Solved: Re: Remote event log collections polling

Jodge · ‎07-12-2011

When collecting remote event logs how frequently does Splunk poll the remote host and is this configurable?

Vladimir · ‎07-12-2011

There is no default value and you can configure the interval of polling, check wmi.conf documentation http://www.splunk.com/base/Documentation/latest/admin/Wmiconf

interval = <integer>
* How often, in seconds, to poll for new data.
* This attribute is required, and the input will not run if the attribute is
  not present.
* There is no default.

View solution in original post

Jodge · ‎07-12-2011

Doh! I knew that I knew the answer before posting the question.

It's in the config file but not in the UI.

Thank you.

Vladimir · ‎07-12-2011

There is no default value and you can configure the interval of polling, check wmi.conf documentation http://www.splunk.com/base/Documentation/latest/admin/Wmiconf

interval = <integer>
* How often, in seconds, to poll for new data.
* This attribute is required, and the input will not run if the attribute is
  not present.
* There is no default.

Remote event log collections polling

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Remote event log collections polling

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...