Re: WMI Log Collection

ricksimonds · ‎07-12-2010

Splunk is installed in a Windows Domain. The service accounts are running as a Domain Admin. The authentication for the Web Manager is LDAP and is logged into using Domain Admin cridentials.

WEBTEST is successful from a cmd line. When I configure remote Windows Log collection via WMI I get the following errors:

07-12-2010 15:08:09.033 ERROR AdminManager - Unexpected error "" from python handler: "winmgmts:{impersonationLevel=impersonate,authenticationLevel=default}//ServerName/.Win32_NTEventlogFile". See splunkd.log for more details. 07-12-2010 15:08:43.745 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\bin\scripts\splunk-wmi.py"" python: can't open file 'C:\Program Files\Splunk\bin\scripts\splunk-wmi.py': [Errno 2] No such file or directory

mneethling · ‎08-11-2010

The splunk-wmi.py file gets installed when you install the Splunk Windows App. Enable the app from the launcher app.

ricksimonds · ‎07-13-2010

C:\Program Files\Splunk\bin\scripts\splunk-wmi.py does not exist. I'm a newbie, shouldn't that have been there as part of the install? Where would I find that file or add it to the directory? Thanks

gkanapathy · ‎07-12-2010

I guess, first of all, does that file C:\Program Files\Splunk\bin\scripts\splunk-wmi.py exist? If so, who owns it, and does the Splunk user have sufficient access all the way up to the file? If you changed the service account after installation, it's likely/probably that some file permissions are too restricted to the original account.

WMI Log Collection

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!