Project

General

Profile

FAQ » History » Version 2

Luke Murphey, 05/31/2016 06:59 PM

1 1 Luke Murphey
h1. FAQ
2 1 Luke Murphey
3 1 Luke Murphey
h2. How can I monitor files via UNC paths?
4 1 Luke Murphey
5 1 Luke Murphey
You can monitor directories and files via UNC paths provided that:
6 1 Luke Murphey
7 1 Luke Murphey
# The account that Splunk runs under has access to the UNC path
8 1 Luke Murphey
# The input is running on Windows
9 1 Luke Murphey
10 1 Luke Murphey
If you run Splunk under a domain account then you will likely need to update the permissions of the $SPLUNK_HOME\var\lib\splunk\modinputs\file_meta_data directory in order to make sure that the modular input has access to the checkpoint data. If you don't, you will see an error like this:
11 1 Luke Murphey
12 1 Luke Murphey
<pre>
13 1 Luke Murphey
IOError: [Errno 13] Permission denied: u'C:\Program Files\Splunk\var\lib\splunk\modinputs\file_meta_data\6ca8dc8f8956b39f61fb8c69837222ffaa0dae4b5a918cbf130d2284.json'
14 1 Luke Murphey
</pre>
15 2 Luke Murphey
16 2 Luke Murphey
Furthermore, you can map the drive for the account that Splunk runs under and have it scan the drive as if it is a local drive. To do this, you would need to "mount the drive for the service account":http://stackoverflow.com/questions/182750/map-a-network-drive-to-be-used-by-a-service.