Getting Data In

What's the syntax for monitoring a local windows directory or file?

the_wolverine
Champion
[monitor://C:\\program files\path\filename]

doesn't seem to be working.

0 Karma
1 Solution

the_wolverine
Champion

Ok, working now. In my testing I've found that both ways will work: [monitor://C:\stuff] and [monitor://C:\\stuff] work. Confirmed by trying both and seeing the source appear in metadata.

View solution in original post

0 Karma

the_wolverine
Champion

Ok, working now. In my testing I've found that both ways will work: [monitor://C:\stuff] and [monitor://C:\\stuff] work. Confirmed by trying both and seeing the source appear in metadata.

0 Karma

the_wolverine
Champion

Splunk, I might have missed this but it would be useful for you to provide some Windows syntax examples either in spec file or online documentation. Thx.

schava2
Explorer
[monitor://C:\Program Files\path\filename]

might work
you seem to have a double-slash after C:, also not entirely sure of the case sensitiveness of Splunkd on windows, but just in case might want to preserve the case if you can for the entire path.
Regards,
Srinivas

Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...