Enable WMI:LocalNetwork

rgraetz · ‎02-23-2011

Hello,

How to enable WMI:LocalNetwork? Where is the correct config file? Doesn't find anything about the syntax in the wiki.....

thx alot.....

proctorgeorge · ‎02-28-2011

Hello rgraetz,

Here are some assumptions I am making about your question, if these are incorrect then please clarify in your question.

1: That you have the Windows App installed and are using it to gather WMI information.

2: That you are not using deployment clients or light weight forwarders.

If that is the case then in the folder %SPLUNK-INSTALL%\etc\apps\windows\local (ex. C:\Program Files\Splunk\etc\apps\windows\local) on the server you want to monitor there should be a file called wmi.conf that holds configurations for WMI inputs. It's got stanzas like this inside:

 [WMI:FreeDiskSpace] 
 interval = 60
 disabled = 0 
 server = localhost

You want to Add (or un-disable) the LocalNetwork one, which will look something like this:

[WMI:LocalNetwork]
interval = 300
disabled = 0

TL;DR: The correct config file is wmi.conf in the folder %SPLUNK-INSTALL%\etc\apps\windows\local and the syntax is like above 🙂

Enable WMI:LocalNetwork

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?

Enable WMI:LocalNetwork

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI