I have installed the File/Directory Information Input add-on to a Windows endpoint to test monitoring certain files. The Windows host has Python 2.x installed and I am having Splunk monitor a "test.txt" file under C:\Program Files\SplunkUniversalForwarder - so we theoretically shouldn't have any permission issues - please correct me if I am wrong.
The only change to the add-on was creating a local directory with a inputs.conf file:
[file_meta_data://default] file_path = C:\Program Files\SplunkUniversalForwarder interval = 1m recurse = 1 only_if_changed = 1 include_file_hash = 0 file_hash_limit = 500MB file_filter= test index = main
I am seeing no logs, whats also interesting is that I am not seeing the file_meta_data_modular_input.log file either.