Splunk Enterprise Security

Collect remote event logs through WMI

16gym
New Member

My splunk server and remote host server is in the same network.
In the Splunk server, I went Settings-->Data inputs-->Remote Event Log Collection-->New event log collection, and typed the following:
Event Log collection name: Test
Choose logs from this host: 10.22.85.177

An error message "Unable to get wmi classes from host '10.22.85.177'. This host may not be reachable or WMI may be misconfigured." is shown.
I configured them according to this post: https://splk.it/2SIjPft
but it didn't work.

I would like to know how should I configure the WMI settings on the remote host?
Thanks!

0 Karma

deepashri_123
Motivator

Hey@16gym,

You can try referring this link:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Data/MonitorWMIdata

Let me know if this helps!!

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.