Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Data not incoming

BoldKnowsNothin
Path Finder
‎09-24-2023 02:09 AM

My dear comrades,

I'm facing something unreal. We just deployed application on the host that looks like [monitor://C:\Data\log\*].

Unfortunately we cannot see any entries on splunk.

But when I copied some files to another location on host and also we changed application to something like [monitor://C:\Program Files\Data\log\*]. It sends data. 

The folders permission etc are all same. Our application is hard coded so we cannot change the path just like this test.

Any help will be much appreciated

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎09-24-2023 08:18 PM

@BoldKnowsNothin - Please check to see if you have any errors/warnings from that host as suggested by @SanjayReddy .

Also, check if Splunk service is run by a local user or System user on Windows and check if that user running Splunk service has permission to read logs from that folder.

 

I hope this helps!!!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Zane
Explorer
‎09-25-2023 07:16 PM

I guess you don't have permission of root directory of C drive, because it's worked when you place file into "C:\Program Files",  just check if you can create the new file (instead of folder) in roo directory of C drive. I guess you should only have permission to create folders now.

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎09-24-2023 08:18 PM

@BoldKnowsNothin - Please check to see if you have any errors/warnings from that host as suggested by @SanjayReddy .

Also, check if Splunk service is run by a local user or System user on Windows and check if that user running Splunk service has permission to read logs from that folder.

 

I hope this helps!!!

0 Karma
Reply
Solved! Jump to solution

SanjayReddy
SplunkTrust
SplunkTrust
‎09-24-2023 04:37 AM

Hi @BoldKnowsNothin 

Did you see any warning/error messages in splunkd.log for file you intially monitored. 
log messages in splunkd.log will help to troubleshoot furthur

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...