Archive

"unable to open file" on a folder

Engager

I just installed Splunk, and am trying to use it to open a folder full of log files, which I put in C:\Data\test\

Then I went in the web interface in "Data inputs » Files & directories » Add new", and as "source" put "C:\Data\test", but I get an error "Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='c:\Data\test' error='Accès refusé.'"

It does however work if instead of a directory I put a specific .log file.

Is what I'm trying to do sensible? (I'm new to Splunk, and am mostly trying to see which info I can get out of my logs).

Some extra information:

  • C: is not a network drive
  • I gave all users read and write access to those files
  • no other program is reading files in that directory
  • I'm using Windows 7 in French

It seems to me I'm trying to do something simple, so I must be doing it wrong. What (if any" is the "standard" way of analyzing a folder full of logs?

(I saw a similar issue here, including quite a few comments complaining, but the proposed solutions don't seem to apply to me.)

0 Karma
1 Solution

Motivator

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

View solution in original post

Motivator

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

View solution in original post

Engager

OK, that must be it, it works now.

I had previously also tried monitoring instead of one-shotting, but it had failed with the same error message, but that may have been before I gave full rights to that folder (in my mind it made more sense to one-shot because I didn't expect that folder to change...)

Thanks!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!