Splunk Search

Get windows Local login logs using WMI


Dear ,
I have cluster setup and we need to collect local logging logs from work station using WMI without install UF on targets so I need to know the pre-request .

Tags (1)
0 Karma

Esteemed Legend
0 Karma


I would also consider using Windows Event Forwarding (WEF). WMI log collection has always been problematic for me at scale, since WMI breaks a lot. We use WEF with all our VDIs (45k+).

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...