Getting Data In

Logs from remote host

Contributor

I have access to shared folder in my network. I want to get logs for Splunk from this folder. How can i make it? May i add this folder in Manager » Data inputs » Files & directories or i need forwarder.

Tags (2)
SplunkTrust

If it is Windows to Windows, I believe you can use UNC paths. In the manager, go to Data inputs, Files & directories, New. In the "Full path to your data", enter the full path to the files/folder.

\\machine.domain.com\path\to\your\files\


*sorry, all my Splunk servers are Linux

Splunk Employee

correct, the Splunk service would have to run as a network/domain user with access to the UNC path. Otherwise, you would run a local forwarder on the source machine.

Motivator

I'm in the same boat, use very little windows so far. Splunk would need to run as a Domain user, not Local System for this to work.

Contributor