FAQ » History » Version 2
Luke Murphey, 05/31/2016 06:59 PM
| 1 | 1 | Luke Murphey | h1. FAQ |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 1 | Luke Murphey | h2. How can I monitor files via UNC paths? |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | You can monitor directories and files via UNC paths provided that: |
| 6 | 1 | Luke Murphey | |
| 7 | 1 | Luke Murphey | # The account that Splunk runs under has access to the UNC path |
| 8 | 1 | Luke Murphey | # The input is running on Windows |
| 9 | 1 | Luke Murphey | |
| 10 | 1 | Luke Murphey | If you run Splunk under a domain account then you will likely need to update the permissions of the $SPLUNK_HOME\var\lib\splunk\modinputs\file_meta_data directory in order to make sure that the modular input has access to the checkpoint data. If you don't, you will see an error like this: |
| 11 | 1 | Luke Murphey | |
| 12 | 1 | Luke Murphey | <pre> |
| 13 | 1 | Luke Murphey | IOError: [Errno 13] Permission denied: u'C:\Program Files\Splunk\var\lib\splunk\modinputs\file_meta_data\6ca8dc8f8956b39f61fb8c69837222ffaa0dae4b5a918cbf130d2284.json' |
| 14 | 1 | Luke Murphey | </pre> |
| 15 | 2 | Luke Murphey | |
| 16 | 2 | Luke Murphey | Furthermore, you can map the drive for the account that Splunk runs under and have it scan the drive as if it is a local drive. To do this, you would need to "mount the drive for the service account":http://stackoverflow.com/questions/182750/map-a-network-drive-to-be-used-by-a-service. |