Shared Drive Folder monitoring in Windows Machine

anandhalagarasa · ‎05-20-2019

Hi Team,

We got a request from a client stating to monitor the Shared Folder in a windows server. So currently I need the exact inputs.conf so that I can test the same.

File Path which needs to be monitored: D:\ABC-Test\XYZ-Test\DEF-T\LMN-T\OPQ-D*.log

In this Path "ABC-Test" is a shared folder and also "XYZ-Test" is also a shared folder.

It's a windows machine so kindly provide the inputs.conf so that i can update the same

Previously I have provided the stanza as something like this but it didn’t worked:

[monitor://D:\ABC-Test\XYZ-Test\DEF-T\LMN-T\OPQ-D*.log]
index = man
sourcetype = dev
disabled = 0

So kindly help on the same.

FrankVl · ‎05-22-2019

Have you confirmed that the user under which the Splunk process runs has permission to access that shared drive / folder?

harsmarvania57 · ‎05-22-2019

Looks like duplicate of https://answers.splunk.com/answers/746854/need-input-stanza-for-a-shared-drive.html

koshyk · ‎05-22-2019

Can the Splunk Universal forwarder be installed on the client Windows machine which shares the drive? Then it is the best way as you get a more consistent data and information like host, source correctly.

Plainly trying to read from shared drive may cause permissions issues etc. But worth a try if Splunk runs as admin by changing the stanza to the shared/mapped folder

anandhalagarasa · ‎05-21-2019

Can anyone help on this request please.

anandhalagarasa · ‎05-22-2019

Hi,

Can anyone help on my request.

Shared Drive Folder monitoring in Windows Machine

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!