Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

"unable to open file" on a folder

EmileKroeger
Engager
‎06-24-2014 04:47 AM

I just installed Splunk, and am trying to use it to open a folder full of log files, which I put in C:\Data\test\

Then I went in the web interface in "Data inputs » Files & directories » Add new", and as "source" put "C:\Data\test", but I get an error "Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='c:\Data\test' error='Accès refusé.'"

It does however work if instead of a directory I put a specific .log file.

Is what I'm trying to do sensible? (I'm new to Splunk, and am mostly trying to see which info I can get out of my logs).

Some extra information:

  • C: is not a network drive
  • I gave all users read and write access to those files
  • no other program is reading files in that directory
  • I'm using Windows 7 in French

It seems to me I'm trying to do something simple, so I must be doing it wrong. What (if any" is the "standard" way of analyzing a folder full of logs?

(I saw a similar issue here, including quite a few comments complaining, but the proposed solutions don't seem to apply to me.)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

grijhwani
Motivator
‎06-24-2014 04:50 AM

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

View solution in original post

Reply
Solved! Jump to solution
Solution

grijhwani
Motivator
‎06-24-2014 04:50 AM

You can monitor a directory, but I think you can only one-shot a single specific file at a time.

Reply
Solved! Jump to solution

EmileKroeger
Engager
‎06-24-2014 05:57 AM

OK, that must be it, it works now.

I had previously also tried monitoring instead of one-shotting, but it had failed with the same error message, but that may have been before I gave full rights to that folder (in my mind it made more sense to one-shot because I didn't expect that folder to change...)

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...