All Apps and Add-ons

Monitoring a Remote Directory for Changes WITHOUT Ingesting files into Splunk?

rosenma
New Member

HI All,

Long story short - I'm looking to monitor a remote directory for changes/new files/changes to files and send this information to Splunk. To re-emphasize, due to the nature of these files, I do NOT want to ingest the files themselves into Splunk. Metadata like, size, paths, owners, changes, etc. is what I am looking for.

I have discovered and set up Luke Murphey's "File/Directory Input" App - https://splunkbase.splunk.com/app/2776

However - After configuration, I'm not seeing anything come into Splunk...

M example path within this app on my Splunk Server (say 10.10.10.10) is set to something like this for my remote server directory:

10.10.10.20:/directory/to/watch/

Is this app capable of doing that remotely?

Should this path be something like user@ip:/path/to/folder ? Wouldn't I need ssh keys of sorts to do this?

 

If this app isn't the solution...

Is a Universal Forwarder able to be configured to do this monitoring and forward metadata without forwarding the files themselves?

 

Thanks in advance for any help.

Labels (3)
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...