Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Access is Denied from Splunk Server to Remote Server

ericmoss
Explorer
‎05-12-2010 06:40 PM

I am trying to forward event logs from a Windows XP machine to a Windows 2003 machine. I set up Splunk on the Windows XP machine to forward to the Windows 2003 machine (receiving).

I have tried adding data inputs as 'Local Event Log Connection', 'Remote Event Log Collection', and 'WMI Collections'. However, when I test connections, I receive an error message saying that I get the following error message "Failed to fetch data: In handler 'win-wmi-find-collection': Unable to get wmi classes from host '10.21.45.10': -0x7ff8fffb- Access is denied. Make sure WMI is configured correctly."

When I test connection using the wbemtest, I receive an error message saying that "Access is Denied" as well. There is no Active Directory set up on the machines I am working on. They are on the same subnet. I have changed a lot of the settings, permissions, and services around on the machines in past few days and was wondering if anyone knew exactly what settings or permissions needed to be enabled/disabled/started. Thanks!

Reply

the_wolverine
Champion
‎05-12-2010 09:11 PM

This is most likely an issue with insufficient permissions. It has been addressed by this answers post.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...