Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed to fetch data: Admin handler 'win-perfmon-find-collection' not found.

bwouters
Path Finder
‎11-30-2017 01:44 AM

I've managed to build my first graph and dashboard, which is supposed to monitor the free disk space of a remote host.
The remote host is a Windows OS while Splunk Enterprise is installed on a Unix system.

When I create an indexer with some parameters to pull '% Free Space' from the Universal Forwarder (the remote host I want to monitor), I almost immediately receive data from it. I set polling interval to 60s
I create a Search and build a line chart from it which is now displayed on my dashboard.
However, it seems that no data is added anymore. Executing a search is not showing any new events, even though the interval should be 60s.

Using Splunk Web, I go to 'Data inputs' > 'Local performance monitoring' > Select the input I just created
I see the following errors: Failed to fetch data: Admin handler 'win-perfmon-find-collection' not found.
This error is displayed for 'Available objects', 'Counters', 'Instances'

I'm suspecting that this error is the cause that my graph is not being updated.

  1. How can I resolve this error?
  2. How can I resolve the issue with my graph?

Know that I didn't add additional lines in any config file.
Let me know if more information is needed.

Tags (1)
0 Karma
Reply

vanvan
Path Finder
‎10-09-2018 08:39 AM

I am experiencing the same issue. We have Splunk 7.1 on Linux and I am trying to monitor Windows infrastructure. I've deployed the Splunk app for Windows Infrastructure + all the related add-ons and when I go to "Settings" -> "Data Inputs" -> "Forwarded Inputs" -> "Windows Performance Monitoring" I am presented with a screen that says "Local Performance Monitoring". That is strange?!

Also, when I try to dig further down from there, e.g. I click on the "Processor" input I receive the above mentioned error message "Failed to fetch data: Admin handler 'win-perfmon-find-collection' not found." all over the screen.

Should I ignore this message, or there's an issue with my configuration? All the forwarders are installed on Windows desktops and servers with Local System account.

0 Karma
Reply

bwouters
Path Finder
‎11-30-2017 02:41 AM

I found an answer to my second question.

I added the following config to the 'inputs.conf' file on the Universal Forwarder
[perfmon://match the name in splunk web - data input]
disabled = 0
counters = % Free Space
instances = *
interval = 60

0 Karma
Reply

bwouters
Path Finder
‎11-30-2017 01:59 AM

I installed Splunk Universal Forwarder as 'Local User'

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...