Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk index logs from network drive

leiniao
Explorer
‎11-29-2011 06:14 PM

i wish to index all the log files in the network drive Y
but i am getting the error msg - In handler'monitor':Parameter name:Path does not exist

Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

full path to your data : Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path does not exist
full path to your data : $Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path must be absolute

how to index data from the network drive?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

au_chrismor
Path Finder
‎11-29-2011 06:31 PM

I can think of a couple of reasons for this:

  1. I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

  1. If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

View solution in original post

Reply
Solved! Jump to solution

Vipun
Explorer
‎12-29-2016 02:39 AM

Hi All,

Can you please explain me how do we get service account for splunkd has access to that share on the server?

Reply
Solved! Jump to solution
Solution

au_chrismor
Path Finder
‎11-29-2011 06:31 PM

I can think of a couple of reasons for this:

  1. I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

  1. If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

Reply
Solved! Jump to solution

GCuriel
Engager
‎10-05-2021 07:25 PM

I am wondering the same thing. I am using the UNC path and its correct. Splunk accepts the path but does not show any data being added. If I copy the same folder onto my local drive it works fine, so the problem has to be accessing the files. Can you please explain me how to get service account for splunk has access to that share on the server?

0 Karma
Reply
Solved! Jump to solution

Vipun
Explorer
‎12-29-2016 02:45 AM

Hi,

I have UNC path of my network drive when I try Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

but no results indexed from the above answer . Can you please explain me how to get service account for splunkd has access to that share on the server.?

Reply
Solved! Jump to solution

leiniao
Explorer
‎11-29-2011 10:41 PM

following ur method i am able to index the logs now. thks alot.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...