Splunk Enterprise Security

Collect remote event logs through WMI

New Member

My splunk server and remote host server is in the same network.
In the Splunk server, I went Settings-->Data inputs-->Remote Event Log Collection-->New event log collection, and typed the following:
Event Log collection name: Test
Choose logs from this host:

An error message "Unable to get wmi classes from host ''. This host may not be reachable or WMI may be misconfigured." is shown.
I configured them according to this post: https://splk.it/2SIjPft
but it didn't work.

I would like to know how should I configure the WMI settings on the remote host?

0 Karma



You can try referring this link:

Let me know if this helps!!

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!