Solved: How to set up log file monitoring on a Windows uni...

mkaplan1979 · ‎06-16-2015

I'm trying to set up .log file monitoring so splunk would pull the context of the .log files in to the indexer and nothing i try seems to work.....
Can someone please help? I'm a newbie at this whole splunk thing

MuS · ‎06-16-2015

Hi mkaplan1979,

you're using *nix path name convention on a Windows machine. Your input should like this:

[monitor://D:\logfiles\log123.log]

maybe something like this:

[monitor://C:\pos\TKAgent\Location Agents\log\]

Hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎06-16-2015

Hi mkaplan1979,

you're using *nix path name convention on a Windows machine. Your input should like this:

[monitor://D:\logfiles\log123.log]

maybe something like this:

[monitor://C:\pos\TKAgent\Location Agents\log\]

Hope this helps ...

cheers, MuS

mkaplan1979 · ‎06-17-2015

thank you MuS it worked!

mkaplan1979 · ‎06-16-2015

this is inputs.conf on the forwarder

[default]
host = MPK005-Server

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0

[monitor://pos/log/]
disabled = false
sourcetype = syslog
index = pos

[monitor://pos/TKAgent/Location Agents/log/]
disabled = false
sourcetype = syslog
index = pos

mkaplan1979 · ‎06-16-2015

UF is on windows as well. I'll post what I've tried in a minute

mkaplan1979 · ‎06-16-2015

BTW I'm running splunk enterprise on windows and using universal forwarder on the client

richgalloway · ‎06-16-2015

What have you tried so far? Is the UF client Linux or Windows?

---
If this reply helps you, Karma would be appreciated.

How to set up log file monitoring on a Windows universal forwarder?

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk