Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Forwarder and WMI

jmbytemoney
Engager
‎09-13-2012 05:38 AM

Hi there,

I have a Linux splunk server running and would like to monitor the WMI data (CPU,Memory) from a Windows pc. If I install the full splunk application on the Windows pc and forward the data to my splunk server I get data using the Windows app including WMI data. I then uninstalled the full splunk on the Windows box and tried to use the universal forwarder alone. I get data flowing to my Linux splunk server from the Windows PC however the WMI data is not populating. I have read countless questions posted on here and can simply not crack it. I have checked that it is not a firewall or antivirus issue as there is data flowing.

When trying to follow the prompt: "If you want to add additional hosts you can do so in the WMI inputs section of Manager." I simply get:

404 Not Found
Return to Splunk home page
Splunk cannot find "admin/win-wmi-collections".

Any suggestions?

0 Karma
Reply

cmonig
Explorer
‎09-14-2012 06:46 AM

Hi,

have you checked that the WMI monitor stanzas in the inputs.conf on your forwarder are set / enabled?

What does the output look like when you do a

$SPLUNK_HOME/bin/splunk list monitor

on the universal forwarder?

Cheers,

Christoph

0 Karma
Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...