Monitor Windows DHCP log file

atifshaukat · ‎02-25-2011

I have setup input to index DHCP log files from remote server but unable to see any data being collected or collectors appearing on main page.

Under manage\Datainputs i have done following settings set source is Monitor a File or Directory Path to the server is something like this \servername\d$\abc.log

ftk · ‎02-25-2011

What account are you running splunk as? Local System or a domain account? Since you are attempting to access an admin share (\servername\d$) the account splunk runs under has to be an admin on the remote server. You may be better off creating a share on your remote server and granting read access to the Splunk service account, or install a splunk regular or light forwarder on the remote server to forward the logs to your indexer.

ftk · ‎02-25-2011

Local admin or a domain account?

atifshaukat · ‎02-25-2011

splunk service is running as admin account and have full access to server so it is definitely no permission issue.

Monitor Windows DHCP log file

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation

Monitor Windows DHCP log file

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A