Hi, I have a dev windows 10 64bit environment with Splunk Enterprise and a Universal Forwarder and I'm trying to use File Metadata App to send data from UF to Splunk Ent locally (I'm testing the app).

I copied the app folder into the UF etc/apps folder, added an input configuration like the following and restarted but I'm not receiving data on my splunk enterprise endpoint:

"[file_meta_data://Test]
depth_limit=0
file_hash_limit=500MB
file_path=
include_file_hash=0
index=main
interval=2m
only_if_changed=0
recurse=1
disabled=0"

However I'm sure the UF work fine, because if i set a simple monitoring configuration (a folder with a csv file) using the following configuration I recieve data from UF on main index.

"[monitor://C:\Desktop\tosplunk]
disabled = false
index = main"

I have Python 2.7.1 installed on the machine (and also Python 3).

I tried more time, restarting, changing configuration and more, but it does nothing.

Can you help me?

Do you have a guide to install and configure step by step the app on a Universal Forwarder (for windows environment) or some suggestions?

Thanks a lot.

Giorgio