Failed to fetch data: In handler 'win-perfmon-find...

jpforti · ‎04-01-2015

Hello,

I've installed Splunk on a Linux server.
I've installed Splunk Universal Forwarder on my Windows Servers.

I'm trying to collect CPU and Memory indicators from the Windows Servers.

Once I've created the Windows Performance Monitoring Forwarded data inputs, I cannot edit it anymore and I face the following error message:
"Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found."

Any idea why could be the cause this error?

I can see that on the Windows servers the config is pushed in the \SplunkUniversalForwarder\etc\apps_server_app_CS10TEST\local\inputs.conf files

But no data are coming back to the Splunk server.

Thanks,

JP

tred23 · ‎09-02-2016

try this:
In order to collect WMI data from the remote machine, the user connecting must have rights on the remote machine. I'm confident that you will need to install splunk as a specific user and then give that user WMI rights on the collection target. In addition, 6.0.x and prior, your specific user will also have to be a member of the local admin group on the machine splunk is installed on.

Or check these out:
http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/MonitorWMIdata
http://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonWindows#Choose_the_user_Spl...
http://docs.splunk.com/Documentation/Splunk/latest/Data/ConsiderationsfordecidinghowtomonitorWindows...

Failed to fetch data: In handler 'win-perfmon-find-collection': Admin handler 'win-perfmon-find-collection' not found.

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes