How to add / mount a folder?

neilmac64 · ‎03-02-2023

I am running Splunk in Docker on my local machine. I would like to monitor a directory folder also on my local machine where data will be posted (csv files which I would like to index).

I go to:

Data Inputs > Files and Directories > Add New
- File or Directory

If I use Browse, I can't find my directory - assume as it isn't mounted.

If I add the path to the folder, I get an error saying "This path does not exist or is not accessible."

It seems it should be easy to add a folder for monitoring - as yet I can't find a way to do it.

Can anyone point me in the right direction?

Many thanks in advance.

NM

ITWhisperer · ‎03-02-2023

This seems like a Docker problem(?) not a Splunk problem - you need to set up your Docker instance to have access to your local machine file system. Given that the essence of Docker is containment, this sounds like a non-trivial task!

PickleRick · ‎03-02-2023

Other way to go around the problem would be to install UF in the "main" system and forward events read by UF into the dockerized Splunk instance.

neilmac64 · ‎03-02-2023

How do you do it in a non-docker environment?

ITWhisperer · ‎03-02-2023

That depends on how your non-Docker environment is set up. I use WSL on my PC which automatically mounts the C drive under /mnt and is therefore easy to find.

How to add / mount a folder?

data

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...