https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222585#M43646 <P>I'm guessing you installed the UF on Windows therefore you have several ways to do this.<BR /> My preferred one would be to use a powershell input and collect WMI this way.<BR /> Example:</P> <P>inputs.conf<BR /> Windows 8 and 2012 using Get-CimInstance</P> <PRE><CODE>[powershell://CollectProcessInfoFromWmi] script = Get-CimInstance Win32_Process | Select-Object Field1, Field2, Field3 schedule = 0 */5 * ? * * sourcetype = Windows:MyWmiData </CODE></PRE> <P>PRE Windows 8 and 2012 using Get-WmiObject</P> <PRE><CODE>[powershell://CollectProcessInfoFromWmi] script = Get-WmiObject -Class Win32_Process | Select-Object Field1, Field2, Field3 schedule = 0 */5 * ? * * sourcetype = Windows:MyWmiData </CODE></PRE> <P>See the following links for more info:</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowsdatawithPowerShellscripts">http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowsdatawithPowerShellscripts</A><BR /> <A href="https://technet.microsoft.com/en-us/library/hh849824.aspx">https://technet.microsoft.com/en-us/library/hh849824.aspx</A><BR /> <A href="https://technet.microsoft.com/en-us/library/jj590758(v=wps.630).aspx">https://technet.microsoft.com/en-us/library/jj590758(v=wps.630).aspx</A></P> Wed, 27 Apr 2016 10:22:12 GMT javiergn 2016-04-27T10:22:12Z https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222584#M43645 <P>In reference to the following link: <BR /> <A href="https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-running-on-linux.html">https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-running-on-linux.html</A> <BR /> I want to know that How to pulls log using WMI by Splunk universal forwarder?</P> Tue, 26 Apr 2016 10:55:45 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222584#M43645 rishabhey2016 2016-04-26T10:55:45Z https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222585#M43646 <P>I'm guessing you installed the UF on Windows therefore you have several ways to do this.<BR /> My preferred one would be to use a powershell input and collect WMI this way.<BR /> Example:</P> <P>inputs.conf<BR /> Windows 8 and 2012 using Get-CimInstance</P> <PRE><CODE>[powershell://CollectProcessInfoFromWmi] script = Get-CimInstance Win32_Process | Select-Object Field1, Field2, Field3 schedule = 0 */5 * ? * * sourcetype = Windows:MyWmiData </CODE></PRE> <P>PRE Windows 8 and 2012 using Get-WmiObject</P> <PRE><CODE>[powershell://CollectProcessInfoFromWmi] script = Get-WmiObject -Class Win32_Process | Select-Object Field1, Field2, Field3 schedule = 0 */5 * ? * * sourcetype = Windows:MyWmiData </CODE></PRE> <P>See the following links for more info:</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowsdatawithPowerShellscripts">http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowsdatawithPowerShellscripts</A><BR /> <A href="https://technet.microsoft.com/en-us/library/hh849824.aspx">https://technet.microsoft.com/en-us/library/hh849824.aspx</A><BR /> <A href="https://technet.microsoft.com/en-us/library/jj590758(v=wps.630).aspx">https://technet.microsoft.com/en-us/library/jj590758(v=wps.630).aspx</A></P> Wed, 27 Apr 2016 10:22:12 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222585#M43646 javiergn 2016-04-27T10:22:12Z https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222586#M43647 <P>Hi, did you get this working at all?</P> Mon, 09 May 2016 16:36:37 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-pull-logs-using-WMI-with-a-Splunk-universal-forwarder/m-p/222586#M43647 javiergn 2016-05-09T16:36:37Z