I just installed Splunk, and am trying to use it to open a folder full of log files, which I put in C:\Data\test\
Then I went in the web interface in "Data inputs » Files & directories » Add new", and as "source" put "C:\Data\test", but I get an error "Encountered the following error while trying to save: In handler 'oneshotinput': unable to open file: path='c:\Data\test' error='Accès refusé.'"
It does however work if instead of a directory I put a specific .log file.
Is what I'm trying to do sensible? (I'm new to Splunk, and am mostly trying to see which info I can get out of my logs).
Some extra information:
It seems to me I'm trying to do something simple, so I must be doing it wrong. What (if any" is the "standard" way of analyzing a folder full of logs?
(I saw a similar issue here, including quite a few comments complaining, but the proposed solutions don't seem to apply to me.)
You can monitor a directory, but I think you can only one-shot a single specific file at a time.
You can monitor a directory, but I think you can only one-shot a single specific file at a time.
OK, that must be it, it works now.
I had previously also tried monitoring instead of one-shotting, but it had failed with the same error message, but that may have been before I gave full rights to that folder (in my mind it made more sense to one-shot because I didn't expect that folder to change...)
Thanks!