Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Shared Drive Folder monitoring in Windows Machine
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Shared Drive Folder monitoring in Windows Machine
Hi Team,
We got a request from a client stating to monitor the Shared Folder in a windows server. So currently I need the exact inputs.conf so that I can test the same.
File Path which needs to be monitored: D:\ABC-Test\XYZ-Test\DEF-T\LMN-T\OPQ-D*.log
In this Path "ABC-Test" is a shared folder and also "XYZ-Test" is also a shared folder.
It's a windows machine so kindly provide the inputs.conf so that i can update the same
Previously I have provided the stanza as something like this but it didn’t worked:
[monitor://D:\ABC-Test\XYZ-Test\DEF-T\LMN-T\OPQ-D*.log]
index = man
sourcetype = dev
disabled = 0
So kindly help on the same.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you confirmed that the user under which the Splunk process runs has permission to access that shared drive / folder?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like duplicate of https://answers.splunk.com/answers/746854/need-input-stanza-for-a-shared-drive.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can the Splunk Universal forwarder be installed on the client Windows machine which shares the drive? Then it is the best way as you get a more consistent data and information like host, source correctly.
Plainly trying to read from shared drive may cause permissions issues etc. But worth a try if Splunk runs as admin by changing the stanza to the shared/mapped folder
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone help on this request please.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can anyone help on my request.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
