Splunk Enterprise Security

Collect remote event logs through WMI

New Member

My splunk server and remote host server is in the same network.
In the Splunk server, I went Settings-->Data inputs-->Remote Event Log Collection-->New event log collection, and typed the following:
Event Log collection name: Test
Choose logs from this host:

An error message "Unable to get wmi classes from host ''. This host may not be reachable or WMI may be misconfigured." is shown.
I configured them according to this post: https://splk.it/2SIjPft
but it didn't work.

I would like to know how should I configure the WMI settings on the remote host?

0 Karma



You can try referring this link:

Let me know if this helps!!

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!