All Apps and Add-ons

UF not monitoring the directory

jibin1988
Path Finder

UF is not reading dhcp logs :

internal logs :
11-12-2019 11:34:13.775 +0300 INFO TailingProcessor - Adding watch on path: G:\dhcp\logs.

No ERROR logs or WARN logs

inputs.conf

[monitor://G:\dhcp\logs]
disabled = false
whitelist = Dhcp*
crcSalt =
initCrcLength = 2000
alwaysOpenFile = 1
sourcetype = DhcpLog
index = windows_it

0 Karma

codebuilder
SplunkTrust
SplunkTrust

Your whitelist parameter is not recursive. Therefore, if your logs reside in a sub-directory, they will not be picked up.
Also, if you your logs do not have a file extension, Splunk will see them as binary and exclude them by default.

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf
Note concerning wildcards and monitor:
* You can use wildcards to specify your input path for monitored inputs. Use
"..." for recursive directory matching and "*" for wildcard matching in a
single directory segment.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

gcusello
Legend

Hi @jibin1988,
what's the user od splunkforwarder process, SYSTEM_LOCAL?
Ithink that the crcSalt row is crcSalt = <SOURCE> but there's a visualizaziont problem (please use the Code Sample button), is it correct?

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...