Getting Data In

Access is Denied from Splunk Server to Remote Server

ericmoss
Explorer

I am trying to forward event logs from a Windows XP machine to a Windows 2003 machine. I set up Splunk on the Windows XP machine to forward to the Windows 2003 machine (receiving).

I have tried adding data inputs as 'Local Event Log Connection', 'Remote Event Log Collection', and 'WMI Collections'. However, when I test connections, I receive an error message saying that I get the following error message "Failed to fetch data: In handler 'win-wmi-find-collection': Unable to get wmi classes from host '10.21.45.10': -0x7ff8fffb- Access is denied. Make sure WMI is configured correctly."

When I test connection using the wbemtest, I receive an error message saying that "Access is Denied" as well. There is no Active Directory set up on the machines I am working on. They are on the same subnet. I have changed a lot of the settings, permissions, and services around on the machines in past few days and was wondering if anyone knew exactly what settings or permissions needed to be enabled/disabled/started. Thanks!

the_wolverine
Champion

This is most likely an issue with insufficient permissions. It has been addressed by this answers post.

Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...