Solved: How to configure universal forwarder or use enviro...

steveo69 · ‎07-29-2014

Using the Universal Forwarder I need to monitor a folder, so I am editing the inputs.conf file.

However, in Windows XP / Windows 2003 the folder is located in :

C:\Documents and Settings\All Users

In Windows 7 and later it is located in C:\ProgramData

I have tried to use the Windows environment variable %AllUsersProfile% but in the splunkd log filer I get an error:

TailingProcessor - Parsing configuration stanza: monitor://%allusersprofile%\Application Data\myfolder.
TailingProcessor - Input stanza path, '%allusersprofile%\Application Data\myfolder\' is not absolute. This is a configuration error and may not work / break things. Change this path to an absolute path.

So how can I use an environment variable or change the config so that it works on bother older and newer Windows OS?

Thanks

strive · ‎07-29-2014

See this

http://answers.splunk.com/answers/2583/monitor-doesnt-work-with-env-variable-in-inputsconf

View solution in original post

strive · ‎07-29-2014

See this

http://answers.splunk.com/answers/2583/monitor-doesnt-work-with-env-variable-in-inputsconf

strive · ‎07-29-2014

Good to know that it worked. Dont forget to cast your vote 🙂

steveo69 · ‎07-29-2014

Thanks for the link strive - thats exactly what I needed.

One thing which fooled me - not being a programmer of any type or background - was that the environment variable I wanted to use I understood to be %variable% - however in the conf file it seems you need to use the format $variable

steveo69 · ‎07-29-2014

The forum has removed all the back slashes from my post....

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?