Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

"unable to open file" on a folder

EmileKroeger
Engager
‎06-24-2014 04:47 AM

I just installed Splunk, and am trying to use it to open a folder full of log files, which I put in C:\Data\test\

Then I went in the web interface in "Data inputs » Files & directories » Add new", and as "source" put "C:\Data\test", but I get an error "Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='c:\Data\test' error='Accès refusé.'"

It does however work if instead of a directory I put a specific .log file.

Is what I'm trying to do sensible? (I'm new to Splunk, and am mostly trying to see which info I can get out of my logs).

Some extra information:

  • C: is not a network drive
  • I gave all users read and write access to those files
  • no other program is reading files in that directory
  • I'm using Windows 7 in French

It seems to me I'm trying to do something simple, so I must be doing it wrong. What (if any" is the "standard" way of analyzing a folder full of logs?

(I saw a similar issue here, including quite a few comments complaining, but the proposed solutions don't seem to apply to me.)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

grijhwani
Motivator
‎06-24-2014 04:50 AM

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

View solution in original post

Reply
Solved! Jump to solution
Solution

grijhwani
Motivator
‎06-24-2014 04:50 AM

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

Reply
Solved! Jump to solution

EmileKroeger
Engager
‎06-24-2014 05:57 AM

OK, that must be it, it works now.

I had previously also tried monitoring instead of one-shotting, but it had failed with the same error message, but that may have been before I gave full rights to that folder (in my mind it made more sense to one-shot because I didn't expect that folder to change...)

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...