All Apps and Add-ons

UF not monitoring the directory

jibin1988
Path Finder

UF is not reading dhcp logs :

internal logs :
11-12-2019 11:34:13.775 +0300 INFO TailingProcessor - Adding watch on path: G:\dhcp\logs.

No ERROR logs or WARN logs

inputs.conf

[monitor://G:\dhcp\logs]
disabled = false
whitelist = Dhcp*
crcSalt =
initCrcLength = 2000
alwaysOpenFile = 1
sourcetype = DhcpLog
index = windows_it

0 Karma

codebuilder
Motivator

Your whitelist parameter is not recursive. Therefore, if your logs reside in a sub-directory, they will not be picked up.
Also, if you your logs do not have a file extension, Splunk will see them as binary and exclude them by default.

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf
Note concerning wildcards and monitor:
* You can use wildcards to specify your input path for monitored inputs. Use
"..." for recursive directory matching and "*" for wildcard matching in a
single directory segment.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @jibin1988,
what's the user od splunkforwarder process, SYSTEM_LOCAL?
Ithink that the crcSalt row is crcSalt = <SOURCE> but there's a visualizaziont problem (please use the Code Sample button), is it correct?

Ciao.
Giuseppe

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!