I'm running Splunk on a Linux box. Nessus is running on another Linux box, but I'm using the Nessus web GUI from a Windows box to run scans. Scans are downloaded to that Windows box and saved as .csv files. Currently, I have to copy the files to the Splunk (indexer) box to get NessusInSplunk to see and index the data, using RegEx. I want to point the NessusInSplunk app to my Windows box so I don't have to copy the files to the Linux box. What entry should I make in the inputs.conf file, or how do I set the path through the Splunk GUI. When I try \servername\homes$\dir2\dir3\ I get error, "In Handler: 'monitor': Parameter name: Path must be absolute." I see a comment that splunk must have access to the network share. What user in that? Do I have to mount a network share on the Splunk (Linux) box? Or how must I share the directory on the Windows box?
A related question: How can I get server names in the Nessus scans to show up (not IP addresses in the NessusInSplunk app?
If you have a Splunk Universal forwarder installed on the Windows system you should be able to monitor the directory that you want to pull these CSV's from. Just ensure that you specify the sourcetype and index.
The host names versus the IP addresses are dependent on the settings in Nessus and not the app.