Getting Data In

Logs from remote host

andrey2007
Contributor

I have access to shared folder in my network. I want to get logs for Splunk from this folder. How can i make it? May i add this folder in Manager » Data inputs » Files & directories or i need forwarder.

Tags (2)

treinke
SplunkTrust
SplunkTrust

If it is Windows to Windows, I believe you can use UNC paths. In the manager, go to Data inputs, Files & directories, New. In the "Full path to your data", enter the full path to the files/folder.

\\machine.domain.com\path\to\your\files\

*sorry, all my Splunk servers are Linux

There are no answer without questions

gkanapathy
Splunk Employee
Splunk Employee

correct, the Splunk service would have to run as a network/domain user with access to the UNC path. Otherwise, you would run a local forwarder on the source machine.

0 Karma

mikelanghorst
Motivator

I'm in the same boat, use very little windows so far. Splunk would need to run as a Domain user, not Local System for this to work.

andrey2007
Contributor

Windows machines, i use login and pasword for access to shared folder

0 Karma

treinke
SplunkTrust
SplunkTrust

Are these Windows or *nix machines?

There are no answer without questions
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!