Using Splunk to monitor a UNC path

You can have Splunk reference a UNC path with the following configuration:

etcappssearchlocalinputs.conf

[monitor:\SANCIFS_TDC_NETAPP01A.SAN.MyCompany.ComCIFS_COGNOS$TestLogs]
disabled = false
host = sancifs_test
index = default
sourcetype = motio_test

The main thing to be cognizant of is who is running Splunkd; especially on Windows. On this particular windows machine, I had it setup to run as "Local System Account",
and that is probably not what you want.

I had to reconfigure the Windows Service to be run as: COMPANY_DOMAINadmin_user