Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk stopped collectiing Windows Event logs of Remote

quipment
New Member
‎02-04-2013 06:19 AM

Hi,

We have Windows 2008 R2 SP1 with splunk 5 installed in Domain network.

We have configured to collect windows "System" event log .

But it suddenly stops collecting windows events when the remote system rebooted. and we cannt get events until the "splunkd" service restarted from the server.

After restarting "splunkd" the server starts get collectiong events. but again stops as soon as the remote server or client rebooted.

The firewall is turned off at both ends.

Thanks ,
Prakash

Tags (1)
0 Karma
Reply

quipment
New Member
‎02-14-2013 10:21 PM

Hi,

Enabled debug logging level for wmi from link and found out wmi will retry after 5000 seconds Ref : http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/TroubleshootingWMI#Splunk_can.27t... .
alt text

and by editiing wmi.conf from C:\Program Files\Splunk\etc\system\local and setting time out values

Thanks
Prakash

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-04-2013 08:57 AM

make sure that you configured splunk service to start at boot .....

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎02-04-2013 06:40 AM

It may be helpful to share any errors that you are seeing in the splunkd logs.

http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/WhatSplunklogsaboutitself

I would recommend using the Splunk on Splunk App in the future which will help you search across all Splunk logs when you have an issue like this.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...