Getting Data In

How to monitor files from a shared drive on a splunk instance on cloud?

ASISH_9
Engager

We have our Splunk instance on cloud and to monitor each source type we have created a folder on a shared drive.
Each CSV file of a particular source type is extracted from a database and then from that folder, we are getting the data into Splunk.
Earlier I created that folder on my system and it was working fine and even with one drive it is working fine but with share drive, it is unable to recognize the path.
We have provided that necessary path and index in input and output.conf.

Please help.

0 Karma

HiroshiSatoh
Champion

Please check "Supported file systems". I think that it is good to transfer by inserting UF.

http://docs.splunk.com/Documentation/Splunk/7.0.2/Installation/Systemrequirements

0 Karma

micahkemp
Champion

Does the splunk user have permission to read from the shared drive?

0 Karma

ASISH_9
Engager

Yes we have permission

0 Karma

jangid
Builder

write a small python script and run this script using Splunk script stanza and check whether this script is able to get the contents from shared folder

0 Karma

ASISH_9
Engager

Hello jangrid,

Actually i am a dot net programmer with no knowledge on python language.
Please provide a sample (python program) of the requirement

Thanks in advance

0 Karma

jangid
Builder

Hi @ASISH_9 you can use dot net program as well if your Splunk main instance installed on Windows machine.

0 Karma

493669
Super Champion

can you provide your sample inputs.conf

0 Karma

ASISH_9
Engager

Please find the working and not working stanzas of input.conf file as below and give your inputs

[monitor://C:\OneDrive - Accenture\Extracted Delta Files\TimesheetMaster\Timesheet*] ---[Working]

disabled = 0
index = slb_index
sourcetype=TimesheetMaster_03102016_2.csv

[monitor://Z:\TimeTracker_SharePoint\TimesheetMaster\Timesheet*] -------------[not working]
disabled = 0
index = slb_index
sourcetype=TimesheetMaster_03102016_2.csv

[monitor://\10.194.186.53\SLB-ADM_Applications$\TimeTracker_SharePoint\TimesheetMaster\Timesheet*] ---[not working as well]
disabled = 0
index = slb_index
sourcetype=TimesheetMaster_03102016_2.csv

Thanks in Advance

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...