Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

FilesystemChangeWatcher : The device is not ready

troywollenslege
Path Finder
‎12-21-2012 11:41 AM

We are trying to monitor a lot of systems that have various configurations of drives, (C:disk 😧 cdrom, c:disk d: disk e: disk f: cdrom, etc). The issue we are seeing is that with the below inputs.conf we are getting millions of "device not ready" messages in _internal index when splunk tries to look at the CDrom drive. Is there any way to force splunk not to check the CD drive If we don't know what drive the CD is? (I can't change the drive letter of the CDrom, and I can't change what drive the data is on).. so somtiems d: is a hard drive, sometimes 😧 is a CDrom (and we get the errors). This is a problem with both monitor & batch.

Thoughts?

error:

12-21-2012 18:06:25.979 +0100 WARN FilesystemChangeWatcher - error getting attributes of path "d:\splunk_logs\application": The device is not ready.

inputs.conf:

[batch://d:\splunk_logs\applicaton\*.txt|*.csv]
move_policy = sinkhole
disabled = false
[batch://e:\splunk_logs\application\*.txt|*.csv]
move_policy = sinkhole
disabled = false
Tags (1)
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...