Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I Monitor a UNC path?

seanlon11
Path Finder
‎07-13-2010 03:58 PM

From server1, I have access to the desired UNC path, and this same user is running splunk, so I know access is not an issue.

\etc\apps\search\local\inputs.conf

[monitor://\\SANCIFS_TDC_NETAPP01A.SAN.MyCompany.Com\CIFS_COGNOS$\Test\Logs]
disabled = false
host = sancifs_test
index = default
sourcetype = motio_test

I have tried many different permutations of the forward and back slash for my monitor stanza, but nothing has worked so far.

What am I doing wrong?

Thanks, Sean

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

seanlon11
Path Finder
‎07-13-2010 09:46 PM

dang, that is going to make me mad. I set the Service to run as a different user, and it now works. (figuring out the syntax of how to get Windows to recognize the user was quite a chore)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

seanlon11
Path Finder
‎07-13-2010 09:46 PM

dang, that is going to make me mad. I set the Service to run as a different user, and it now works. (figuring out the syntax of how to get Windows to recognize the user was quite a chore)

0 Karma
Reply
Solved! Jump to solution

Paolo_Prigione
Builder
‎07-13-2010 07:59 PM

Is the indexer (or forwarder) a linux or window box?
If windows, might it be that the "local system account" under which splunk runs by default has no access to that folder?
Uhm, is that a dollar sign after COGNOS? Is it supported in paths?

0 Karma
Reply
Solved! Jump to solution

seanlon11
Path Finder
‎07-13-2010 07:23 PM

1) Yes, I have restarted Splunk after updating the inputs.conf

2) Splunk 4.1.1 (build 78281)

3) 14 files

0 Karma
Reply
Solved! Jump to solution

Genti
Splunk Employee
Splunk Employee
‎07-13-2010 05:48 PM

few standard questions: 1- Have you restarted splunk after changing the config file? 2 - what version of splunk are you using? how many files are in the Logs directory?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...