Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found.

jpforti
Engager
‎04-01-2015 08:58 AM

Hello,

I've installed Splunk on a Linux server.
I've installed Splunk Universal Forwarder on my Windows Servers.

I'm trying to collect CPU and Memory indicators from the Windows Servers.

Once I've created the Windows Performance Monitoring Forwarded data inputs, I cannot edit it anymore and I face the following error message:
"Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found."

Any idea why could be the cause this error?

I can see that on the Windows servers the config is pushed in the \SplunkUniversalForwarder\etc\apps_server_app_CS10TEST\local\inputs.conf files

But no data are coming back to the Splunk server.

Thanks,

JP

Tags (1)
Reply

tred23
Path Finder
‎09-02-2016 05:10 AM

try this:
In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

Or check these out:
http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/MonitorWMIdata
http://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonWindows#Choose_the_user_Spl...
http://docs.splunk.com/Documentation/Splunk/latest/Data/ConsiderationsfordecidinghowtomonitorWindows...

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...