Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Getting remote WMI based data without forwarder

anoopambli
Communicator
‎11-09-2014 06:33 AM

We have Splunk indexer running on Windows 2008 server with domain account. Domain account what used to run the service has admin rights on all the windows servers in the environments.

What i am trying to achieve is this. I need to get win32_operatingsystem class details of remote windows server where forwarder is not installed. Is there any way we can do this via splunk? basically and on - demand search as there are 1000s of windows servers across the environment.

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎11-09-2014 08:04 AM

You can configure your indexer to collect data from remote systems over WMI by going to Settings -> Data Inputs -> Remote event log collection or Remote performance monitoring.

That will index that data, not do an ad-hoc search... and I'm not sure how many hosts one indexer can support on the side, but 1000s seems a bit much. If you really can't roll out forwarders to those systems you could have a bunch of heavy forwarders running that do the remote WMI calls and forward the data to your indexers.

Reply

snickered
Path Finder
‎11-09-2014 07:59 AM

Maybe I don't understand totally but could you just use powershell/vbscript/whatever from your indexer to pull the info you want?

0 Karma
Reply

anoopambli
Communicator
‎11-09-2014 09:07 PM

Thanks for the replies...

What i am trying to do is building a dashboard for our Windows Server support group. The source of the dashboard would different logs from different monitoring systems (like HP SiteScope). Along with these details the support group also wants to see the last reboot time(there is no forwarder present on these windows servers). I do not really want to index the last reboot details from WMI class but more of getting that data real time and show it on the board. If this is not directly possible, is there a way we can trigger a script via a splunk search and get result?

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...