Solved: What's the syntax for monitoring a local windows d...

the_wolverine · ‎06-09-2011

[monitor://C:\\program files\path\filename]

doesn't seem to be working.

the_wolverine · ‎06-23-2011

Ok, working now. In my testing I've found that both ways will work: [monitor://C:\stuff] and [monitor://C:\\stuff] work. Confirmed by trying both and seeing the source appear in metadata.

View solution in original post

the_wolverine · ‎06-23-2011

Ok, working now. In my testing I've found that both ways will work: [monitor://C:\stuff] and [monitor://C:\\stuff] work. Confirmed by trying both and seeing the source appear in metadata.

the_wolverine · ‎06-23-2011

Splunk, I might have missed this but it would be useful for you to provide some Windows syntax examples either in spec file or online documentation. Thx.

schava2 · ‎06-10-2011

[monitor://C:\Program Files\path\filename]

might work
you seem to have a double-slash after C:, also not entirely sure of the case sensitiveness of Splunkd on windows, but just in case might want to preserve the case if you can for the entire path.
Regards,
Srinivas

What's the syntax for monitoring a local windows directory or file?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023