Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

collect Remote event log on my Windows splunk server

dineshahlawat
New Member
‎05-23-2013 12:48 AM

Hello Team,
I am new to splunk,
I need to collect Remote event Log on my Windows splunk server.
So Under my splunk GUI
Manager » Data inputs » Event log collections » My_server_logs
It Gives Me error :

Failed to fetch data: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from host '10.151.57.199'. This host may not be reachable or WMI may be misconfigured.

Now the log i am fetching is a Unix Machine so do i need to configure the win-wmi on unix or there is any other tool i need to configure for this.
please share the sequence of steps to configure this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎05-23-2013 01:09 AM

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎05-23-2013 01:09 AM

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

Reply
Solved! Jump to solution

Ayn
Legend
‎05-23-2013 04:04 AM

Read docs. http://docs.splunk.com/Documentation/Splunk/5.0.2/Deploy/Deploymentoverview

0 Karma
Reply
Solved! Jump to solution

dineshahlawat
New Member
‎05-23-2013 03:41 AM

Thanks Ayn, For clearing this doubt. Can you please share the steps to configure the Universal Forwarder (ON UNIX) to forward the log file to Splunk.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎05-23-2013 03:11 AM

Oh so you mean the other way around? You're running Splunk on Windows but have remote logs on a Unix box? In that case you can't use WMI at all, it's Windows only. For getting events from your remote Unix box, you should install a Universal Forwarder on it and have it send the events back to your indexer. Or configure it to send syslog.

0 Karma
Reply
Solved! Jump to solution

dineshahlawat
New Member
‎05-23-2013 01:46 AM

OK so what can i do to access the unix logs.
please share any reference to configure.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...