All Apps and Add-ons

UF not monitoring the directory

jibin1988
Path Finder

UF is not reading dhcp logs :

internal logs :
11-12-2019 11:34:13.775 +0300 INFO TailingProcessor - Adding watch on path: G:\dhcp\logs.

No ERROR logs or WARN logs

inputs.conf

[monitor://G:\dhcp\logs]
disabled = false
whitelist = Dhcp*
crcSalt =
initCrcLength = 2000
alwaysOpenFile = 1
sourcetype = DhcpLog
index = windows_it

0 Karma

codebuilder
SplunkTrust
SplunkTrust

Your whitelist parameter is not recursive. Therefore, if your logs reside in a sub-directory, they will not be picked up.
Also, if you your logs do not have a file extension, Splunk will see them as binary and exclude them by default.

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf
Note concerning wildcards and monitor:
* You can use wildcards to specify your input path for monitored inputs. Use
"..." for recursive directory matching and "*" for wildcard matching in a
single directory segment.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

gcusello
Esteemed Legend

Hi @jibin1988,
what's the user od splunkforwarder process, SYSTEM_LOCAL?
Ithink that the crcSalt row is crcSalt = <SOURCE> but there's a visualizaziont problem (please use the Code Sample button), is it correct?

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...