Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to monitor files from a shared drive on a splunk instance on cloud?

ASISH_9
Engager
‎02-15-2018 04:55 AM

We have our Splunk instance on cloud and to monitor each source type we have created a folder on a shared drive.
Each CSV file of a particular source type is extracted from a database and then from that folder, we are getting the data into Splunk.
Earlier I created that folder on my system and it was working fine and even with one drive it is working fine but with share drive, it is unable to recognize the path.
We have provided that necessary path and index in input and output.conf.

Please help.

0 Karma
Reply

HiroshiSatoh
Champion
‎02-19-2018 12:15 AM

Please check "Supported file systems". I think that it is good to transfer by inserting UF.

http://docs.splunk.com/Documentation/Splunk/7.0.2/Installation/Systemrequirements

0 Karma
Reply

micahkemp
Champion
‎02-15-2018 07:11 AM

Does the splunk user have permission to read from the shared drive?

0 Karma
Reply

ASISH_9
Engager
‎02-15-2018 09:09 PM

Yes we have permission

0 Karma
Reply

jangid
Builder
‎02-16-2018 01:57 AM

write a small python script and run this script using Splunk script stanza and check whether this script is able to get the contents from shared folder

0 Karma
Reply

ASISH_9
Engager
‎02-18-2018 09:36 PM

Hello jangrid,

Actually i am a dot net programmer with no knowledge on python language.
Please provide a sample (python program) of the requirement

Thanks in advance

0 Karma
Reply

jangid
Builder
‎02-19-2018 01:17 AM

Hi @ASISH_9 you can use dot net program as well if your Splunk main instance installed on Windows machine.

0 Karma
Reply

493669
Super Champion
‎02-15-2018 05:02 AM

can you provide your sample inputs.conf

0 Karma
Reply

ASISH_9
Engager
‎02-16-2018 02:37 AM

Please find the working and not working stanzas of input.conf file as below and give your inputs

[monitor://C:\OneDrive - Accenture\Extracted Delta Files\TimesheetMaster\Timesheet*] ---[Working]

disabled = 0
index = slb_index
sourcetype=TimesheetMaster_03102016_2.csv

[monitor://Z:\TimeTracker_SharePoint\TimesheetMaster\Timesheet*] -------------[not working]
disabled = 0
index = slb_index
sourcetype=TimesheetMaster_03102016_2.csv

[monitor://\10.194.186.53\SLB-ADM_Applications$\TimeTracker_SharePoint\TimesheetMaster\Timesheet*] ---[not working as well]
disabled = 0
index = slb_index
sourcetype=TimesheetMaster_03102016_2.csv

Thanks in Advance

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...