Solved: Getting Error When trying to read windows event l...

harshavrath · ‎03-19-2014

HI
I'm getting an error as "Failed to fetch data: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from host '...*'. This host may not be reachable or WMI may be misconfigured."

I'm i getting this error because my Splunk is installed as Local User.?

Splunk is installed on Windows Server 2003.

Splunk is installed in an US Machine by my manager I'm remotely logging in & using it.

wcolgate_splunk · ‎04-29-2014

In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

View solution in original post

wcolgate_splunk · ‎04-29-2014

In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

Getting Error When trying to read windows event logs from am remote machine.

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!