Splunk Enterprise

How do I remove the remote wmi data sources from splunk light?

bpeer
Engager

I set up splunk light and configured remote windows eventlog monitoring. Then I started reading about the Universal forwarders. Now I want to switch everything over to the UF but the ones I have set up are now listed twice as search hosts. How do I remove the wmi data collectors?

Tags (3)
0 Karma
1 Solution

adonio
Ultra Champion

hi bpeer,
placing here to close the question
you can try to go to settings (top right) -> data inputs -> Remote Events Log Collection -> look for your WMI inputs. -> disable or delete
hope it helps

View solution in original post

0 Karma

adonio
Ultra Champion

hi bpeer,
placing here to close the question
you can try to go to settings (top right) -> data inputs -> Remote Events Log Collection -> look for your WMI inputs. -> disable or delete
hope it helps

0 Karma

bpeer
Engager

That is what I was looking for. Thank you adonio.

Brad

0 Karma

adonio
Ultra Champion

hi bpeer,
you can try to go to settings (top right) -> data inputs -> Remote Events Log Collection -> look for your WMI inputs. -> disable or delete
hope it helps

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...