I'm running Splunk on a Linux box. Nessus is running on another Linux box, but I'm using the Nessus web GUI from a Windows box to run scans. Scans are downloaded to that Windows box and saved as .csv files. Currently, I have to copy the files to the Splunk (indexer) box to get NessusInSplunk to see and index the data, using RegEx. I want to point the NessusInSplunk app to my Windows box so I don't have to copy the files to the Linux box. What entry should I make in the inputs.conf file, or how do I set the path through the Splunk GUI. When I try \servername\homes$\dir2\dir3\ I get error, "In Handler: 'monitor': Parameter name: Path must be absolute." I see a comment that splunk must have access to the network share. What user in that? Do I have to mount a network share on the Splunk (Linux) box? Or how must I share the directory on the Windows box?
A related question: How can I get server names in the Nessus scans to show up (not IP addresses in the NessusInSplunk app?
... View more