you can monitor shared folders/Directories same as local ones. The stanza in inputs.conf will be like this:
disabled = false
recursive = (true|false)
sourcetype = s_type
index = someindex
make sure you have the read access to the file share.
Thank you very much for the respond and the solution. I would like have one more clarification on this. With which account I should have read access to file share from the receiver server? I know I will be only permitted to access file share with a domain service account (for example xyzglobal\svc-splunkab). If so, where should I mention that account details at receiver server?
Well, it is the account your Splunk instance is running as. While installing Splunk forwarder/instance it asks whether you want to install it as a domain account or local account. Here you should give the xyzglobal\svc-splunkab account. Unfortunately, it will not work with this method if you have installed Splunk with local system account.
However, you can install a universal forwarder on any domain joined machine with this service account and start monitoring this directory.
Yes, my installation is running on a local account. So, as you mentioned I need to install the universal forwarder in another machine in the domain and collect the logs from the file share. I have checked in the istallation of universal forwarder and the use of domain account is available as an option. However, I did not get how and where to mention the file share link/path in the universal forwarder while installing it. Should I mention it in the input.config file as you mentioned in your first response? Please suggest. Thank you once again.
Yes, install it as any normal Universal Forwarder installation except the account name should be the domain account (svc_splunk). It is preferable to install the Universal Forwarder on a Windows machine if your shared directory to monitor is on a Windows Server.
Once the Forwarder is successfully installed open the System\Local folder and edit inputs.conf and paste the following stanza. Replace the parameter values with your desired ones. Restart Splunk and it should start indexing the data in the files.
[monitor://\\xyzglobal.local\Apps\Agent\Dev\logs\Dev\*] disabled = false recursive = true sourcetype = s_type index = someindex
Thank you very much for your suggestion and information. I will give a try as soon as I can arrange an windows server to install the UF and share the result.