I just installed Splunk 4.1 (configured to run on system accounts) and the first thing i did was add an input monitor of the file/directory type. i used a UNC path over the admin share to get to IIS logs on a remote server. \server\c$\windows\system32\logfiles\w3svc1 set the host to constant value, gave it a host value, left the sourcetype as automatic and put it in the Main indexer. after configuring this the "local system" part clicked and i made the domain computer account an admin on the remote system (just to get this going to get a feel for it) and let it sit for a bit. Its been sitting for a while now and in the data inputs the 'number of files' is blank and the indexer for main is still empty. what am i missing and how do i diagnose it? Thanks
Windows Local System accounts can't access network shares. You will have to reconfigure Splunk to run as a network user who has access to the remote server. The easiest way to do this is to run the installer over again.