hi
in wmi.conf i have the code below
but when i done index="windows-wmi" sourcetype="WMI:Reliability" nothing is displayed
could you help me please??
[settings]
initial_backoff = 5
max_backoff = 20
max_retries_at_max_backoff = 2
checkpoint_sync_interval = 2
## Reliability
[WMI:Reliability]
disabled = 0
interval = 2
wql = SELECT * FROM Win32_ReliabilityRecords
index = windows-wmi
Hi yes i tried thé procédure
I just use SPLUNK on my local system
And yes i have created the windows WMI index
Unless someone can spot some obvious error, I think this will need some structured troubleshooting.
Can you share your Splunk architecture (is this just a single local Windows Splunk instance, or is this inputs.conf on a forwarder that sends it to a distributed setup?)?
Any errors in this instance's splunkd.log?
If it is not a single instance: is the forwarding connection working properly in general?
Does the account splunk runs under have permissions to read that particular WMI source?
Does that index exist (on your indexer)?
Have you tried the WMI test procedure? http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWMIdata#Test_access_to_WMI_providers
nobody for advicing me please???