HI, I have a Win10 64bit environment with Splunk Enterprise instance and UF instance.
I tried to send data using the File Metadata app to send data from UF (local) to Splunk Ent (local) to test the app with forwarder.
I copied the decompressed folder into SplunkUniversalForwarder/etc/apps and set output and input. I restarted the service but i didn't received data on the main index.
The input.conf configuration file look like this:
[file_meta_data://Test] depth_limit=0 file_hash_limit=500MB file_path=C:\mypath\DaMonitorare include_file_hash=0 index=main interval=2m only_if_changed=0 recurse=1 disabled=0
The UF works fine using a simple folder monitoring configuration like
[monitor://C:\mypath\tosplunk] disabled = false index = main
I have Python 2.7.1 installed on my machine (and also python 3).
Can you help me?
Do you have a guide to install and configure on UF on Windows environment step by step or some suggestions?
Thank you for your answer,
but I installed Python 2.7.15 (installation folder "C:\Python27") and configured the "path" environment variable (C:\Python\python).
I tried with 64 and 32 bit python version, but in both cases I had the same error on UF splunkd log file:
"09-18-2019 10:47:10.099 +0200 ERROR ModularInputs - Introspecting scheme=filemetadata: Unable to run "python "C:\Program Files\SplunkUniversalForwarder\etc\apps\filemetadata\bin\filemetadata.py" --scheme": child failed to start: The system cannot find the file specified.
09-18-2019 10:47:10.356 +0200 WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts
09-18-2019 10:47:10.356 +0200 ERROR ModularInputs - Unable to initialize modular input "filemetadata" defined in the app "filemetadata": Introspecting scheme=filemetadata: Unable to run "python "C:\Program Files\SplunkUniversalForwarder\etc\apps\filemetadata\bin\filemetadata.py" --scheme": child failed to start: The system cannot find the file specified.."
Do you have some suggestions?
but i need to use a Universal Forwarder for many reasons.
I'm testing the app locally, so it could be an environment issue (I also have a Splunk Enterprise instance to develop dashboard and apps on my machine).
However I tried on other windows machine (Win10 64bit + python 2.7.15 installed) with the same error.
Have you ever installed and tested the app with UF on a windows 10 OS? (or on nix environment)
I have tested it and I know other people are using it with a UF. I also have unit tests which verify that the functionality works with non-Splunk Python. I checked and re-ran them today and they passed.
so it should be my environment, I will try again.
In any cases, the steps to follow are:
1) Install and configure UF to send data to an Indexer
2) Install Python 2.7.15 (on c:\Python27)
3) Unzip the app into SplunkUniversalForwarder\etc\apps\
4) Add configuration into input.conf file (I used the input.conf in the UF search app folder)
5) Restart the UF
Is it correct?
Thanks a lot