https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102029#M182924 <P>What i have to check on clients? Clients didnt have a splunkd.log?! :D.<BR /> And on Splunk i have 2 errors:</P> <P>03-27-2012 15:09:18.524 +0200 ERROR splunk-perfmon - PerfmonHelper::enumObjectByNameEx: PdhEnumObjectItems failed for 'Memory' with (0xc0000bb8): Das angegebene Objekt wurde nicht im System gefunden.</P> <P>03-27-2012 15:13:53.764 +0200 ERROR ExecProcessor - message from "C:\Programme\Splunk\bin\splunk-wmi.exe" WMI - Error occurred while trying to retrieve results from a WMI query (error="Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt." HRESULT=800706BF) (\servername\root\cimv2: Select PercentProcessorTime,PercentUserTime from Win32_PerfFormattedData_PerfOS_Processor where Name = "_Total")</P> Mon, 28 Sep 2020 11:34:53 GMT Rhuen 2020-09-28T11:34:53Z https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102027#M182922 <P>Hy,</P> <P>i dont know why, but since 5 days i become no more Event Logs from Client PC's (Windows XP).</P> <P>When i remote connect to this PC's i see new Events, but Splunk become nothing.<BR /> Can i see anywhere why?.</P> <P>From all Servers i become the logs all the time, only client pc's stop this since 5 days, and i dont know why.</P> <P>greets.</P> Tue, 27 Mar 2012 12:42:22 GMT https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102027#M182922 Rhuen 2012-03-27T12:42:22Z https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102028#M182923 <P>Have you checked the splunkd.log on both server and client?</P> Tue, 27 Mar 2012 13:06:58 GMT https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102028#M182923 jgedeon120 2012-03-27T13:06:58Z https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102029#M182924 <P>What i have to check on clients? Clients didnt have a splunkd.log?! :D.<BR /> And on Splunk i have 2 errors:</P> <P>03-27-2012 15:09:18.524 +0200 ERROR splunk-perfmon - PerfmonHelper::enumObjectByNameEx: PdhEnumObjectItems failed for 'Memory' with (0xc0000bb8): Das angegebene Objekt wurde nicht im System gefunden.</P> <P>03-27-2012 15:13:53.764 +0200 ERROR ExecProcessor - message from "C:\Programme\Splunk\bin\splunk-wmi.exe" WMI - Error occurred while trying to retrieve results from a WMI query (error="Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt." HRESULT=800706BF) (\servername\root\cimv2: Select PercentProcessorTime,PercentUserTime from Win32_PerfFormattedData_PerfOS_Processor where Name = "_Total")</P> Mon, 28 Sep 2020 11:34:53 GMT https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102029#M182924 Rhuen 2020-09-28T11:34:53Z https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102030#M182925 <P>I would check client event logs since you are collecting with WMI.</P> Tue, 27 Mar 2012 13:26:08 GMT https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102030#M182925 jgedeon120 2012-03-27T13:26:08Z https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102031#M182926 <P>I was now change the configuration from "Computername" to there IP-Adress and now i become reports...hm...i must check this the next few days.</P> <P>Other Question, how can i do a dashboard with manually Computernames?<BR /> When i do a event log dashboard i use:</P> <P>source="WMI:WinEventLog:<EM>" ComputerName="</EM>" | stats count count(eval(Type="Warnung")) as warnings count(eval(Type="Fehler")) as errors by host</P> <P>But we have MAC-Adress as Computername, i see only "FFC00..." "FF00..." and so on, how must i change the search command that i have costum Names for the restults?<BR /> FFCC00 = Computer1<BR /> FF00 = Computer2 and so on.</P> <P>greets.</P> Wed, 28 Mar 2012 10:24:06 GMT https://community.splunk.com/t5/Splunk-Search/No-more-Event-Logs-from-Client-s/m-p/102031#M182926 Rhuen 2012-03-28T10:24:06Z