Getting Data In

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

steveo69
Explorer

Using the Universal Forwarder I need to monitor a folder, so I am editing the inputs.conf file.

However, in Windows XP / Windows 2003 the folder is located in :

C:\Documents and Settings\All Users

In Windows 7 and later it is located in C:\ProgramData

I have tried to use the Windows environment variable %AllUsersProfile% but in the splunkd log filer I get an error:

TailingProcessor - Parsing configuration stanza: monitor://%allusersprofile%\Application Data\myfolder.
TailingProcessor - Input stanza path, '%allusersprofile%\Application Data\myfolder\' is not absolute. This is a configuration error and may not work / break things. Change this path to an absolute path.

So how can I use an environment variable or change the config so that it works on bother older and newer Windows OS?

Thanks

1 Solution

strive
Influencer

Good to know that it worked. Dont forget to cast your vote 🙂

0 Karma

steveo69
Explorer

Thanks for the link strive - thats exactly what I needed.

One thing which fooled me - not being a programmer of any type or background - was that the environment variable I wanted to use I understood to be %variable% - however in the conf file it seems you need to use the format $variable

0 Karma

steveo69
Explorer

The forum has removed all the back slashes from my post....

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...