https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482064#M193183 <P>Have you reviewed this:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWMIdata">https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWMIdata</A></P> Mon, 09 Mar 2020 10:44:54 GMT anmolpatel 2020-03-09T10:44:54Z https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482063#M193182 <P>Dear , <BR /> I have cluster setup and we need to collect local logging logs from work station using WMI without install UF on targets so I need to know the pre-request . </P> Wed, 04 Mar 2020 07:42:48 GMT https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482063#M193182 khalidewaidah 2020-03-04T07:42:48Z https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482064#M193183 <P>Have you reviewed this:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWMIdata">https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWMIdata</A></P> Mon, 09 Mar 2020 10:44:54 GMT https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482064#M193183 anmolpatel 2020-03-09T10:44:54Z https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482065#M193184 <P>I would also consider using Windows Event Forwarding (WEF). WMI log collection has always been problematic for me at scale, since WMI breaks a lot. We use WEF with all our VDIs (45k+).</P> Mon, 09 Mar 2020 13:16:56 GMT https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482065#M193184 xavierashe 2020-03-09T13:16:56Z https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482066#M193185 <P>It can be done:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWMIdata">https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWMIdata</A><BR /> But it is sub-optimal to using a standard UF and has downsides and complications:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/TroubleshootingWMI">https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/TroubleshootingWMI</A></P> Sun, 15 Mar 2020 21:45:58 GMT https://community.splunk.com/t5/Splunk-Search/Get-windows-Local-login-logs-using-WMI/m-p/482066#M193185 woodcock 2020-03-15T21:45:58Z