Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitor missing WMI events pull Windows Server

rossikwan
Path Finder
‎08-08-2012 11:47 PM

Hi all,

I have below Splunk setup for the various kind of servers events,

  1. Main indexer: Linux Redhat installed with Splunk indexer, search head, (for UNIX UF, Linux UF, syslog, etc)
  2. Domain joined Windows server with Splunk UF installed (for WMI pull events, shared files, etc)

Since I would like to monitor the missing status of the UNIX & Linux UF, the "missing forwarders search" in Splunk Deployment Monitor app is working fine for those hosts received from UF. It does a really great job at all.

But, since most of the Windows WMI events is pulled from the Windows Server (with UF), and that's mean the "missing forwarder search" isn't represent for the WMI host missing status.

Could anyone help that any hints to check the missing Windows host in this WMI inputs?

P.S. I am thinking that use "diff" to compare the list of hosts for WMI events in 2 period of time, and I think there should have a faster & elegant way for this. Thanks in advance.

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎08-09-2012 04:31 AM

Yes, you can alert on any host that hasn't sent data in a certain period of time. The example in the link below is checking every 60 seconds but it's easy to modify.

http://splunk-base.splunk.com/answers/7466/alert-if-no-log-messages

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...