I'm trying to install "splunkforwarder-6.0-182611-x64-release" on a Windows 2008 R2 server. While going through the install wizard, after selecting "Local Data Only", and then in the next window under, "Path to monitor", I am unable to browse to the folder that the file is in.
The path is: C:_Windows_System32_winevt_Logs
From the install wizard I get to: C:_Windows_System32, but the "winevt" folder is not displayed.
I have tried making all folders visible through the "folder options" menu with no luck.
If I manually enter the path I receive this error:
"Windows can't find 'C:_Windows_System32_winevt_Logs'. Check spelling and try again."
I can reach the folder with normal Windows Explorer.
I checked with my Windows guy and he had no ideas. Any Windows gurus out there that know what's going on?
Actually, you can but it is not obvious. The window used to show the list of files in that folder is too small, so it only shows files and folders that start with a, then b, then c, etc... until the window is full instead of show the folders at the top followed by the files, which is what you expect.
Scroll down to the bottom of the list in the system32 folder and there should be a "show more" option. Keep doing that until you get to the winevent folder, and then you'll be able to access it.
It is either that, or the there is permission problem.
I was able to get around this problem by:
- Running the installer from the an elevated command line.
- And, adding the flag "MONITOR_PATH=
This automatically populated the path option thereby eliminating the need to browse to it.
Eg: Right click on command line icon and select "Run as administrator".
Enter, "msiexec.exe /i