Splunk is installed in a Windows Domain. The service accounts are running as a Domain Admin. The authentication for the Web Manager is LDAP and is logged into using Domain Admin cridentials.
WEBTEST is successful from a cmd line. When I configure remote Windows Log collection via WMI I get the following errors:
07-12-2010 15:08:09.033 ERROR AdminManager - Unexpected error "" from python handler: "winmgmts:{impersonationLevel=impersonate,authenticationLevel=default}//ServerName/.Win32_NTEventlogFile". See splunkd.log for more details. 07-12-2010 15:08:43.745 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\bin\scripts\splunk-wmi.py"" python: can't open file 'C:\Program Files\Splunk\bin\scripts\splunk-wmi.py': [Errno 2] No such file or directory
The splunk-wmi.py file gets installed when you install the Splunk Windows App. Enable the app from the launcher app.
C:\Program Files\Splunk\bin\scripts\splunk-wmi.py does not exist. I'm a newbie, shouldn't that have been there as part of the install? Where would I find that file or add it to the directory? Thanks
I guess, first of all, does that file C:\Program Files\Splunk\bin\scripts\splunk-wmi.py
exist? If so, who owns it, and does the Splunk user have sufficient access all the way up to the file? If you changed the service account after installation, it's likely/probably that some file permissions are too restricted to the original account.