- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Log files on Remote Windows Workstation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have been racking my brains and have searched the internet over multiple time and can't find a resolution to this issue. I have Splunk running on a Windows 2K3 server and want to monitor 4 directories on a remote Window 2K machine. The W2K machine is NOT part of our Active Directory. I haven't been able to find a username/password in Splunk to specify for the monitor. I have tried a UNC and a mapped drive (S:). Neither seem to work. What is the trick for monitoring log files on a remote windows machine?
[monitor://\172.17.1.5\System3\system341] disabled = false followTail = 0 host = ogdsystem3P whitelist = .log$
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The best way to do this is to install the SplunkLightForwarder and monitor the files locally and then send them to a remote Splunk server.
Enable Forwarding: http://www.splunk.com/base/Documentation/latest/Admin/Enableforwardingandreceiving
Monitoring files and directories using the CLI: http://www.splunk.com/base/Documentation/latest/Admin/MonitorfilesanddirectoriesusingtheCLI
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is this resolved? if so, how?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The best way to do this is to install the SplunkLightForwarder and monitor the files locally and then send them to a remote Splunk server.
Enable Forwarding: http://www.splunk.com/base/Documentation/latest/Admin/Enableforwardingandreceiving
Monitoring files and directories using the CLI: http://www.splunk.com/base/Documentation/latest/Admin/MonitorfilesanddirectoriesusingtheCLI
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found that the splunkd service was running as a local system account and not a domain user. Once I changed the service run as user to a domain account, Splunk was able to pull all the servers.
Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...
Splunk Classroom Chronicles: Training Tales and Testimonials
Access Tokens Page - New & Improved
