FAQ¶
How can I monitor files via UNC paths?¶
You can monitor directories and files via UNC paths provided that:
- The account that Splunk runs under has access to the UNC path
- The input is running on Windows
If you run Splunk under a domain account then you will likely need to update the permissions of the $SPLUNK_HOME\var\lib\splunk\modinputs\file_meta_data directory in order to make sure that the modular input has access to the checkpoint data. If you don't, you will see an error like this:
IOError: [Errno 13] Permission denied: u'C:\Program Files\Splunk\var\lib\splunk\modinputs\file_meta_data\6ca8dc8f8956b39f61fb8c69837222ffaa0dae4b5a918cbf130d2284.json'
Furthermore, you can map the drive for the account that Splunk runs under and have it scan the drive as if it is a local drive. To do this, you would need to mount the drive for the service account.