Words on configuring Splunk Enterprise for MacOS and by MacOS, and what I mean by that is machines, the server and all clients with client forwarders installed are ALL running Apple MacOS.
At the end of the day all I am doing now is deploying apps to the local forwarders, not relying on the Enterprise app to handle client scripts and inputs – will end up having JAMF handle local forwarder app management moving forward.
JAMF resources link has a great overview of Making Apple Push Notification Service Available On Your Network.
The Apple Push Notification Service (APNs) forwards notifications between MDM solutions to Apple iOS and OS X devices. The device makes an accredited and encrypted IP connection with the APNs, receiving notifications over this persistent connection via APNs. APNs is a critical part of configuring and securing mobile devices. If there are things that prevent the direct and persistent connection to and from APNs then the entire MDM management capabilities will be inoperative.
Remove the jamf binary, and any associated files, such as items in /Library/Application Support/ and LaunchAgents from a client computer. To be run as root