I have a Linux splunk server running and would like to monitor the WMI data (CPU,Memory) from a Windows pc. If I install the full splunk application on the Windows pc and forward the data to my splunk server I get data using the Windows app including WMI data. I then uninstalled the full splunk on the Windows box and tried to use the universal forwarder alone. I get data flowing to my Linux splunk server from the Windows PC however the WMI data is not populating. I have read countless questions posted on here and can simply not crack it. I have checked that it is not a firewall or antivirus issue as there is data flowing.

When trying to follow the prompt: "If you want to add additional hosts you can do so in the WMI inputs section of Manager." I simply get:

404 Not Found

Splunk cannot find "admin/win-wmi-collections".

Any suggestions?

have you checked that the WMI monitor stanzas in the inputs.conf on your forwarder are set / enabled?

What does the output look like when you do a

$SPLUNK_HOME/bin/splunk list monitor

on the universal forwarder?



