To monitor a Folder in Windows Server ?

chimbudp · ‎02-19-2013

I need to monitor the Assembly folder in Windows Server :
[monitor://C:\Windows\assembly]
index=Assembly_monitor

the above stanza forwards no data into Splunk indexer.

i have set the source type as assembly and modified as below inputs.conf:

[monitor://C:\Windows\assembly]
index=Assembly_monitor
sourcetype=Assembly

& also edited props.conf as :

[Assembly]
NO_BINARY_CHECK = true

-- Even also i am not getting any data 😞
Please help

arvidn · ‎02-19-2013

Hi, I think you are missing "\" before Windowsassembly

[monitor://C:\Windowsassembly]

chimbudp · ‎02-19-2013

Yes. it was not displayed in question & ur answer too.
But i am using backslash wherever it required

arvidn · ‎02-19-2013

Should be "backslash" in front of Windowsassembly. But not shown in my answere, probably missing in question too?

Ayn · ‎02-19-2013

Do you see other data from this forwarder in your indexer?
Have you checked splunkd.log on the forwarder?
Did you have a look at the status of file inputs (http://blogs.splunk.com/2011/01/02/did-i-miss-christmas-2/)?
Most of all, why would you want to index the binary data in the assembly directory? What are you trying to achieve?

Are you a member of the Splunk Community?