Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found.

jpforti
Engager
‎04-01-2015 08:58 AM

Hello,

I've installed Splunk on a Linux server.
I've installed Splunk Universal Forwarder on my Windows Servers.

I'm trying to collect CPU and Memory indicators from the Windows Servers.

Once I've created the Windows Performance Monitoring Forwarded data inputs, I cannot edit it anymore and I face the following error message:
"Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found."

Any idea why could be the cause this error?

I can see that on the Windows servers the config is pushed in the \SplunkUniversalForwarder\etc\apps_server_app_CS10TEST\local\inputs.conf files

But no data are coming back to the Splunk server.

Thanks,

JP

Tags (1)
Reply

tred23
Path Finder
‎09-02-2016 05:10 AM

try this:
In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

Or check these out:
http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/MonitorWMIdata
http://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonWindows#Choose_the_user_Spl...
http://docs.splunk.com/Documentation/Splunk/latest/Data/ConsiderationsfordecidinghowtomonitorWindows...

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...