Re: Monitor for remote folder

keekkenen · ‎06-25-2018

Hi all,

I am newbie in splunk, please help me to find correct solution. For example, I have two PC, the first PC with installed splunk and the second PC is server with log directory. Can I create monitor for server log directory ? If it possible, how make it correctly ?

keekkenen · ‎06-25-2018

Thanks for answer, I got it. I think using the universal forwarder is the better way in my situation.

FrankVl · ‎06-25-2018

Yes, you can. The how depends a bit on what OS each machine is running. But the basic approach would be to somehow share that log directory over the network and then either mount that share on the Splunk server and point a Splunk monitor input at the mounted share, or point a Splunk monitor input directly at the share path (e.g. \servername\share for typical windows SMB shares).

An alternative would be to install a Splunk universal forwarder on the system where the log is located, have that UF monitor the log locally and forward to the Splunk Enterprise server.

Monitor for remote folder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

.conf26 Registration is Live: Secure Your Early Bird Pass Now

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Join the Conversation