Getting Data In

Why am I getting "access denied" when trying to edit inputs.conf on a Windows universal forwarder?

kranthimutyala
Path Finder

Recently I have configured a universal forwarder on a Windows 32 bit machine. I can see the Splunk process is running, but when I'm trying to edit inputs.conf, it's giving access denied, even after stopping the services. Later I tried to create one inputs.conf in the local directory, but still I'm getting the same error. File has given all the admin privileges. Can someone please help?

0 Karma

somesoni2
Revered Legend

Open the nodepad or any text editor as administrator (run as administrator) and then select the file for editing.

0 Karma

kranthimutyala
Path Finder

now im able to edit and added windows logs in inputs.conf file,but i see no logs are being forwarded to indexer.and no latest events please help me

0 Karma

ss026381
Communicator

Can you type the full path to the inputs.conf file and also the contents?

0 Karma

gjanders
SplunkTrust
SplunkTrust

Just FYI these posts are from Jul 2016! I suspect this might have been worked out by now 🙂

0 Karma

laytonj76
Explorer

Have you confirmed successful forwarding from that forwarder before? Also, I don't recall off the top of my head, but if you modified inputs.conf you may need to restart splunk for the change to become effective. The docs should tell you which changes require a restart.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...