Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

universal forwarders for windows : monitor drives that need user authentication

lakshman237
Path Finder
‎07-18-2012 11:42 AM

Hi, i have installed an universal forwarders on a windows server. It needs to monitor logs files on a drive, say \mylogs\apps\logs. The splunkd process runs in the box with admin rights, but to access the log files, it needs to authenticate against a given userid/password. what do i need to config, so monitor://\mylogs\apps\logs can authenticate before looking for log files.

I am currently getting the following error:

07-18-2012 19:34:39.938 +0100 WARN FilesystemChangeWatcher - error getting attributes of path "\mylogs\apps\logs": Access is denied.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎07-23-2012 04:02 PM

Are these drives that "need user authentication" mapped as network drives?

If so, then you need to install Splunk as a user that already has at least read access to those volumes/drives. Splunk can only authenticate with the username and password that you give it at installation.

More info here:

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...