Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to configure universal forwarder or use enviro...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using the Universal Forwarder I need to monitor a folder, so I am editing the inputs.conf file.
However, in Windows XP / Windows 2003 the folder is located in :
C:\Documents and Settings\All Users
In Windows 7 and later it is located in C:\ProgramData
I have tried to use the Windows environment variable %AllUsersProfile% but in the splunkd log filer I get an error:
TailingProcessor - Parsing configuration stanza: monitor://%allusersprofile%\Application Data\myfolder.
TailingProcessor - Input stanza path, '%allusersprofile%\Application Data\myfolder\' is not absolute. This is a configuration error and may not work / break things. Change this path to an absolute path.
So how can I use an environment variable or change the config so that it works on bother older and newer Windows OS?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good to know that it worked. Dont forget to cast your vote 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the link strive - thats exactly what I needed.
One thing which fooled me - not being a programmer of any type or background - was that the environment variable I wanted to use I understood to be %variable% - however in the conf file it seems you need to use the format $variable
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The forum has removed all the back slashes from my post....
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
