All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Eventtype errors using splunk app for windows infrastructure

afolabia
Path Finder
‎10-14-2019 02:09 AM

How do I resolve splunk app for windows infrastructure event types errors in a distributed environment? They are all enabled but not producing and results.
Eventtype 'perfmon_windows' does not exist or is disabled.
Eventtype 'wineventlog_windows' does not exist or is disabled.
Eventtype 'wineventlog_security' does not exist or is disabled.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

afolabia
Path Finder
‎10-17-2019 02:37 AM

Problem solved:
It seems to be more of a permission issue. I access the SH and did a recursive permission change for the Splunk_TA_windows. Check the box for "Replace all child object permissions with inheritable permissions from this object", and restarted splunkd.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎04-24-2021 09:51 AM

These KOs (and other things) are defined in the Splunk_TA_windows app which should always be deployed together with the splunk_app_windows_infrastructure app.

0 Karma
Reply
Solved! Jump to solution
Solution

afolabia
Path Finder
‎10-17-2019 02:37 AM

Problem solved:
It seems to be more of a permission issue. I access the SH and did a recursive permission change for the Splunk_TA_windows. Check the box for "Replace all child object permissions with inheritable permissions from this object", and restarted splunkd.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-14-2019 05:30 AM

Hi afolabia,
you have three solutions:

  • add the indexes of this app to the default search path for all the interested roles;
  • create a new eventtype (e.g. wineventlog) in which you have only the filter index=wineventlog and the add this eventtype to the others;
  • add to all the eventtypes the filter index=wineventlog.

.

The second solution is longer but, for my idea, prefereable because has best performances.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

afolabia
Path Finder
‎10-15-2019 06:41 AM

Thanks, but should i be doing that since all I'm using is the default TA's for windows infrastructure and windows? Also, I do have the eventtype with these included.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-15-2019 07:28 AM

Hi afolabia,
I agree with you and I don't know why in many apps there aren't eventtypes with index.
As I said, you can also put the indexes in the default search path for all the roles you have, but in my installations I always customized eventtypes.
If you want, it's another way to give value to your work!

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...