Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitor for remote folder

keekkenen
Engager
‎06-25-2018 12:32 AM

Hi all,

I am newbie in splunk, please help me to find correct solution. For example, I have two PC, the first PC with installed splunk and the second PC is server with log directory. Can I create monitor for server log directory ? If it possible, how make it correctly ?

Tags (1)
0 Karma
Reply

keekkenen
Engager
‎06-25-2018 11:59 PM

Thanks for answer, I got it. I think using the universal forwarder is the better way in my situation.

0 Karma
Reply

FrankVl
Ultra Champion
‎06-25-2018 04:30 AM

Yes, you can. The how depends a bit on what OS each machine is running. But the basic approach would be to somehow share that log directory over the network and then either mount that share on the Splunk server and point a Splunk monitor input at the mounted share, or point a Splunk monitor input directly at the share path (e.g. \servername\share for typical windows SMB shares).

An alternative would be to install a Splunk universal forwarder on the system where the log is located, have that UF monitor the log locally and forward to the Splunk Enterprise server.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...