Hi, i have installed an universal forwarders on a windows server. It needs to monitor logs files on a drive, say \mylogs\apps\logs. The splunkd process runs in the box with admin rights, but to access the log files, it needs to authenticate against a given userid/password. what do i need to config, so monitor://\mylogs\apps\logs can authenticate before looking for log files.
I am currently getting the following error:
07-18-2012 19:34:39.938 +0100 WARN FilesystemChangeWatcher - error getting attributes of path "\mylogs\apps\logs": Access is denied.
Are these drives that "need user authentication" mapped as network drives?
If so, then you need to install Splunk as a user that already has at least read access to those volumes/drives. Splunk can only authenticate with the username and password that you give it at installation.
More info here: