Getting Data In

All configurations not appearing in Event Log Collection list

New Member

I have splunk running on a Windows Server 2008. I have configured splunk to access our DC remotely for event logs. I am working to placing forwarders in the remote locations, but until then. I have some servers not appearing the list and I can't access the configuration to change settings. Any help would be appreciated.

Thx

0 Karma

New Member

After doing more research I have found another who is reporting the same problem I am having only better. See question "WMI event logs manager".

0 Karma

Splunk Employee
Splunk Employee

C:\Program Files\Splunk\etc\apps\search\wmi.conf this doesnt seem right, its missing a \local. should be:

C:\Program Files\Splunk\etc\apps\search\local\wmi.conf

Also from the machine that you are trying to grab the data from, try running wbemtest and see if you can retrieve logs from the other hosts.

0 Karma

New Member

Thanks for the info, however the problem isn't getting the log data into splunk, the problem is that the tasks that are configured do not appear on the configuation page in the Splunk> web UI. I have 9 remote event logs tasks appearing, in the wmi.conf file I have 21. I would very much like to manage these from the Web UI and not from the conf file. Any ideas as the issue of this symptom? Thanks for all the imputs.

0 Karma

New Member

Same Domain. One collection task per server I don't see all the jobs in the collection task list.

Look at Splunk> errors, I know why I am not getting data server names have changed, I don't know why some are not appearing in the collection task list. Can not edit them through the web page if they don't appear. Have changed the # of items to display with no luck.

Can I edit the wmi.conf file and am I looking at the right one? C:\Program Files\Splunk\etc\apps\search\wmi.conf

0 Karma

Path Finder

Jkittle, are you using one event log collection, specifying additional hosts, or do you have a collection for each DC? Are all of the domain controllers members of the same domain?

Also, please check "Search >> Searches & Reports >> Errors >> Splunk errors last 24 hours" for any errors from the splunk server related to your missing DC's.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!