Getting Data In

splunk index logs from network drive

Explorer

i wish to index all the log files in the network drive Y
but i am getting the error msg - In handler'monitor':Parameter name:Path does not exist

Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

full path to your data : Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path does not exist
full path to your data : $Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path must be absolute

how to index data from the network drive?

Tags (2)
0 Karma
1 Solution

Explorer

I can think of a couple of reasons for this:

  1. I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

  1. If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

View solution in original post

Explorer

Hi All,

Can you please explain me how do we get service account for splunkd has access to that share on the server?

0 Karma

Explorer

I can think of a couple of reasons for this:

  1. I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

  1. If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

View solution in original post

Explorer

Hi,

I have UNC path of my network drive when I try Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

but no results indexed from the above answer . Can you please explain me how to get service account for splunkd has access to that share on the server.?

0 Karma

Explorer

following ur method i am able to index the logs now. thks alot.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!