Re: Logs from remote host

andrey2007 · ‎10-25-2011

I have access to shared folder in my network. I want to get logs for Splunk from this folder. How can i make it? May i add this folder in Manager » Data inputs » Files & directories or i need forwarder.

treinke · ‎10-25-2011

If it is Windows to Windows, I believe you can use UNC paths. In the manager, go to Data inputs, Files & directories, New. In the "Full path to your data", enter the full path to the files/folder.

\\machine.domain.com\path\to\your\files\

*sorry, all my Splunk servers are Linux

There are no answer without questions

gkanapathy · ‎10-25-2011

correct, the Splunk service would have to run as a network/domain user with access to the UNC path. Otherwise, you would run a local forwarder on the source machine.

mikelanghorst · ‎10-25-2011

I'm in the same boat, use very little windows so far. Splunk would need to run as a Domain user, not Local System for this to work.

andrey2007 · ‎10-25-2011

Windows machines, i use login and pasword for access to shared folder

treinke · ‎10-25-2011

Are these Windows or *nix machines?

There are no answer without questions

Logs from remote host

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success

Join Us for Splunk University and Get Your Bootcamp Game On!