Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk index logs from network drive

leiniao
Explorer
‎11-29-2011 06:14 PM

i wish to index all the log files in the network drive Y
but i am getting the error msg - In handler'monitor':Parameter name:Path does not exist

Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

full path to your data : Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path does not exist
full path to your data : $Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path must be absolute

how to index data from the network drive?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

au_chrismor
Path Finder
‎11-29-2011 06:31 PM

I can think of a couple of reasons for this:

  1. I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

  1. If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

View solution in original post

Reply
Solved! Jump to solution

Vipun
Explorer
‎12-29-2016 02:39 AM

Hi All,

Can you please explain me how do we get service account for splunkd has access to that share on the server?

Reply
Solved! Jump to solution
Solution

au_chrismor
Path Finder
‎11-29-2011 06:31 PM

I can think of a couple of reasons for this:

  1. I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

  1. If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

Reply
Solved! Jump to solution

GCuriel
Engager
‎10-05-2021 07:25 PM

I am wondering the same thing. I am using the UNC path and its correct. Splunk accepts the path but does not show any data being added. If I copy the same folder onto my local drive it works fine, so the problem has to be accessing the files. Can you please explain me how to get service account for splunk has access to that share on the server?

0 Karma
Reply
Solved! Jump to solution

Vipun
Explorer
‎12-29-2016 02:45 AM

Hi,

I have UNC path of my network drive when I try Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

but no results indexed from the above answer . Can you please explain me how to get service account for splunkd has access to that share on the server.?

Reply
Solved! Jump to solution

leiniao
Explorer
‎11-29-2011 10:41 PM

following ur method i am able to index the logs now. thks alot.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...