#Kp-1cr>6LiOoQA2qLmG_wWXlwAicEKlv74i95^t3HBi
z7i3rT4c*deJvw;z7!#_6ESPOB${LQyu2*Q;aGmA6;??@6S+4qrsbJu0WOaDCptNIa
z{M&NcqeARb|I}}k+`QyM=>>Ju3iH#Ij0>_s=ezX<{<<FaU%hlM?&i`~2=IdM*$gs;
zg7)uBW)W3P>ahz@moCxEi$13v_s<M>wsZNdKKdFws3e{(Gw(1xS$qECu6+rtg67mR
z;@mHY#rK+ewZDyMb<%hLs5^h}I|;8kw#7>&!BpZ_@v(UVKkU~iozBvHJLNy&?-kJ|
zxSm`U=BZr-!2E-)(PQqNtiJ-96i=;1@kWMyk`U)xWYr#m=B#c{dAC$uQDA{_(lSG(
z?^)Jb)rO^-eM$Em<Xd;qvZfU~)X|xPczqcy56AjDBm)g4=GU5nhr%v2y@`=4rB>Le
zdd_r26_JHlXQwoq-zbs`W5CtV<xinj3!l%T!$#fSeoV)D&r&0H0Vf6b2=#-!(Pt|<
z8*qr7lgK*pt!h~c(aR+7uIiS$m^3PN{sn7zC9`HZ$Zgiy?NT-B=KT$==y?_L<$90{
z8V}UvAS=HDPMw^acb2UyaHHK+yVFiN^$Z>Ed;<mzG1<y<b-smAS2xDME2eGJ&}EMz
z#ESG+A?uZ8O4@0)ATqn&ry1L~zPv~8+T(C91;3Byg<2oibM-apfdw`4iMKQSSLs7`
zMq@FsZDh&b@_aPgMRMz}ye`7(Td~lG8P|U?2OKYfBhuh@;lG|ARLGvQ?$uJo%$Cy-
zS_Ep%AtlXABTK)~f@0xP)#g6&S0eSJZ#zEJZ=Vi*H;;Qx``nl9>#OZWa;m4HyCR9y
zOA_j$SlgAIK)ui4T@O5>@K{_{x)0@Wj1Thg>NjsrZO<#iq0`%aHt%-+c4a@IcAkC_
zp|a48Yp2Mc$R_+*m}0?9Bf@eHu)^=SgMbX!=~x~NE3X-m)l~Dge`BiN)xh+m^RH@J
z)>&?Lq@LjXdF^)F*rT`QciwLI++M1)p|Qk6D?p@ioEY?QxlA`j!!%F-DumJhOi%xX
zsE}vxukn#yJ01^i19Q6z80J=@v)65;*m82^cz)X|Uk!vA#1lo_Rr~Id(?}EO%icj~
zXAt06^b%f=>YJiLEk#GeI}Sbc(bW>{umMD#?ar7)R}n3#y?@bD@$op6>J%;JVpQLA
zppGt<w(=R!_#UW-eklY^rZX9!b&d7LW$~IX6Scsa6&MywzPV5BvJxpadc9f+C{Ad<
zX48ezU=`HGC5;9&cjEosbO#KkrP&O#+5ixuT4_ZO_v{(WC$`FZc)Z8Dq&HhI!jVx)
z&{=ez{nx2e@uCD;X8$&%4!#-r%o&#w!CKOWPLkWz$u&LIGI>M3cSuv$DeDii9=-|L
zJ&s9(mJ&1UtZe8|I%w9g)-;;e*`&R^btgI_9-!99Fmr(73rm*F|2#d;y+1O|9o#@a
zK+TzID^pS?3k^rdB{983z*s(ZO#4&HWq$8{c}GKnQt_ceNAV&KJ^d_l&c%nPdT<fD
zN~b4?q23ut73FPBQ^U}ermne+mP?P)o5F^JMO6ZbbA+prkv=U6iBBVuhWc5EBAkM4
z@*4KX(m94UU0~MOM%cKV91t~J6cVnkM2VtE%dvcU-R&GUGAlKWesJ^yBF}1n0!p|_
z8xF39JY<AN#0sm#P2Q>;yZa{vj-=_=mbSPDi|_=W{hSuQTPG>sxy4^OJ*#?ik#<Uv
zSQ)9yA|IoWc@G*<n0}TryI_c_`;ji#>b6NWI89I;`IJp+bhtRi(R`tTgrP=N`_2gW
zx)D5AW<Qm2I^GTsXF5!3@|l8QWxWu#&fH2S%*8)OHq2ags$#9BZ^Y>-#GxZ9C<y(L
zs)!_u7q_+H%n4Z#CUVqoj$qM)8{A`**y+Z(zld*D8%RyaXStP|2RhL$`BUJLg_Sa?
zR6P4=R%`k+ufp0d9-G?c38&l+Z4S@YW|R;umLq<?`^_+_lKAR8LPF74V_|e?87a~G
z2-ioZ;4u6omwPG$5agb2)C{Me^w(XbJ+8DPv2&2LGS@at4PQZDxFMZ#bX$~aku#?k
zv+C>e9a=esIWi-L3o~*eO{nF%hW()f39KjM*+YcZiC?$7Ui?88!>+4P$KCBWI#taW
zxkMuEQA#6ond9jc>Ifsv_M?{rp<m{N{U$XWIp_~A=0uJbA0Q1rg90mn_|K+CRc7_N
zEM!`*11*Ox5!<ae$2SkA>X67eQ+gSx|EpYGSY`H=9r*7ZAq<Qo^^&=}`k$g)fz!}K
zYmmy4VB2K`whQ)`i}1W2lXE;<T9^|t3m;kMr#Qi<FpfOq$t1!jUd6DTnq8UyPz!jN
zO0e;YQ;qB0N5bFx&HBF+29Pot%6y!kxQ9;z&L<#O%D8OCrhn^dMa7`tlXF8U3NJ;r
zdGx$9Utju(cCVAjp~*v!OBQky@tbo+qbLVKo-5bL+`3BseLN9GI$?i4Wq+~^)dM3S
z4IyV|Uh<fB@ETlxz|csp&twqCww9U!(;KuZO+qmiD`kAA1n;TleOLQnTXwe(onW!a
zl2WH&OI$75-6+R!Q<O%da)wHF7H^gTO#HA$Q1<wtiukcUfcDts3X?*^rxL+Z1D@GG
z%D}2a0efzIbV|{OxQ>YEVgHWh<MIO2{TU9SACLljOn0yzaS)B=<9SCVevh{A67mPO
zl5L1S)Y=F%LibXtFhQ6sbfi-jOv`*;x@mdm$nZGg^Afy>*qCrm>LO;&z!h28$Tn!y
z)JyL~x7Lae$1vf?Sb&gBzWUnX;0j6n6VX!42DxR7Iw4Tq+SD;}$Uos>A~VsvP`odn
zxlj7%_JHQ}jC9iKZV^V$cWI9LyJQ+uMSKa=JlI4(&wt`Rn$d&%C27JKVz$sMLC2|S
zM137D8T?(?Ds9CU680Zd^yoijn{92nhAd}}^p1iQiTcLj`uMNJ;oR{Mzu$&V6Xm-f
ziS_c|Lmr8}e+zen_su+JxLLp#Qx_`$4vFC`(uV(N_FGz3Xu76AC2M3NXOI;{sLt*j
z&Y6k$J}{8n5pP@KQ*fZL<s?M)v$gpCRo@FTW#kwEw{&ttBE&MX%64!Eck<*jpyoq-
z1dWpQ%yvk-_m<+e8?hWl$a|gwu??Z>gkXU)dQgx*fv#0IXaHpsC)qRtJt}Nlm^NN~
ztz`RT-lioY88R6d$>SB3jcj6=om=iKU+AB@;$JPkpZV6m*(JKK8@D%$w=E95L0NV+
zrnn`NC}oe)p1LJ2T98iI+!B;;t!`4*jfIT?78r$-#|o0np4k`)TK1UD5GS($#)cb|
z3T2+us~<`@YK<Q=YuLxcia~(+J%?i$A_6~QvIs7Mo_%A7!P`TXnq1U!6R>45NyrR}
zqslvBHQG+ApT(qH)%jxGutf3B49y|a5Y$;NI=*h*NT;rCmh8NT*{VGVyxRnBT}Y?m
zNFCVv#us22B(37Gkex)rFu6z`(pJYK0AZ_fY+iuT*z{6{Ws{6C<{Ca7FZ398jMS8K
zrv?ozo|Cm@pmUfd&%TvkR2oTQyPUCc40Gxo{>ss~q;j`mV&2j+FaDGNcs=4bS-;nZ
zH=_G)F-9xQCvq+S@60jKyr&y}qEd7t<b`vah4TlPPpG|n%KZEffB13@oB~WkU0GvF
za<>Q})CvJ@c4T4W3!w9nG7jfz7n%$Zy8K(spbc4?LcJ^}=4;k{1gL6HfXPF&5VP&7
zB`hRj(Ta)ufRdJq$u_=#$T2$gns`#E?J`m)K%ph>+LxT<u4CGSBe1nG%JqQI&(^mN
z_w&vMtcgmASt;i@Ta@1R2Dmj(se7mU-IK_Db89r)OR7Yd<Nn-BFIqQrm`%vSKHtC4
zOCeN#!9EYnHj&NJk)Y<lI-XsJy-yIVp=gCkNXm%uOi}ir8Bjq%jcpBMlascdIwIXX
zVwB90mz=?;VDBAcxW4uuVvP42PlhI1xV9rfCbyh6beXX5nsMM6;FjoKD8+EK6sH#!
zB!?yCyF7p|0Sqqx!?^cIlY&Zo%`+W^G;(e=Vb;Vl4<>K+Llr*2e{Bv#@7hOT)X&2g
zIkK|h_JXCx(DwG&5V4L`*S~sB>MZy<saP82x|T%3;koiid8DOc#DEn!n+S|dJU*==
zynIEg8|6zEMX3^2%416?vs$=HXtjJp#3f4?%}ahlyk}0#pR~~~^23|LzbTb1l-r5r
z%u8EtR3)i=g#NWEqK-v7%ZnTAPl*HMkKvo+2v|>(H!?c$lpdu1wVsH1OIDshX^dFL
zFb?C}o61UFMJ14S`{U;)twDO%B6;@QD**i*FX5$N;kFGKGF=jP`s%UI=Na{Gj_*YE
zpa$3R+BKnL%R8t7q2F(L`*@~^h@gn!UWw^sX7knYX)L%|afL`Z>7`w&dENnmO1X%c
zAg<g7CK0~F1q39^7lM`~a!RA73?_wgx<zJTNuOn5seV;6oHAvc;ev#h*Dy!!JT~gF
z5-zZ)9F+t~;S^aGWO^2;6by+otEhV(a5Y6Y6r@V-<dBihkhPe`S>#iJ?UMjM>vZ+v
zVD&66EeC!=!x~T$3o#rH%P`xw8GarmBx;1p+@m#e?*khK(3ZPXHm`^5_Y2qj`B=Bx
zmN`>L;H*$$8^p>RW0SPjN>aE(wa(xxa}6)R3|b>T5HBm{)XzcRw<RF-gMq;nS0N&q
z+q)NBm{A*Sp$Go}KG`$~v~5$tqvak6-$u}=x?AKgG~GUA@E(Oiyx_4x{+D?k;dko!
zEzAmcRxH5|5rMfMZROh46*3e`u6p`stw>y(|KR$gjQn`MQN+5{Wz(i-{=9v{8sus+
z>sU0LF>47*i|5)W#rBwhw%2qrb^3t`gG7DDG)1N>luc6qU+Ttea722xMmg;9;+S8e
zze#g}Sm*q1KB~Ed(g>I=pa{Dq6`!;wO+_tdUcnAoHZ<M#KTI<?^ERu=vWDz%CABvc
zPC`snUVK10<s_Q7z63f|MQP?d#tvNle=9LVDuhaF#1A4~GxS}tgn4(!kUI`xY<dY@
z5Y#?x+3!9#f6)l9eMf?8B_1|(UU&=>Wjpb64Qq=x*GS;WN>WPy{LD#P8J$jI4MDcy
z1lr9f%(dVPML2K#`spPaBti^3Flvo0k!Zg@Z1PH$T4@oi3=Z)qqI7SQA+{4P**?O2
zfCPB*9W1}XeLXz(-_9v~+w1H3O6iDULmvk#yaJw*2H-5;<Zz9GnIe#d=YM2hJR+@K
zUF^ppNW;Xr3I1IT|3=g4)r*ni>hu}(;2D6CDPK4Mdhc978H@RCO7$N1++5z>dbHr(
z*%|HFEo5Wl0?WV}&cO?0WNtyIu^oQ;E!d5e+@z_al-0pvVg~3JWbkN8c{26zE5<DD
z#-vHw>>!Qs`e=Eq)1I`IG!C5e`7c%tqq3w<T||d*h^Ak>7mM~+3wACrJ+k<-M`*M4
z3K0j8Kxg}d760#PfPAw|eW%RQt`WI8m$lR)PGjc2W&Y)gNZ!R~)NaqS0-xs%TwC`h
z8y<bjV#(Nz!&e5^L{3QHadB!@G3Rju2df0`uk7JVq}P|5XCIdbYecuWlNK*C-UE+8
zQ-MM4;A_a2jj7ScMN29rQT^cBCq$h~f}#SY753c!6fzopU!DV>$C8t~Xe9tfo($ah
z>^bM<^B<aBGb6bnp0>S9k^nJSeXCsi^4w-UP_K6u*WiRUf)JoOwR&au)Y3HCu^ha;
zdRa<n$N146gB|Wdv=@6dBONKX>&($EA;;G!Ui2wDgA2kkGg|>sDg)-c7fX>|FP+^a
z!x>S(?dNT6nm7I8f7>?@K((ZrCXQi~DRKn;A&b2qu<rCrsi<m*n(A_jL5oPzvAsgk
zN3Mk07S9KM>_07tOUdPpfrdks&X_UIx)F=myMkFOj;CO~F@yN|B+z>Tvw8q=fG@>E
z&hE?;%RnUX5(3nx;N3#8LGz}6!1Zh9(xNs*koX!gEbfnAP*AC}9~2l$F)ATm`Jc07
zexE0THxmcD_lEBY^3~Dh{2+^LVzhGQ>oe^QX+KMyB99toi$V%&eRJ+k#BFhn$fC_b
zfzt=ZjM1Bv2^S$1X_vK9qASvnd>rIO6TZ&BE;m674_V~v<Ii9z%4|cFwH0zDWHrqp
zeqo72#3Rq(V1mT#)WSbn?tXlLls0vhs(R>;fvji&j)LmzzCuS$g*f>P+do76-ia*3
z5L)h-R+tq~bI?TnMiypGyk>HzXM%>Gg`eJ_Kdw%Q)~&A5s8lxc;_K08xdHb$tHss~
zQ06%Z`Ux30vsMoJkzCdQAClmzvaFvq<kn1MK}!%_nOX+5^k9tBJ8`2iOXn(IK6hAv
zXzE%(e(nzVTkb`cda+!8>$v(ozdTgB?rfaYc2L^tWXaqYqv!V?<N7%;Hj*u}?Rl{n
zGIbdyPT!_TkXbEQK1JNMSN!#`Mu^lR4k;ocaO!xZ&EtE?ka$<HVBeG^$z%k;mxD8e
zmup&|vc0$9@n<Ok_%Ug=c%nrY=WAszA?SSsMJHo2li2`m8O(V|kq6WQ1!_VCq$%*H
zo&-6pbeL#$<r<m0RC3bant!1)rLJ40me`yPek3UGA7UyWNlgB^SawL1DMnOU8+rEW
zx}-;3OwkAy5$=yn5=h(y^uH7KbA12-m~YBr=F})T*Ri7Xf}PuGTbokn1L9`_^k#U7
z{s?q567yJ5iufem7E7M){l|lK$U9m2ssXEvxW#ISZY~VT`6mCe2(}nH&;5A`<(OtP
zsx9sp;pYnBwmOl*J9aWluAGN}$DqI8YdsKp5<U>#e(i*pP?q9YW+_Gcd57mdi3oqg
z&DIMJccnmIB5|L62LVC2&9mDrzo1FpLV&$|{_Sf0cka|4cOllD!!ZgF#OV-T;G=l_
zs!WV!B|pWd$9Ug<21Xzmw|D54Y=V-M=_6Ko2L0R7DZ%^W`fr1Mw!P0@1&{B&dXJAA
z-?!Y_EmPOb5ocV5Cl-wmyMkqw<N<6EE7T-5N_H*P&7&*mW7SG&wB&>mIMifgTgtak
z<W63aAr1bV%;d5-^4LbVOaODP!t2os&iL^h(BCiq!1M8Vu_n9{C|b5CZY^83ShBuc
zKp<kiCCD|5&b<;K;(yB+?tPZ7Rq{w|?qUxlDsp||3nXgl_Z@I^H$R0%DT*;i4AZbU
zbY}JwBRz^qrqvc+g^x?6XN2QxnTDjE_f3*-U?5S{<Jl8=yX5DYVaS{1-qtSp12meJ
zyXFM(I_pqmh+mT3>t@}(3g}PR<(c>OD0a=8+(o-P6D5JlvSqBZ(B?j`XDVNhr~Nl~
zch<rLH_^9LE}OnQGXmPDQU4mSvx`#3)xG0;uRt%w$M`@F))TPG4erb9zjFP*KJvB5
zo$JO`AhPtkC1{^1vFsC_!6NgIAu%GIJp2FAICCq|u(DKf4?_y+ebF~+uMpu(f(5oR
zxa$H_6D&Epcfh5%J+A*6;MABqZFj%@fVvcqpN|KA?Z8bBge}jY!0Hz|wNDB1OJ07U
z8^o;oW2BIDqE-V&_0kfd^yFI&UZPYwlP0nUiMEvkM>OkXQ7ul(dJm5T&LVQa^c`TD
zU08^gt7z9JV>F;hotnmX_c%EB`E~be&!0jHEzd@<aCLo_uQfnD3$SKf-7C`FD7Nnt
zBNzF>kSiYl(;{V+A&J{ugNl#$HAi9YYhX1!e_twc!C9c|BV@RCoQ<Zc+@d{=u(m>k
z)~Z-dT|H+6ejNP2K(VBee_MWUPPYhIXxF^DelRhNw03%xzRHNhBAyY$40qZveMY<Q
z3L6+MS`;$toQFOXhzd*XdgYX0#v99AVkv7p=9x2j6xU;;m`r};<S}W^_#OLwck#Vv
zADqs&<u#NH-T!yu3i^RpM<~ODJRdMmp@?vFn-jf9T|aA3AbLbRt$#7yNLxz$gB0lb
zm5>WlDCJbdlda2|sV%c8#$iaBg<4W{<Dqi&a#=EC6y;Hl<kx}(@!cqJ4VFxbKC(vp
zC|`IA2%gsM1WPuzCI`(hxnhT)BzWUb#Q1C2Lw<=iCqm-D!G0vzc}Lq-D^&0so5S=F
zAKXoXlvz#!{r&Pw%=tPq5DX{}JU&nyyassYgtCg#OXr%QLFr5W4fP~mF*|c*-g9!9
z9eqi;-On1K!=7cpk+097FC*`?FG)yS!8tm`wxozQZM)FT>}~8LLVZI>fz8m7u~OdP
zXjUG-g$OCA2FvoJ_2-C9N%~WQ6Bbo2d!TgGN`==#8keR$%$MiL-??w)Gi3M{q>j#<
z8?Q<3cr-jw8ig7qWG+5!;Wv37opC~&e}9f8S;@p<mIv@F6q2}bBf1;h8-IBNmA1mX
zjXAi-;_LUAU4Mxo*PH+I3#v#eQ<f@6PuIck6V?c$(2A^9L%Vkt!>=H9UMv$SDW8>c
zrf9)WsC>b^yH%omf#fC_e*vzjA@CZ~MW=VmIH9yvH9?&)7m%LomYyrg3W%d}3e+@$
zI;XSD3X+Q~DXwJ=B$7n#EN!6<7f*<^pgvT-{0AkJG$xroe@~|l14iw9s(srA7l;gd
zpd5BffjI6VV4671ib2nUycM<KlI_daKS4aP$hk2HPjb|gm5X{3@f<vDVG&ll=)^*4
z#*xpQ7mH0lmTA7W&Z4MVfkMGYT0iBsb|B?7G%Pu<h~bk}y(A2)g~gh|e`t*B3_KHN
zJ=trRUcwpvhZ|Tzba8uL{4G?zZc^PFePhUxf46*#^^wl_9s2F|VJ~|CDq)nLhB|V}
zE|q1R40Q`uqZHB=Efu}pLywuQKv%NElx{+_2eFdH_hhOly=3`t+S(Qw1gPv=WHU+}
zDLGx7(h6vsZn{y@E=(=LX<f6jy)Eb*PDL?<cWnCIv&v1K2}z3Q7aWFYQ9+kqdg=<?
zllxKZ8~mHaFlJ|mGD#~?la8$S#Wl+QZ4ameC4uRMLg*L!3u#d~W!Q)g7HyU_8@U7-
zd>e4<BAErar7C5cshF^{&;Q&Z*}nJPXEV!!pFDBpy|^#%9|`^fovG046OEL@k%!Wa
zt;41VcuWo-UDn7qp$MCS8W1erveDDeQy>=mFgL+3z!%RZ(^B3Ba5cW1p`ODxyNnn*
zBK~wMwr<Nt%A}_(m6n$sa`2hC9p&WXe+4gog|s{%Avk1KU}(hT>kKW6brFz;(p)qv
z%A~yuq|vs?%*#5xr1QukPK4koS~>y3<l7!ucAR9EEO_o-zC$lQLzKA&4wE+ZKY;Fb
zk@juI-esjV!|K*yrDG9Q`~*ts;?n@G%=F8f-hj(1hVEWyHhtF{vvkGhQ}OEs+p9Fh
zv8tb~D@hq4uf~&ndFepdAdm})53YSaaYw}Nhu6gZ5lr8v-Q7}z=*J)hXK0y7S7XQ)
z&)qF>y#JO1+|;^kX1c@%Q9|>^zj)l?K_$xwh&b~5MmeVyAE6LkeUlLpeS(L-$6Jcm
zvJlb59p@m)bK~VO>(N<=eT`wrz!l_aPm#9L#SGVwQ>G;?Valc(4G6XVa3OM#ENtX}
zf=ImjTP>ajsc7mOC3`8M-FzTLda&@cAzBrSiV(y61B<w3mQvy0P@(i8m`ZBdA;P3G
zBr5N42ZTZEX^8j3X19wrKi{QEEk&HkY<>Le)arNYvH4uav^ibOp!AI2b%4LegN{H#
z)BqAp@J0RZ#-Y+T8D?_E-bGA$Fk?sFR~+;yO5W3tkA&?n0R_U3pyWNE$u}zev%g;$
z-n}zCk5K<Z<BJ2vVyzHSdTrq&l|v_Oxnk$Swc$O@DA9k&xuh{N5fo4K87J|6y=41*
z<BXxgl#m8%@S4GP^zRI3H^*;sQ2z+?w=gRT?<c=Nj3A|yG0!hx2t=r1#di_dD-Pbh
zUl<&}u;nL)Wkq`8%X9Yg9lCF3<m!BjV$0lT=dI|u6x%M!LbaifbS?3$;e5}XY@O->
z>_JGIG6V^=-#NCF0EE+&HwRQeY1(O`aeS1mgbx=MU=KanT!Ix{6Ckh?jpgzR6BM8v
zTseNFcP__eO=yku8MBTgF2X;r+xh;syH3#Wj<4shX`RM&j$_Qf-R*l(_&9v+XOV{=
zhNz4E8@z3BXcR^7btwQr5}4n4Pju<?d;Kq@zvt`R+7e8E_ZwB5n?S*~4cZH6w~qIZ
z*Lb!f4j^(Euy5L4KQMge$5m=}xu7ncpA?aaCzs;F!*_Oi47$BAakIq?j31(e_Ktsv
z&ja|sgP0)1zlHN%2$rnwR56*@_0i<p_7Aq|+??Gp`n)xbem#K#&k(+5hv|k3mc=5*
zMU8@iT6g4rqsno9(0RXjAZ*&)E!X>JJMJt$7w`FY$133exXa!7hPN1JaSF~?DqW^!
zERhKvo~~^)!L(kE+VrrRa&Rh&BQ~CB?)vunOqWYG91*pJkiSetu57w~rUu8F{rm4-
zNE?NCb(j<<)$%d7&=?LXD=_z}-Y}zn9^vPmuFeV`=9px*lWRb9|M5}p<9y4lE*hge
zc<Lif3`v#VZ_f0Q@tF&*J;MP~TQQ@59Uxyl&PL$CmvQ?zfyH;>`vZT`()CAh1T?Qi
zOA(<IDw$eXVTv-jrEXaQrtz8zNu?B5r=R#a-M`@G_!EwH3r=2-jpEhyA{2J+3nIgs
znR_D^cq}SM%23lMfK{cXryN*i<}{<H=PP7>{|i~+E);0@CqI~=Ns;)PVSE3a%@_0E
zh#;t6$orN^;U+xU4qmQ9Si2vob9vv18X9vMbWj!$g|G>9YUXN1e~Oc*n6;#<qsTQ0
z)><#>eJH~=`BrGL>MJI_3aiCzGFDV3_@<o$`4tx9HXgEc*oxsjFx5vb_)NL_DCN;e
z2^Oq<LVnHT_{%Gdk2Hg76w6RHGxy3LfjqP*RIe9qpZxU}NM4U%%=?bj_XtpC0pH}F
zJ#FDBp`?&Q14QF!49lb}+PJsFd@#+yCB4v$BsmE9!BUwZ_W8vtwtM>A2z*{)YM;`v
zT!oL^2A%p$TJVsv!xR!NUfY5H6AuuY!t6UsU@~LtKC++t7RrK6A~zEFhV<U__RN_Z
zUlNF|fQeJiDzzN4VA;PoODSg*JdB_FqE(3hp7!7noj@iLisV=Ud}_k09-YcJQ%iRY
zZD-)I%7~E7urkNCdLp`V1gxwt{$T_RqgVEh0nD%tb*!6_Q)liPYMnDa2)mO^+h-lv
zp{i;G##ksJh(p6sjnZDsl<OqG<rx*`wVnC<j<T1`a}4rLVkqz4T!M1x1lM#?f96lP
z3`|AapXAyY)l8u7VL68-Th};-R1J^Fdis5Fk}?X@jPvC!Twl!p!2LlIu>@Isnozw5
ziM3kpF?nEk&3suQl0(<g(MK%bl%ZgJq#LL3axvOpEGB6K;L8AXOe|^bFPn1g+c*q4
zILT#EvK4b6nTJbO{+9_c^oeB#Q{ZTpg20@GVsunDw4Ju_nq7Diar1g-8&=Ol>y?c%
z7=asWMmY{P$;<Z}Y(7wUy?aq%kf17A*{`Ntfz&)_#z*4r^hqrr2$L-XdSv;GQ56U<
z1NMYjb3Ot`4z99wi}@cqvgRi8_43$rbyBgvPz&!o&Bw~P!8>iBVy1%YZ$p{~sdJa?
zEkY1x>*PBK4Vom4AxNalxTvggva%`B)mhQ3aUzR)h@Exd3SpKJ^I|f_VW>11U(cHb
z9euuFkz>q(wTF54XZsWx5kimmoD#^tZONks|3#To`IE83Fe>zuz~YurnlW|#+dm7E
zyh1*MIW7jCM+I2&9UZ>P5I)48uzCHg%wQPHLDYBT;5+j25&tX3#{<lQn82AR&(_6v
z;^u-Um9<AV!_3KlPrC^0`*;iuK0({KyTSBE{3+3modd2E+mxL6yycT;$0K3iT_>)=
z&D}oE{VP1Z2p_@W;J=jSJ&l;7`j?}9MtlPQA-`+p&lL{faZkC=07^N|y>2Wc7Y^Uy
z>md<PRzn2AtXb8H3TS1d6zcGObA6*YaH3!e@6!i3R2p-gga*WlY>$YG9NfJ;hxG=Z
zfk1Nz#A1mDraR)e33^E7QGu|79J0s9N+ryMf1OTk;qfJDuKyKocp+f`4qL9?)9)!|
z!Y7EzOHt~%7DwI8xUkw8HM@+XTNpiy#Y}mhHM$(%K){5rd*Hr@4lJK8W0p!5%fvw-
zFGbU&QMlkPYz|W;u0D@BGxvVk60KGQB*}Evhj|z$l2J!?5me(q#pX?-PF#aeaI+Mr
zEkT(jzFap>9!Cy(`hYtRu>-%C^e&srJae2iY>8xr2W**ynHA_K7?T)*a)5G+S2xC1
zfo>3IrfDL$d6X?X6Q#w&^OkL@D&|=Bi0tSVJ#{Y8edtKja?;dq!h*+;tM6#^70aba
zKxuxuBzp?mq6?cfOW%>7f6wYJXk_H2D!e|}=?+9Wi5zA;-GDhuAN2)A88#*oh~41J
zGr^hWZ9|rFkm55((e!nF;*wap8S<F3VkKpR&=E>n0!B6tWz*@d`I2#mPazF@-mZIk
zUf?N!Aebo!A#+p(9Yy%{N4b^fe5>rS>({T3>+j=l8}nhvbjGpiapp-CU{zm>Xw@`n
z0&EDxaL^ip)HdJJ^U!!Qy-VHxq$Q=QMtB1@Cz&faYB#YfED2lSpBGZ$3Cx5UAtpEZ
zGh=*94jcnakokR^7zbPmo`3<SK~%C3k!WOv2SrjE^8#Ev^V3?p5HxCK$N(B<M0Ju|
z#i3zXkqbb;U^-#mk7iIK9DNjFL)$F=;9SEkY|*F$KftA=7Ud{!w&B!M+k8`G8j12*
z*4#)Jx(vs-fSWTujI<^nN|6{5b<tL@MI!^HBb+hsXp_*vJn2Ak??>0NtLS8!##we^
z7p*eqI8PutN#8}0Scc9vWR4?OwiyQ30n?bVvJ9?{tnm*W0iAIABKZd0{W=c4Vkcr)
zAzM^qR<k7i<TYxLyqE~S(0N?ybZVqjm|tAFY3|wbndNB4aHw)s;5BX#8{^3cKI@dD
zWODVIC9IgIF@FFmW+~_|%BU5T(q=-ASus)<5Yz)2^tk$D=BSaPWF<qLA!1o93KAu5
znlD@PG{nlbKBWz_$eY~B|8Ql5D@aKZ0ud8Pn@gIoGbfMRtp}3GMKFQqj8v`(kwP%@
zs9@W(nAVDyEC&l+Ei3g>U50jJvP&>4qaKSWRx%>(iBWu5+X)#NT0DR(#O56P(;upE
zJy3nHlbyz{I#P7!q;OI*i`2mMuVaB3+8(szVPOc}rmBpsKImL)kC%qljv04kO;lO)
zqlf5~$`9A@0c-V=m}#;_nqvo@%HL_#0k2J=Pa@iWVezoZsz)l4QL0jbq>H{_%Yz=4
zoo=z{naOlAwKookKFhy9&=TfIZ|;t=ok*k8<Tk#@aP^aPs9tRpDxDrn1_BkLf1e+!
zE94;sPaf+YZX2saZCM+%Hc56&9VM8ZVuvmyzN?kc6+b3OjHWxAz^V_=W!4;a^Wo}G
z(>>m$GdCCUtqZ-A$ob<nL~OmKbV_gaWN2(-6qt%m@s^xouxdBIn{oeYY~nQ{(X5J5
z-Amm611!KxQxRwX{WEcK>Oefn_$zg0b-eKvm%BA`1G4xB5`A$F=+E97oP&SK?~alr
zN~A(EFjZ&4nov5qQ#dLi=;v2lu+6Ln)701aBy8G{9_Z0H=x{m_O**;FKOy`C47M@n
zRN+0SzicZhOB6j=vUd(l&BPKuN>NAY)bKgt$+|XTv?i~WA*RHroy332+J#duS;2-e
zHbF*9!AynHa&UWAEk?+iRWr$OQ;*f#7?|-FO!~L-y&{yRFTA{|P34?WP+?Zva#bZ>
z9eORwBzC@mAV#yoh?mI7={b29UO5qkNm`-dr03nKK~Sabv`l8JjOrtXvzDcVj5agu
zPSNPIrapCT=(P2e4Y<@j)JI4=H^DVIMOBV1tI4Lp$<bS*zT&&fj27$uO^_bs$QQND
z(GtIkHtLIXU-@lpL$Yk=wIYXF5#@a5Q7%whZsVhuuHKk9v%PWN;@O*Z!F`GAWk8fs
zWT(T;c$TWsfMI=TtC>`1TJu=?Ts7U?`EBo!*TV|8rNYvU*4mU?&0-!JxH{Qvuj=oq
zXBOJHxzXuKm-gwcf^&rl(}Fm!aWuxL)<WCAx(e-7!;qkAyVG9inr-BpnS90*(Vp7U
ziIH84cDoVh-j2V#siik}QU*D->sPqI+55Hm_+D#fGa^(+839{mMy|fB<eM1xF*7H)
z10Wc3|3&L`tmm@uJU@2b9d@11BBi2}UvmdO)x7)|xFS=bdl7{(c~<pr{G`fV@A!F6
zQBZ}(vp^GzMo{Y@mSWl1sKzn3y1Eg=(EHc|1Nl4UB-}!0CZlSOM(a+VpyeD_rdHde
z+MhI8nv?I399&UdzW?T`v-2w_QNQIYCw<}@u)w-)?ve7)pQxzzspN1i`t3y{?Ps+j
zeTMcZfAtX{FmQ4kl7l~G&Ecx;-d>t>n{4N%tDXMYb?&~d0`|&JHdiB+gyQ?pZgv%8
zqgQfW)@wCZM-<AWG$@|_clLDJ=1ivjV+JRF|K_ikv`arYz2*n=zP>ni@pn6(OG;+_
z%K6k-XPN4rjt-{hbD1r*jEb;G8tjTRw)REh+b+&Gy`?z<n0~p}>jwI(uxrH_-%+HN
zqRyP^`wy?5#rw?+pe{<uAnwhZ_cP4%?ZuqqLf2t^CZ6^_n@DPNo7+kkSn6AU9kR##
zD2OahAE|T2OD!g*c}Pa+U3Zq|a?{i`*g4b_g=q6cdwI^xE{1Jyz_%F!`^+KLk7WAx
zZoBKQ-;0Q<^4iJMZDX27gtATSrVOnPn*sN$aAF_mzU0pjvliUF)tbJhqh9?JF$T^$
z{jPKu+r|a1cqXpHZ>t3U$8|o{cYVEbEuDGphnzl3PF7`xqe!Y+tW`Y275`xL_?2eb
z>alcjiit=t-4q1zmy2($`|BW8SJOMH*Do=$d)El(w_l|F7_oobe!Pi~?{+f!7i4d>
zf8Bapud*Ce^lWyff_RHJdFjj`iEeYc;2m!*5fn-Pv}R9&tN}gUps8i2tb{F`e7<hF
zKIQ+EwNSxt;W7Xhr$wy*yfpW8;3{;NcgwYASkjNBemk2mEn{4b?F(xR^UGMe%!#_^
zsh7@D?);X*#Ht+~s;C;qcyv>6PoKoD*o+9(IOed42vvgxmLJz#0lXC4<J19qs{QuL
z0?XTbX|l>`jX8P^j&1w=+w@MUj%B#1^&Rf&9)`Zdo!LwY6&>i;nJ0)#QO)I;TJ>KE
z3t=%MYP59jZQasV>%ExW*{X>`)k@D*ZdG3m52ESD)n~qCUD?L1Io@68Ehyj^tV!wV
zwl|{o!n+t6PyF{=dfJ0Pw(|&i7H9bFDBx<=uZ{T+d3^>>?S{lw2aM@dBV%w@0;KM9
zeC}Cy%zZfEjbpUuIFYSG9pgg&^(`>qwjE_nd%E<c6=#@Lb_Wjjq1$HK!$Rk`fA)tS
zeF{huE!bhbgCRBsM4p>j{5Br9r145*TwfDOyMCp5f|$m3uRN&mJGd$M6SXko=6^R;
ztv_tYwHBZ8d4!`)9cFADdD&adb$ivdbN`PL>trvH^qA%>c<sz1=VYP^zgNmrSD;Kw
zni{4wlRoD1n!8egTId~YaN7cJ_=lys<4X&0D6e4)pWYNJ%Ew-+x45M<Y<t|BnFWvb
zp6)cMHr&{LSM4!=s5i^idp9}l+++P{Tl!8(yROc%QLCd*eyFacmi<WmXYg92FQ?EZ
z>7V^=;txPR*U9Rak9ciDn)w^ku&WsIA{u+e-U<)f<Ql7roSsG1yE0JPb;NT37!_Bz
zZJB~@InJ2xvojaPK_NA&{lygno`fyi(A}l&0_pjd5x%-8zm-HqTYyz#<G7Pn7%U>`
zu$cT7_$jZPT7nMqaXLywmyVJhjo~&}^+lEga52)OZo|wtigd<>4o6k_7SzPG?je6s
zCteLDeLcH?s}V%FQa3>?w_PRa>k$3c3U5}tfY<u65Id69%`J3P5cIBsT##{}U9@3*
z9aLX|rZF}un$&AOyu6R5Uq9Q2yhqn{p5u29(|yd35_HHVqVd^dNvj}F>5S2;nJP`t
zv1_J?j*417BY1W=xk{|AXsGI<c>&G7{hb9nWk<s$ugXPlAiaGgTwz%8Zt>Awk{{!4
z3uC5h=h0b3?lk(GMb#y`wPF-I#o?Q}PPOLqt&o15eRj1f*)yy<JaqU3g=3K7AL=%V
zPzNun!&Et3(l(|y8=2z>(x|)tOenl7=EP1`L*rZHxJJIoyHkQ`qT6|2#?VPO!;$Ll
zHt}oah&LTJFhOyf_8{+yGL==4UgkUBF@yX7$%KWHhCGEqd8TH@4}^)uV0JYM_1&}z
z-frFHYQ?9(z2M~fKF}{gJ*8@je#Rr6S$>cY(7D{1roAtbwW9tbAO)<FLRl&Vonj8%
zsz%(NB-XD$t=m6C9&`8h1L^U@UPYdMOWy#AXLuYlTf4@!rA_!llB`wKJFsjS&htho
z-y<z8L*n=JKW&-amoy~TIic%<Jon|D&AM%e**$5hB4-9Pu3luud5cm=zkds9VA<6T
zYIT*%{>ir=S!25%ujes0_M4H{SuneQxNr6H5A+1T<u1LVw+Yh|UoSMRBC#w|Fh9PT
zy8HgZ4t0G1Z)H)qh-tc*8o8M9m^hgM8xR&I7FK#DHhLybRVGdz77iXZPFf}=9wsKq
z%)$8o2Z61<sU^Vk|4qQm!^-wQ2>!A=&H@R3{x1nGmbPZjE=It6ivNcY_WvoQ$XnA1
zNW=Oc4e&xEkH~+6vUgIox3>ZLWomD1MyzOI?_%$4VeddJB0|i<#LPzgQ_jf5((b=b
zYN}+xaUeO*|0I`_;}JD;vUD>u6?d|?1pzW-Fts%05f|YUXJ+PPW8!3C;^1Ot{>988
zA|lEyBF4$hDI(6sCadgc3FN~4zj3iQakVwGbCDALUrboJgqgXx#ecC0vvV^ui?MUD
zu!xFrFp0DL;$&rJ<6;-x{PW+fxBrcalpS#Lb|z;3lZhp8B>$5M_x~4@uoc(;?vVca
mzel3rWNB_`XJjM#e~#$?Z(4RD3XVW#AW~xTqIJTCLH`%M;40t%

diff --git a/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIcon_2x.png b/apps/splunk-add-on-for-unix-and-linux_920/Splunk_TA_nix/static/appIcon_2x.png
deleted file mode 100644
index c638b3f159fc4047a35e86d577c49cb0234f6933..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6738
zcma)Bby!sC+a6LH1W6HwMrs(kTV&{^Lt=mdhMHj*O36V$1OaJ8LMf4uP6?$`9h8t1
z7(i5F5NY_(-Tm!;*X|eRx=y|4zVGLLo;Ut@Pn@ygO==1@3IG5=4bjmuxwz~6JjqBe
zuIAtBZeH97{7i0Y0IJ5=KVQ6%BXz9(002scpC<v}(PI_>fEWWevqD=L=qorQyv3j{
z2q&0WkT>!I4FD(wDO@~y!_ZJ*khhnQpF)r__b-IP#q-Z*5I67_1nsHJZDn8#)I^|Q
zKxr{4F>!7c3Lp@ugmQ6JFwxTfgMRU*%<YawBNafPz`#JUKuIwK$_)gTmzM{LOMoOK
zL@yAce!)IyXppFnAJ6Y1f9hz#{G3s6BpQzJ0shp5IwAbg%G}&P1O4at!>2dWz~Dcj
zeEj~%>mox?5EKali;080y+QxR^h2A#{xbQmOh2<=Bn)H%^F#QfoM9Jmo_`ZU!(IOe
zou6NRS@<{FMZN!b-~Xw}MaoJSXafTUEf@+O0CUksA-sPT1_?#^!G4-l=Kj;=-&sG2
zztU8I`}m=uKF%<Rmdb^a7#!}RASEFwEe(^B5(P^^p`ub?33*XDCrLR`n4B{dChaOO
zCo3hb1o{X4zxBZ%>MjUpe{Yx%`VV!N3w3QxS#2;_R!Uq}LR>};3|0rrXliQ7Yu=ER
zm(|pklKNBmZ`8k(l|cVU_tzl%z3>05#Xo~e%4vY*<h9kMG^FLh;2Y9%5)xWBWW=>4
z)MX{XQgRpR{Gt07^>0Cc{|5PIrT&nW|G#AaM*WAZ5en`G_knt8{T2FWNBsXv^}Dlw
zk@#DfpJPqo0&>v}(4P}W1*`=6N88`<7n%y1C>RutK$#&BUMlK8*8`xjI|7aHb4MV7
znwmffaj+Cn&;aTT_xag){a5+^8|e={CD6}V`nOs8`;zdh^<qs>p}1iFxxT1SluW}i
z002ffL`&T)hyZtsG9kCuUuC~#e{+03cK@^8i*I&6BEexqGQIvzRL>L0b#<|X8V?Gd
zLKqsJK7VTQ{0bku+@jcEyySY?-6C^$v)>A?lTd)cpi5VsoujD37Mt2VU+f15ZrwQ!
zbvrxU3g4Rd&oF;q-&S`L=sNaTUUDtRZ*1gb-)SMUvq|}CQgP23!_Hyoqe9-`xDSw6
z3A^d>$Xfovt?gES+9amwv6TS}6(hTu`=KL_G#@L~I`o7~;w8s;`Bk!eiSl%;buh$h
z@7qr46N&f8iBFek4++xJ?Y(0BlC&Lb%PL&3){wsOqk6k09ZV0G7E<>R0FGFuU5u1&
zfzvlG`b|vR2C!04WR!}79CJ(>PE6UVG_nlxxtD6IA9*Q!(IevBQKSKoVbJABUf`!^
zH9$fwVeUDD2|Jzb47(T%26ugga;n5k^gJ!5oX&N;^qyR+IqBj75r9m$){qLbQrt_7
zAt2$WlW4Iqrr|N{=0{9pDg1^_vzYOW6Qbc<ryhIL-v=`<k=Fxz7^!n3(SR(Mv`b>E
zn!QT(?4j$f_LM`+vI3qegm<-uYl7&mHUOEV1iPJBQb$rH^X21oB2C0OKIACAh`$tc
z1=vuIp-I?iHDG?b=JJ8XD9?k50nlSX%(q&wAs;dIHsU^dBvm3-h*;|ZhUM9kSs2z?
z-37Uik|+%A2x9fWA(5;Gclz`eW9UOh!NXQFet1$c{_>zcf{w~2nTVpUfG8(YpOp-f
z7}s!KDRuQlo<aWgBe||-t7qhqlxP7RMf=iqR%93}_}=bGGh8P0{(~oD%kLbPFS9TL
z;~zr_%~|8)vb&{jx;Z)S6g2i>)WDY?^Y*ug{idh+@SHY<P}Ajr^OY09pf8x7k&XJT
z%l3}0Qy|y};dfZ;p*~2q$>ss{0EwwlWWdFnYc#{Y*G1GOHI3Y^aS5i_b$V(42)B<7
zvk#UDEg6zh7&okF5HuRY%#tSDl);(h1@A!7CG(_+s4I2}YJx!GKGD|`t0ZDoDfV-I
zYEvv)FMdN->;d=tfR-cdqH@|!OG#1D%Nm<9h`Ax|GJ@M2)|dBW=Cwdi8(5s*mdD7v
zb`nV)9E9>T%#ESavZqp-nk47V+pN#ZB^af~N{kG(3~%-ln}e9VqDferhO#ruj%!&y
zQftZYp^9h4$J0e#jFv9feb2^QhppCqUjFui9#~`?-oUN1-^_B;`KvFW&g3gqvsq_F
zkNk+sNjCmB+86eM!fGMqI#g4u^<TtF+=H*K`@9@g)E{v3H7-&sUEuWz_)#!8h~uke
z)n@M~S*!CK{1SivS~vD0&bR0m+*(Om^c(R@KvD)b=5C;vhgbCjdF$sDm6%U!VglQ}
z@rZE1wYmenavkBWQ7-;PN<zg>7Xit|VLD->TE;}TNB11nh1N~qDtJpf<ZXBxBWoNj
z*9yp7Nd{N>PmJ%<f?_ad^wJ~&1NtSrsRng&-cRX2dzqxK9@}+d)EH_h#+{A(FYL*o
zLgtnz9YvIqb&bhw#OZtwsw<9e6D%vD4snd~s)iD)aD796j8B=DM!)RQxUmSSb|aB-
z7*Y0tG}$XI79NH*E_bTEg0yHR2&8&e(1<UWm91C*8BjEjBR$S6|1Ke;35O4$ciToK
zfX8upkO1OBS|s&e@ZF+DgKUFPf->7yrtiQ2p;kVK_n~8@+1)P$u4KEqW%`~*?Bf~N
za|Xvo-;V?l$H^$m`O?JacFk@;d$}$ZvC9!B3{qp$v>m++k+staRbF}@bR+1ayAl$5
zK$<(3LzY=cg|B4{Qaz8-?9;lf<72yHiyaSWzs0ec$+;D(q0K-<Pm`hHs!MoQ-2)iG
zxYvDc-XVZjd8Y3hT}x)B4Rg>X#IXp75-rCTOJK#?shjj*=qLKT&ZvNG%@(;vOD65x
zyzKV~o258BFqd{=<ht9YsbQwh!Z8@uWo?Qtwr2B@!NhzSENN)|xUdLjJ5f??7J!NV
z_7iF<0y$Q&aWo+ximUOajOgjhkRJ@RI<P}RlCPstZ7Vgo;Xum5Zwkg1g*Hr4(T^c+
zFkWB7Du)jHs!rG3gq|2&F_F<At|qA<gw>*)*uskB%X;el6pt2ouWMO(Ri=)d(3@}P
zG*62-CuBuz+d2eoEzTd+ON*wvL(J&Qif%QdE$kJyYnAplRk;fcb;;tHwlC2UYNR|(
zc`L+1#?y}>cxlF81-mV<=RBix^74IJ<8ahW2e&k(2ksK+r2S>^l0#ABcbmJ>zI}8!
zKGhnqnD#p@BfleezzEz*xAS{r<->`-fcmU@r)eSU`cg|$CxN0?bX?ImID$2u7q3@C
z%llA86dV$rqdQKbm13NbF_5J`%$nB>wB$D&iu=T4V%s>2(<?4>G(PIH&ph@yNt|uK
zaa@0p=45Zp%69EFq4^*-g9eVU7o!|1$F;ScSv?Pl=gZ)T@XzbQ>^Yi}4fQ^3pQ5iC
zzzld?2bGOm>C9y{`|?VHb8p%%o1|M4d|@}ryBz*mcm0ic*OYs;c<4ddl_)D2O3#Sn
zggy|&?lX05MR7bk>Szg)<)pje$yVIvdo3-5_H>(C<Rp+-H;IqHwOeL->I_yEC+5pI
z*<8?;$61hPcGeKzG%Q+~-)&ay$jY$ITJ(l$E8V}6cJP~QsP3y4sVRXZ)#E^XY|^|y
zlFI2MRuy@<W<a26zS_>m>pbCBVmoLLmy5Lv7g!;Mxi2-}n*0v8I^E(aF&}13=<h8#
z2CjI@uM2C^2pc&0b#d-dA9`{zJG9J<_Q=!zwsk8x#+J3ti5D87#9wY3ZfbKi0|<0o
zX<t4r<~4f?@R!=Ve-7+?Gd2)JSbi0r@@DR&t@gQRWm=}iK+D;}tBA2l?$&q`z?h2u
zi5|YpU|;uU4#BC{0z6K8NRHP0gd)M+bYCVbEEgMAyB2)-aSSy0e8c{*Fqc*j_L;Ed
zc;c9kFw=IS!8%X=fVyS3?-&MKW1BvI#nF7r$|CTErLu~`9sRu7!)NT9Gtp|d1WIq(
zlhSb=BBl7s;qSyLJQO5U1mEmAWO#qJtX}UnVctl)_x|~4L>xd~rT?)a^Bm>b<B<d%
z%iTQ_Hqq2qp9rQygG!|)>IK#Gaui*BaTasrwW*Mnz}-n)MuV+++0;Rn6v##d8c{~R
zIs}-xRb#z5^Mk~?vDtL6u;#M${Ot#Qbo9++-(Zx*WmPw3UO0~I8+G#7;iR!9{<*V+
z@(9j5=00t{v1XPZFo+tn7@=ZP+{SaZ>6e=p4Wu?OAYB?`ZaH1lX6C}3r5UV!Xs4IM
zZfH-fME1S@YQf?oWI>LlSE|6(+jK;FPud0|Y4-;_x0Hp?Dr)K<lf2tn+?vHZ?QoTm
z`4380PMX9Zi#uD7b5L{i#P(JYJ<S}nbVcgT`J<Q+-_h>s$9qG8D?NAcM(2B$wbk|7
z9L>AXGTUYyOUaC8?k4mC4pZm3rH7{loy2{$Ixd(!EDzL!$YHE9v}e~NJ=4o8f}Aw?
z>7A{ldS0)vjC=q&??55E3?Ik3>^SWCotF!3O83s!s!CTDZz2YjXE;*$Mu%M>;}Y<)
zX6r{x^+Tmi^My=>BY8<VmWZAA+vT;!*(YD#oM}AL6!yPl8Sy?(9MGhHw4rnI?7PfD
z<h3F@#Yv5K`6}O2q$XrM+n-jLwAxteE*L&+ypf9(E_}bK*|xHfq$GAZXi{Ku(>TKY
zNrJgI^>F>x+x3Ez{h2odv`OuelB3+y=u;+mmBYw~NIVZ<h<G1Z0lZhRnQ20P9PHSG
z$U-8iNHv56B3bCWeFiHZ!QEHxpX^qtW`-*^7|Gb*DJNXnKQ1nNu4(9?!heUR;|bFh
zBg3xNZfr}@&A@(IBaRHH7vU4fdjjF|0Y}yEyZA^l{Wsr^*-`Bl-cf%@Wr0$X=A9cY
zFP?}adEh_#x<4la)S;~)tj6_>ZbWO>`>xxkNhzf1?lBvdbzGzM^icu3UV<*@NJ3CT
zM}nl_VCPemgm?(#%LhsiKv-<Z)*Pi=9o6ur-Z4&iF8@PrELA8G^UAE1s>O7Vg1#mb
z)bhk-j$j0G!_mV!E@l{4nVK|Q#@S9JYdA1i!+^E*iwfDLG!j-bYR3~De%w?|7yXbs
z1yxPMtI>)Cm-Y0I8gzy1QAO5sv@+91D!r(e^?wdZ>ea?QI8{y8(+s7v68dr*k<$CX
z8*4nn+f@HG*);TKjWeILTGhrZ@J)wl(ziCtD8*6;p!wL2V`I|V(p)6%!Ccc2&vAb8
zrAHR<6GtM;JAnD!&38?()B6uvhioTi#RRy*Cu<PHF9PRd=f2Q1JI7Uh?cizi1;UV)
zHAk;}V;ETDY5Qb+(<v>iotWg}7*vdwNqZs600(Bq2&@qF6-4D*cjYT$UkZOGI--U+
z)l31JLHv<7_QQO6l>N&P`;N2s0WIQOs4HvF)>O{x343x~cN+o+ctA_Q;7tPS`HAaS
zEqqcC=AA+?WJ}CP?QcfWug{*59(rGG`XUxMQ*sTj-VY@{A;s}IlQF$FwH7|F*+RJV
z;y<8vABkdXiu5?n9=sS*&J45Nr~x)mj&A-q>abkt4eS&iz3d$PkyA{=MM7MMgCqNO
zfp00s<2GJEbX|BdiZ4*<ql}#lG2rvq%lzUU**Hyp(G<uxQ(-g+$lU*`JoL9rGjkE+
zm}R%bje>kDJnLb)M+EvPl=W_>WW!Q*FUiTL_@u#X%2IT>{lv#eZ#nKewBIH)xoHy^
zAF@sRpMZl`1yoJKLEU3h<T%zOnrqQ|Kt2=Sim&wgUM3vjXCPekWEj=Fy7IRl0TpJ*
z<{XvtjXM0gUw911J;Nu(NY4s3?12_ltYZ(A{=FRt++A<^@r`6`^HLG=9qw9UhD;)|
zOVdjteen~kcZ?ycJ`->uYT;vs^3IPNr_r7e;!L&hTTGMwdT*9KP)yZO#;&~YQor8a
z0L;4^tnFD;8eA#z>{<HRD?ilAiHf}9No|E!i=_o<rpT>0FtPLc+NGr7n8eE4j!MW4
ze|G-kPaT=CQ*7J!M480FPTv)h?VB}<KFRTxV*^hl5nbjyw{;90pG=6f=mo6`C0Pt1
zy^Is{RCy8kx9Kg@Wv*XZk2BM6eI%o!=iQc&NIQ6D`eNypj7YBBfSC6>p|{n%;x1EP
zN725T(AbxokY{EVjovBP6qJ0>h8qh0U8>@xS)j>TvS~P}QeH~2Cz}?5LI*QIz7s_q
z?fW8|J=L$~G);gSrrazkiseysHWO0h3ax2!VTo-$au?l{o)iC^{5|Pf$`h?ldk0}n
z^)jIrrofg{aodL__^aO)URyFUBhwwf7LZJ8e|*c4URT3o!dw<rAy&a|*f>>5|JgTT
zmtTY}LCUm9P^q*dq_DB{iJ(!ZCIcsAp@)@SPu#NJ*Yav&e(G+Gvq>bt#G!-Wl2)H+
z9lV-$m>HZTrz6VfIYPqPALqr^i8gTKjU?ya5wX>aI18}-F*Q$VLf;Ex03JdMUpX3E
zW=JmIxhB+?d#@?bp8Oy$MqT>B;^V%tu10aO#91ck3}{M-!RtZp*3Zvt9sqXf^(EIJ
zIg_M$edOYZ?avAF%hj~b8iHi@&19gwuU}}19UuDoGq+Nw#$AJ&E0krLCM<s+brLXu
z9d-<o3x15^Joqe$USv1PCU={kGT!DvopQ-{LG+7U4nJx$6oEMzpJI@RClbC{2(cad
ze)W)zwQR4d2MoC5^tksdj+hoT_?>t|d5SvD^O0eh2<l{T!4ICf;eIe=8J>q8D&o$D
z2ojPc@Q(HK;#c-%L-!bCYUNhfwsWZ5#H^k{N^)E8a4JT)G4p8B2paNcenq3M*h+M<
z7CWjw4+?WY*@$I~5@w|YQkjg%1xO8nC9drwS69;e>|0#!tO{C`WTrR-^q~o!QuMrj
zYZqZAt1Rn?C0j{7bBe;n=T*s!=Skw~mP2lZ%^<Yp{Z~mzsYVoX-T{(h)gIkQT8N)^
z(SI%SxXEjV(hr|JgU5Q6*apxzuR4t+OWT6dY%6^Fg(iN0-95mmsYj-F(&prw7b>t%
zb&4$#{hzq3CT`I}WEc^_t>nqE*ZURQhvqZb!!HlId>64v>`u%moNC#Sy8q)hd*O#I
z@AC6Ve1Tc59h;85T+g$gd~Ie{l;GO8iD>d-DGB>{-NxQFe<<6i=H$?<$<=LzUaqCA
zc6SOdl$TiIZc9x%fuS;95myaYe+5-bl=lG5n3Dtx&)3Qro-PJXxCoDwqE<~s!d3P*
z8m7Nz3%#ph>r!(bEL$grqYHG8SV$REZmG|k<1_3?nXb?muPa*U`UQFC_1hPjJO&9g
z=`aUUZ5{L;P*rA$V6S9V)BpvY#5JNQlZ)SCu2h_W1%GX*%+A8=m7-gQWer~8jo^8W
zuNIf^4$)g1O6%_Drq%4~6v^OgPsvzU@L5^H{)x<HZhelIh)j{912xy{g`9o$@@MF*
zyOHA6+Dlf+>WS;0ySuSU$DA7@Z^BS=Z&R}#v$!OKCp3jM;=2oO?Jn|^wq1&6S0k0b
z8tzq)cd5Bq$Yu-7A{S&8@!qEEQy(WT;CL(v6P4V+`$fGaiW@3EA#G$gvV3ELHzL-L
zS<<&(TGA<6I}iVOMVbBfaAUi8lTvgrmjiST&y0Oxk#CT%6m0x~_m=H5St=6NbFbtH
z*YTx#e0!!uR^Ggm{WLr;Wg1Mmdp&`Kc-TR$!^8h#$AhfM^SamxTGvIWW7Kcp1lnG{
zB5K4sz-5*9Iz%B%uj!;wB{k#%H&BdQ^tBHZ)E-I=OtI)RF|5ZCtyBgNo06i)F1En(
z6Bn?eot1BRFHDr7s5K_;T@jTa0LGG%b}!eTI>qEFJUlPF@?vwtC-JNgBMyfxu1q^}
zPORyn&=U!qh9(i{Edil=?o-Y3*g=UmxY-YnGnSq%h8C{Btna&ec{e8d34(*qU-%SD
zxGjgUDC^+3Qg?t-h)0|ru21d}UsekamsekHdBk4$&LPT*{T_MyKr>6SB=FU3zyfa=
z$OMoWD7=?Z+C755vO2zF+lp)2%U-GbEO|prosje(T>1)Smzpqvn%Cm~+xskJCxKBV
zr~UKw!?#Wfpl=%hG<jFHb&9tYdETOPj0#`7M1E2gFJh*4<!6=4#ZzUB;F(t~=Fu&<
z{Hk`AP?=CX?iq1E%Gi)k(n(xBS<II1p+R6^4$ZbOGebN^4?sy0{N*bQuAuWU06*mt
z>>b)VE9}{df;xa4pgEOyf~^``ty;U?0{kyK?W(do%u(WAnEmkcM-SwNp;ncKBj&#V
DQ5yUX