Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Accessing restricted Windows share

timrich66
Communicator
‎11-10-2021 08:56 AM

Hello all,

I'm not sure what I have been asked to do is achievable.  I'm hoping that someone can advise.

We have a Windows 2003 server that cannot have a UF installed as it is not compatible with our current environment (8.1.6).  Anyway, that aside, I have managed to ingest data using 'open' shares from a UF on a Windows 2016 server to the 2003 server.

I now have a request to ingest data from a restricted share on the 2003 server.  I have tried setting up a share from the 2016 server to the 2003 server, but this does not work.  I guess because the UF is not using the same account as the share has been set up under?

Can anyone tell me how I can create a share for the Splunk UF to use?

Thanks

Labels (4)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-18-2021 02:08 AM

In general, there is no problem with installing Splunk UF on one server, let's call it Server1 and read files from a share from another server (Server2).

You simply create monitor inputs and read files from a given UNC path like \\Server2\share\path\filename.log

There is one caveat though. Splunk UF on Server1 has to have access to the share of course. With your typical AD-based infrastructure you'd set up the UF to run with a managed service account (not Local System, as it is installed by default) and grant this account access to the \\Server2\share

 

0 Karma
Reply

timrich66
Communicator
‎11-18-2021 02:44 AM

Thanks @PickleRick , I will talk with our infra team and admins to get the UF set up to use an AD account.

I'll reply to let you know the result.

0 Karma
Reply

timrich66
Communicator
‎11-18-2021 01:01 AM

Hi clever people,

Does anyone have any suggestions?

Thanks

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...