Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

File/Directory Information Input not working

logtastic
Explorer
‎02-17-2021 10:39 AM

Hello,

I have installed the File/Directory Information Input add-on to a Windows endpoint to test monitoring certain files. The Windows host has Python 2.x installed and I am having Splunk monitor a "test.txt" file under C:\Program Files\SplunkUniversalForwarder - so we theoretically shouldn't have any permission issues - please correct me if I am wrong.

The only change to the add-on was creating a local directory with a inputs.conf file:

[file_meta_data://default]
file_path = C:\Program Files\SplunkUniversalForwarder
interval = 1m
recurse = 1
only_if_changed = 1
include_file_hash = 0
file_hash_limit = 500MB
file_filter= test
index = main

I am seeing no logs, whats also interesting is that I am not seeing the file_meta_data_modular_input.log file either.

Where am I going wrong? 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-18-2021 06:08 AM

Did you restart the forwarder after installing the app and modifying the inputs.conf file?

Do you see the forwarder's internal logs (splunkd.log, etc.)?

When you see no logs, how exactly are you trying to find them?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

logtastic
Explorer
‎02-18-2021 06:13 AM

Did you restart the forwarder after installing the app and modifying the inputs.conf file?

-Yes

Do you see the forwarder's internal logs (splunkd.log, etc.)?

-Yes

When you see no logs, how exactly are you trying to find them?

-On the UF directly: C:\Program Files\SplunkUniversalForwarder\var\log\splunk

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...