Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- No more Event Logs from Client's
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No more Event Logs from Client's
Hy,
i dont know why, but since 5 days i become no more Event Logs from Client PC's (Windows XP).
When i remote connect to this PC's i see new Events, but Splunk become nothing.
Can i see anywhere why?.
From all Servers i become the logs all the time, only client pc's stop this since 5 days, and i dont know why.
greets.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was now change the configuration from "Computername" to there IP-Adress and now i become reports...hm...i must check this the next few days.
Other Question, how can i do a dashboard with manually Computernames?
When i do a event log dashboard i use:
source="WMI:WinEventLog:" ComputerName="" | stats count count(eval(Type="Warnung")) as warnings count(eval(Type="Fehler")) as errors by host
But we have MAC-Adress as Computername, i see only "FFC00..." "FF00..." and so on, how must i change the search command that i have costum Names for the restults?
FFCC00 = Computer1
FF00 = Computer2 and so on.
greets.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you checked the splunkd.log on both server and client?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would check client event logs since you are collecting with WMI.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What i have to check on clients? Clients didnt have a splunkd.log?! :D.
And on Splunk i have 2 errors:
03-27-2012 15:09:18.524 +0200 ERROR splunk-perfmon - PerfmonHelper::enumObjectByNameEx: PdhEnumObjectItems failed for 'Memory' with (0xc0000bb8): Das angegebene Objekt wurde nicht im System gefunden.
03-27-2012 15:13:53.764 +0200 ERROR ExecProcessor - message from "C:\Programme\Splunk\bin\splunk-wmi.exe" WMI - Error occurred while trying to retrieve results from a WMI query (error="Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt." HRESULT=800706BF) (\servername\root\cimv2: Select PercentProcessorTime,PercentUserTime from Win32_PerfFormattedData_PerfOS_Processor where Name = "_Total")
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
