Monitoring Splunk

"unable to open file" on a folder

EmileKroeger
Engager

I just installed Splunk, and am trying to use it to open a folder full of log files, which I put in C:\Data\test\

Then I went in the web interface in "Data inputs » Files & directories » Add new", and as "source" put "C:\Data\test", but I get an error "Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='c:\Data\test' error='Accès refusé.'"

It does however work if instead of a directory I put a specific .log file.

Is what I'm trying to do sensible? (I'm new to Splunk, and am mostly trying to see which info I can get out of my logs).

Some extra information:

  • C: is not a network drive
  • I gave all users read and write access to those files
  • no other program is reading files in that directory
  • I'm using Windows 7 in French

It seems to me I'm trying to do something simple, so I must be doing it wrong. What (if any" is the "standard" way of analyzing a folder full of logs?

(I saw a similar issue here, including quite a few comments complaining, but the proposed solutions don't seem to apply to me.)

0 Karma
1 Solution

grijhwani
Motivator

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

View solution in original post

grijhwani
Motivator

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

EmileKroeger
Engager

OK, that must be it, it works now.

I had previously also tried monitoring instead of one-shotting, but it had failed with the same error message, but that may have been before I gave full rights to that folder (in my mind it made more sense to one-shot because I didn't expect that folder to change...)

Thanks!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...