Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Blacklist Windows 2000 Servers in serverclass.conf

gallantalex
Path Finder
‎12-22-2010 12:20 AM

We are getting a lot of errors from the splunkd.log about a failing splunk-wmi.exe. Here is the exact error:

ERROR ExecProcessor - message from ""D:\Program Files\Splunk\bin\splunk-wmi.exe"" WMI - Unable to connect to WMI namespace "root\cimv2" (attempt to connect took 0 microseconds) (error="One of the parameters to the call is not correct." HRESULT=80041008)

This seems to be happening on mostly the 2k servers but not all of them, and the 2k8 servers are fine. Also the failing servers, when I run the following command I get the same result:

splunk-wmi.exe -wql "select PagesPerSec, AvailableMBytes, CommittedBytes, PercentCommittedBytesInUse from Win32_PerfFormattedData_PerfOS_Memory"

Also when I ran that query using "wbemtest" on one of the failing servers, I get an invalid class error (80041010). Why would this error be different from splunk? We also tried restarting winmgmt and deleting the repository but that didn't change anything. Does the missing class just mean that server does not have the required wmi object and that wql cannot be run there. If so what would be a different wql we could run to get the cputime and memory? Also is there a way to blacklist the windows app in the serverclass.conf by specifying the os type?

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Masa
Splunk Employee
Splunk Employee
‎12-22-2010 09:20 PM

View solution in original post

Reply
Solved! Jump to solution
Solution

Masa
Splunk Employee
Splunk Employee
‎12-22-2010 09:20 PM
Reply
Solved! Jump to solution

gallantalex
Path Finder
‎12-22-2010 10:59 PM

Not the answer I was hoping for but does explain everything. Specifying the clientName in deploymentclient.conf although probably the better solution later if other app need to be disabled is really no different than blacklisting each server in serverclass.conf. Thanks for your reply.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...