Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why isn't WMI class working with Splunk?

jip31
Motivator
‎10-03-2018 03:15 AM

hello

I fluently use WMI request with Splunk.

until now, i haven't had any problems.

I have to use these 2 WMI classes, but Splunk is unable to request from them.

Anybody have an idea why this is happening? Are there some restrictions between Splunk and WMI???

[WMI:BatteryFull]
disabled = 0
interval = 30
wql = SELECT * FROM BatteryFullChargedCapacity
index = windows-wmi

[WMI:BatteryStatic]
disabled = 0
interval = 30
wql = SELECT * FROM BatteryStaticData
index = windows-wmi
Tags (2)
0 Karma
Reply

hnorvik
Explorer
‎07-08-2022 09:07 AM

Taking a chance on answering an old question here since I got stuck with the same issue..... 

It now worked fine on my Universal forwarder. You just need to add this line to wmi.conf:

namespace = root\wmi

I also noticed that when doing the splunk cmd test query you need to pay attention to the case of -namespace

 -Namespace triggers an error while -namespace works fine.

0 Karma
Reply

jip31
Motivator
‎10-04-2018 04:32 AM

Dont you think its because the WMI namespace that Splunk Enterprise accesses (most commonly Root\CIMV2) must have proper permissions. These permissions must be set manually on each host in your enterprise, as there is no global WMI security. ?

0 Karma
Reply

jip31
Motivator
‎10-05-2018 10:04 PM

I checked the log and i have this :
10-06-2018 06:59:44.210 +0200 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-wmi.exe"" WMI - Error occurred while trying to retrieve results from a WMI query (error="Specified class is not valid." HRESULT=80041010) (root\cimv2: SELECT * FROM BatteryFullChargedCapacity)

is thre omething to do for doing valid a wmi class??

0 Karma
Reply

jip31
Motivator
‎10-03-2018 11:22 PM

nobody has an idea please??

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...