Solved: collect Remote event log on my Windows splunk serv...

dineshahlawat · ‎05-23-2013

Hello Team,
I am new to splunk,
I need to collect Remote event Log on my Windows splunk server.
So Under my splunk GUI
Manager » Data inputs » Event log collections » My_server_logs
It Gives Me error :

Failed to fetch data: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from host '10.151.57.199'. This host may not be reachable or WMI may be misconfigured.

Now the log i am fetching is a Unix Machine so do i need to configure the win-wmi on unix or there is any other tool i need to configure for this.
please share the sequence of steps to configure this.

Ayn · ‎05-23-2013

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

View solution in original post

Ayn · ‎05-23-2013

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

Ayn · ‎05-23-2013

Read docs. http://docs.splunk.com/Documentation/Splunk/5.0.2/Deploy/Deploymentoverview

dineshahlawat · ‎05-23-2013

Thanks Ayn, For clearing this doubt. Can you please share the steps to configure the Universal Forwarder (ON UNIX) to forward the log file to Splunk.

Ayn · ‎05-23-2013

Oh so you mean the other way around? You're running Splunk on Windows but have remote logs on a Unix box? In that case you can't use WMI at all, it's Windows only. For getting events from your remote Unix box, you should install a Universal Forwarder on it and have it send the events back to your indexer. Or configure it to send syslog.

dineshahlawat · ‎05-23-2013

OK so what can i do to access the unix logs.
please share any reference to configure.

collect Remote event log on my Windows splunk server

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?