Hi,

I have a forwarder which collects WMI (cpu, disk, processes, memory) from ~150 servers (win2008R2, win2003). In splunk-launch.conf I have several variables for groups of these servers which looks like:
SPLUNK_SRVRGROUP1=SERVER1,SERVER2...SERVERN
SPLUNK_SRVRGROUP2=SERVER1,SERVER2...SERVERN

so in wmi.conf:
server = $SPLUNK_SRVRGROUP1,$SPLUNK_SRVRGROUP2

Sometimes forwarder stops pull/collect data for some random servers in the group. And I don't know why - there is no any error information in log files. After restarting the splunk service everything is OK, but after some time (1 day, 3 days - random) it happens again

The version of splunk indexer/forwarder is 4.2.2

Any suggestions?