Re: Forwarder and WMI

jmbytemoney · ‎09-13-2012

Hi there,

I have a Linux splunk server running and would like to monitor the WMI data (CPU,Memory) from a Windows pc. If I install the full splunk application on the Windows pc and forward the data to my splunk server I get data using the Windows app including WMI data. I then uninstalled the full splunk on the Windows box and tried to use the universal forwarder alone. I get data flowing to my Linux splunk server from the Windows PC however the WMI data is not populating. I have read countless questions posted on here and can simply not crack it. I have checked that it is not a firewall or antivirus issue as there is data flowing.

When trying to follow the prompt: "If you want to add additional hosts you can do so in the WMI inputs section of Manager." I simply get:

404 Not Found
Return to Splunk home page
Splunk cannot find "admin/win-wmi-collections".

Any suggestions?

cmonig · ‎09-14-2012

Hi,

have you checked that the WMI monitor stanzas in the inputs.conf on your forwarder are set / enabled?

What does the output look like when you do a

$SPLUNK_HOME/bin/splunk list monitor

on the universal forwarder?

Cheers,

Christoph

Forwarder and WMI

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation