Solved: splunk index logs from network drive

leiniao · ‎11-29-2011

i wish to index all the log files in the network drive Y
but i am getting the error msg - In handler'monitor':Parameter name:Path does not exist

Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

full path to your data : Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path does not exist
full path to your data : $Y:\
i am getting the error msg - In handler'monitor':Parameter name:Path must be absolute

how to index data from the network drive?

au_chrismor · ‎11-29-2011

I can think of a couple of reasons for this:

I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

View solution in original post

Vipun · ‎12-29-2016

Hi All,

Can you please explain me how do we get service account for splunkd has access to that share on the server?

au_chrismor · ‎11-29-2011

I can think of a couple of reasons for this:

I am guessing that you're running splunkd on a Windows machine. If so, the service is running in a different user context to you, and will almost certainly not have a Drive Y: To work around this, instead of "Y:" use the full UNC name of the folder.

You can get this from issuing a NET USE command on a machine that has the relevant Y: drive. It will look something like "\\ServerName\ShareName".

If it can see the Y: drive OR you change it to a UNC name and it still doesn't work, make sure that the service account for splunkd has access to that share on the server.

Cheers

(Note: I edited my answer to fix the UNC path formatting. Sorry if it was hard to read before.

GCuriel · ‎10-05-2021

I am wondering the same thing. I am using the UNC path and its correct. Splunk accepts the path but does not show any data being added. If I copy the same folder onto my local drive it works fine, so the problem has to be accessing the files. Can you please explain me how to get service account for splunk has access to that share on the server?

Vipun · ‎12-29-2016

Hi,

I have UNC path of my network drive when I try Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access

but no results indexed from the above answer . Can you please explain me how to get service account for splunkd has access to that share on the server.?

leiniao · ‎11-29-2011

following ur method i am able to index the logs now. thks alot.

splunk index logs from network drive

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life