Re: UNC Path to Network Print Server

ramuzzini · ‎10-04-2024

Trying to monitor a separate print server folder outside where Splunk is hosted with print logs that has a UNC path. Folder only has .log files in it. I have the following index created:

index = printlogs

When I try to add the folder path in Splunk through the add data feature: "add data" - "Monitor" -"Files & Directories" I get to submit and then get an error:

"Parameter name: Path must be absolute".

So I added the following stanza to my inputs.conf file in the systems/local/folder:

[monitor://\\cpn-prt01\c$\Program Files\Printer\server\logs\print-logs\*.log]
index = printlogs
host = cpn-prt01
disabled = 0
renderXml = 1

I created a second stanza with a index = printlogs2 with respective index to monitor the following path to see if I can pull straight from the path and ignore the file type inside.

[monitor://\\cpn-prt01\c$\Program Files\Printer\server\logs\print-logs\]

I do see the full path to both in the "Files & Director" list under the Data Inputs. However, I am not getting any event counts when I look at the respective indexes seen in the Splunk Indexes page. I did a Splunk refresh and even restarted the Splunk server with now luck. Thought maybe someone has run into similar issue or has a possible solution.

Thanks in advance.

PickleRick · ‎10-04-2024

While ingesting files from network shares is possible (but has performance drawbacks especially in high-volume scenarios) it requires the ingesting component (either a HF or UF) to run with a domain user which has access to the source share. Maybe, just maybe it could work with a completely public share (haven't tested it myself) but it's not a very good idea in a first place.

UNC Path to Network Print Server

inputs.conf

monitor

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Are you a member of the Splunk Community?