Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to monitor a CSV files which is placed in a NFS file share?

Hemnaath
Motivator
‎01-20-2022 08:05 AM

Hi All,

We have request from end user for monitoring a CSV files which are placed in the file share folder and there is no splunk agent running in the file share machine.

Example :  Server01  is the actual application which is generating a report and Server02 is the file share machine where the reports are stored and shared with the user. 

\\fileshare\power\Powerfile\TO\IAM\Export Files\OSBD - Terminated Users List.csv  --  Location of the file to be monitored in splunk.  

Above mentioned path has required permission to access the file from the share drive

In Server01 we have splunk UF agent running and inputs.conf configured for monitoring the log files present in the server.  

Question:

 Can we use the same app which is present in the server01 to monitor the file present in the server02 as it has the required permission to access the file from that server.

Stanza in inputs.conf: 

[monitor://\fileshare\power\Powerfile\TO\IAM\Export Files\OSBD - Terminated Users List.csv]
sourcetype = powerfile:power:osbd_terminateduser
index = indexname
disabled = 0
ignoreOlderThan = 14d

kindly guide me how to get this share folder to be monitored in splunk.

Labels (4)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-14-2022 08:49 AM

Firstly, it doesn't seem like NFS, more like CIFS.

Anyway.

With NFS you mount the remote filesystem in a directory and just monitor your source files like you would normally do with local file using full path with mounted directory.

With CIFS you can simpy call the file by its UNC path. Just remember that the user the splunk UF runs with has to have proper access to the file (which usually means that you'd not be running the UF as Local System.

0 Karma
Reply

Hemnaath
Motivator
‎01-20-2022 09:32 PM

Any update on this post will help us to solve the problem. 

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...