I have a VoIP telephony server and I'm hesitant to place a splunk light forwarder on this server at this time (CR wont get passed). I have shared the log files so that I can mapped a windows drive and now see these files as drive Z:. I have a light forwarder set up on the box that I have now created the mapped drive on and have added the following to the $SPLUNK_HOME\etc\system\local\inputs.conf
[monitor://z:\*.log]
disabled = false
sourcetype = CDR_Record
host = pabx
Is there something that I am missing or is it not possible to monitor log files on a mapped drive?
Many Thanks
... View more