- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do you monitor a Windows shared directory?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have Splunk Enterprise installed on a Linux Server. I need to monitor a Windows Shared Directory containing a CSV file that needs to be uploaded daily to Splunk.
Each time I try to create a monitor (Add Data -> Monitor -> Files & Directories) I get this error: "Parameter Name: Path must be absolute".
Is there any way to fix that? How can I check if the Splunk has access to the Windows shared directory?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Look to see if you can mount the windows directory. If the windows directory looks like part of the Linux filesystem, and Splunk has the permissions to access the mount, it may work for you.
If this reply helps you, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Look to see if you can mount the windows directory. If the windows directory looks like part of the Linux filesystem, and Splunk has the permissions to access the mount, it may work for you.
If this reply helps you, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I mounted the directory using cifs-utils. It worked now. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad it worked for you. I'll write up a short answer.
If this reply helps you, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Install the Splunk Universal Forwarder on a Windows system that has access to the shared directory and configure it to monitor the file.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is difficult to do given a windows share sits on a VIP and is load balanced. So this is not as straight forward as it may seem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you mount the windows directory?
If this reply helps you, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I cannot mount the Windows directory in the Linux server that Splunk is installed.
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
