I'm looking to use Splunk to pull in WMI data and utilize the reports in the Windows App. In the Data Inputs section > Remote Event Log Collections, I can click "New" and pull information from a remote server. But the only items listed are Application, Security, System, Hardware Events, Internet Explorer, Key Management Service, and Windows PowerShell. I re-configured to run everything under a Domain account, which is given local admin rights on all servers (Windows Server 2008, R2) to get the logs to show up.
On our Splunk server, the Windows app is simply working. It only reports statistics for the local Splunk server. If I go to Performance Management > CPU, it lists all servers as hosts, but no statistics are reported for any other servers.
The Event Logs are being captured; I simply don't have the option to capture any additional WMI data.
Hi Doug,
You just need to copy the wmi.conf from the etc/system/local of the app to the forwarder.
You can tweak that file as well, to set non-default indices, interval collection times etc.
HTH, Assaph