I'm not sure what I have been asked to do is achievable. I'm hoping that someone can advise.
We have a Windows 2003 server that cannot have a UF installed as it is not compatible with our current environment (8.1.6). Anyway, that aside, I have managed to ingest data using 'open' shares from a UF on a Windows 2016 server to the 2003 server.
I now have a request to ingest data from a restricted share on the 2003 server. I have tried setting up a share from the 2016 server to the 2003 server, but this does not work. I guess because the UF is not using the same account as the share has been set up under?
Can anyone tell me how I can create a share for the Splunk UF to use?
In general, there is no problem with installing Splunk UF on one server, let's call it Server1 and read files from a share from another server (Server2).
You simply create monitor inputs and read files from a given UNC path like \\Server2\share\path\filename.log
There is one caveat though. Splunk UF on Server1 has to have access to the share of course. With your typical AD-based infrastructure you'd set up the UF to run with a managed service account (not Local System, as it is installed by default) and grant this account access to the \\Server2\share