Splunk Search

No more Event Logs from Client's

Rhuen
New Member

Hy,

i dont know why, but since 5 days i become no more Event Logs from Client PC's (Windows XP).

When i remote connect to this PC's i see new Events, but Splunk become nothing.
Can i see anywhere why?.

From all Servers i become the logs all the time, only client pc's stop this since 5 days, and i dont know why.

greets.

Tags (1)
0 Karma

Rhuen
New Member

I was now change the configuration from "Computername" to there IP-Adress and now i become reports...hm...i must check this the next few days.

Other Question, how can i do a dashboard with manually Computernames?
When i do a event log dashboard i use:

source="WMI:WinEventLog:" ComputerName="" | stats count count(eval(Type="Warnung")) as warnings count(eval(Type="Fehler")) as errors by host

But we have MAC-Adress as Computername, i see only "FFC00..." "FF00..." and so on, how must i change the search command that i have costum Names for the restults?
FFCC00 = Computer1
FF00 = Computer2 and so on.

greets.

0 Karma

jgedeon120
Contributor

Have you checked the splunkd.log on both server and client?

0 Karma

jgedeon120
Contributor

I would check client event logs since you are collecting with WMI.

0 Karma

Rhuen
New Member

What i have to check on clients? Clients didnt have a splunkd.log?! :D.
And on Splunk i have 2 errors:

03-27-2012 15:09:18.524 +0200 ERROR splunk-perfmon - PerfmonHelper::enumObjectByNameEx: PdhEnumObjectItems failed for 'Memory' with (0xc0000bb8): Das angegebene Objekt wurde nicht im System gefunden.

03-27-2012 15:13:53.764 +0200 ERROR ExecProcessor - message from "C:\Programme\Splunk\bin\splunk-wmi.exe" WMI - Error occurred while trying to retrieve results from a WMI query (error="Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt." HRESULT=800706BF) (\servername\root\cimv2: Select PercentProcessorTime,PercentUserTime from Win32_PerfFormattedData_PerfOS_Processor where Name = "_Total")

0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...