All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Will the File/Directory Information Input add-on work on a universal forwarder?

a212830
Champion
‎10-29-2015 02:49 PM

Does the File/Directory app require a heavy forwarder? It appears to require python.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎10-29-2015 02:54 PM

It does require a heavy forwarder. However, version 1.1 is being designed to eliminate the need for Splunk's Python and will work with the system's Python. See http://lukemurphey.net/issues/1068.

Note that this would still require Python on the host's system.

View solution in original post

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎07-02-2019 08:33 AM

Don't forget about the fschange stanza available in basic splunk.
http://docs.splunk.com/Documentation/Splunk/6.3.0/admin/Inputsconf

Of course, I assume you already know this and need something more advanced, otherwise @LukeMurphey wouldn't have written his app.

0 Karma
Reply
Solved! Jump to solution

LukeMurphey
Champion
‎07-02-2019 08:33 AM

Part of the reason that this app exists is because fschange has been deprecated since 2012 (if I recall correctly). The input is going to be supported as long as Splunk 4.3 is supported; it might be removed then.

0 Karma
Reply
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎10-29-2015 02:54 PM

It does require a heavy forwarder. However, version 1.1 is being designed to eliminate the need for Splunk's Python and will work with the system's Python. See http://lukemurphey.net/issues/1068.

Note that this would still require Python on the host's system.

Reply
Solved! Jump to solution

worshamn
Contributor
‎09-14-2017 09:07 AM

Now that this is at Version 1.2, will it now work on a universal forwarder? I have tried unsuccessfully to install it on a UF, but just wanted to make sure that it should or should not work.

0 Karma
Reply
Solved! Jump to solution

LukeMurphey
Champion
‎09-22-2017 12:01 AM

As of version 1.3, it does support Universal Forwarder provided the host has Python available (Python 2.7 is recommended).

Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...