Failed to fetch data: In handler 'win-perfmon-find...

jpforti · ‎04-01-2015

Hello,

I've installed Splunk on a Linux server.
I've installed Splunk Universal Forwarder on my Windows Servers.

I'm trying to collect CPU and Memory indicators from the Windows Servers.

Once I've created the Windows Performance Monitoring Forwarded data inputs, I cannot edit it anymore and I face the following error message:
"Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found."

Any idea why could be the cause this error?

I can see that on the Windows servers the config is pushed in the \SplunkUniversalForwarder\etc\apps_server_app_CS10TEST\local\inputs.conf files

But no data are coming back to the Splunk server.

Thanks,

JP

tred23 · ‎09-02-2016

try this:
In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

Or check these out:
http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/MonitorWMIdata
http://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonWindows#Choose_the_user_Spl...
http://docs.splunk.com/Documentation/Splunk/latest/Data/ConsiderationsfordecidinghowtomonitorWindows...

Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation