Searching local directories

jjriver2 · ‎10-26-2020

I am trying to add and search data directly from my local file directory in splunk. I went to setting > data inputs > Add new Files & Directories > Start searching data

When I chose to continue searching the data no results showed? Why is this?

nwuest · ‎10-26-2020

Hi jjriver2,

Have you tried giving your Splunk forwarder a reboot? Typically if you make changes to the forwarder configuration you must start or restart the forwarder in most cases. The reason why is that the Splunk Universal Forwarder needs to restart for the new changes to take effect.

https://docs.splunk.com/Documentation/Forwarder/8.1.0/Forwarder/Starttheuniversalforwarder

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Configurationfilechangesthatrequirerestart

I do hope this helps!

V/R,

nwuest

gcusello · ‎10-26-2020

Hi @jjriver2,

let me understand:

you configured an input read log files from a local directory of your Splunk Server,
you took these logs and stored them in an index (e.g. main),
then you searched on the configured index;

it this correct?

When you configured Add new files & Directories what did you do after?

I don't know how much you know Splunk, maybe it could be better to follow a video, how to monitor files:

for windows https://www.splunk.com/en_us/training/videos/getting-data-in-to-splunk-enterprise-windows.html

for linux https://www.splunk.com/en_us/training/videos/getting-data-in-to-splunk-enterprise-linux.html

Ciao.

Giuseppe

Searching local directories

other

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life