Using Splunk to monitor a UNC path

You can have Splunk reference a UNC path with the following configuration:


disabled = false
host = sancifs_test
index = default
sourcetype = motio_test

The main thing to be cognizant of is who is running Splunkd; especially on Windows. On this particular windows machine, I had it setup to run as "Local System Account",
and that is probably not what you want.

I had to reconfigure the Windows Service to be run as: COMPANY_DOMAINadmin_user