Hi Team,
We got a request from a client stating to monitor the Shared Folder in a windows server. So currently I need the exact inputs.conf so that I can test the same.
File Path which needs to be monitored: D:\ABC-Test\XYZ-Test\DEF-T\LMN-T\OPQ-D*.log
In this Path "ABC-Test" is a shared folder and also "XYZ-Test" is also a shared folder.
It's a windows machine so kindly provide the inputs.conf so that i can update the same
Previously I have provided the stanza as something like this but it didn’t worked:
[monitor://D:\ABC-Test\XYZ-Test\DEF-T\LMN-T\OPQ-D*.log]
index = man
sourcetype = dev
disabled = 0
So kindly help on the same.
Have you confirmed that the user under which the Splunk process runs has permission to access that shared drive / folder?
Looks like duplicate of https://answers.splunk.com/answers/746854/need-input-stanza-for-a-shared-drive.html
Can the Splunk Universal forwarder be installed on the client Windows machine which shares the drive? Then it is the best way as you get a more consistent data and information like host, source correctly.
Plainly trying to read from shared drive may cause permissions issues etc. But worth a try if Splunk runs as admin by changing the stanza to the shared/mapped folder
Can anyone help on this request please.
Hi,
Can anyone help on my request.