Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Forwarder and WMI

jmbytemoney
Engager
‎09-13-2012 05:38 AM

Hi there,

I have a Linux splunk server running and would like to monitor the WMI data (CPU,Memory) from a Windows pc. If I install the full splunk application on the Windows pc and forward the data to my splunk server I get data using the Windows app including WMI data. I then uninstalled the full splunk on the Windows box and tried to use the universal forwarder alone. I get data flowing to my Linux splunk server from the Windows PC however the WMI data is not populating. I have read countless questions posted on here and can simply not crack it. I have checked that it is not a firewall or antivirus issue as there is data flowing.

When trying to follow the prompt: "If you want to add additional hosts you can do so in the WMI inputs section of Manager." I simply get:

404 Not Found
Return to Splunk home page
Splunk cannot find "admin/win-wmi-collections".

Any suggestions?

0 Karma
Reply

cmonig
Explorer
‎09-14-2012 06:46 AM

Hi,

have you checked that the WMI monitor stanzas in the inputs.conf on your forwarder are set / enabled?

What does the output look like when you do a

$SPLUNK_HOME/bin/splunk list monitor

on the universal forwarder?

Cheers,

Christoph

0 Karma
Reply
Get Updates on the Splunk Community!

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...