We have request from end user for monitoring a CSV files which are placed in the file share folder and there is no splunk agent running in the file share machine.
Example : Server01 is the actual application which is generating a report and Server02 is the file share machine where the reports are stored and shared with the user.
\\fileshare\power\Powerfile\TO\IAM\Export Files\OSBD - Terminated Users List.csv -- Location of the file to be monitored in splunk.
Above mentioned path has required permission to access the file from the share drive
In Server01 we have splunk UF agent running and inputs.conf configured for monitoring the log files present in the server.
Can we use the same app which is present in the server01 to monitor the file present in the server02 as it has the required permission to access the file from that server.
Stanza in inputs.conf:
[monitor://\fileshare\power\Powerfile\TO\IAM\Export Files\OSBD - Terminated Users List.csv] sourcetype = powerfile:power:osbd_terminateduser index = indexname disabled = 0 ignoreOlderThan = 14d
kindly guide me how to get this share folder to be monitored in splunk.
Firstly, it doesn't seem like NFS, more like CIFS.
With NFS you mount the remote filesystem in a directory and just monitor your source files like you would normally do with local file using full path with mounted directory.
With CIFS you can simpy call the file by its UNC path. Just remember that the user the splunk UF runs with has to have proper access to the file (which usually means that you'd not be running the UF as Local System.