Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found.

jpforti
Engager
‎04-01-2015 08:58 AM

Hello,

I've installed Splunk on a Linux server.
I've installed Splunk Universal Forwarder on my Windows Servers.

I'm trying to collect CPU and Memory indicators from the Windows Servers.

Once I've created the Windows Performance Monitoring Forwarded data inputs, I cannot edit it anymore and I face the following error message:
"Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found."

Any idea why could be the cause this error?

I can see that on the Windows servers the config is pushed in the \SplunkUniversalForwarder\etc\apps_server_app_CS10TEST\local\inputs.conf files

But no data are coming back to the Splunk server.

Thanks,

JP

Tags (1)
Reply

tred23
Path Finder
‎09-02-2016 05:10 AM

try this:
In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

Or check these out:
http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/MonitorWMIdata
http://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonWindows#Choose_the_user_Spl...
http://docs.splunk.com/Documentation/Splunk/latest/Data/ConsiderationsfordecidinghowtomonitorWindows...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...