Getting Data In

Problem with network logs

Bliide
Path Finder

I setup a data input from a network source. They are IIS logs and they reside on a networked drive. I setup the input to continuously monitor the directory. Splunk is not indexing the data. When I go into the splunkd log I see the following:

WARN FilesystemChangeWatcher - error reading directory "\\Server\inetpub\logs\LogFiles\W3SVC4": The operation completed successfully.

Any ideas on what I have done wrong or what other steps I need to take to get the data to index? Do I need to add entries into local .conf files? When I was building the dashboards I moved some of the log files locally to the splunk system and indexed them, the logs indexed with no issues. Any advice is welcomed.

Tags (3)
0 Karma

lguinn2
Legend

Does the account that is running Splunk have the domain-level access that is necessary to read directories on a network drive?

lguinn2
Legend

That is good - but what user are you signed in as? What user credentials does the Splunk service use?

0 Karma

Bliide
Path Finder

I can view the logs across the network while remoted into the system with the Splunk installation.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...