Getting Data In

All configurations not appearing in Event Log Collection list

jklittle
New Member

I have splunk running on a Windows Server 2008. I have configured splunk to access our DC remotely for event logs. I am working to placing forwarders in the remote locations, but until then. I have some servers not appearing the list and I can't access the configuration to change settings. Any help would be appreciated.

Thx

0 Karma

jklittle
New Member

After doing more research I have found another who is reporting the same problem I am having only better. See question "WMI event logs manager".

0 Karma

Genti
Splunk Employee
Splunk Employee

C:\Program Files\Splunk\etc\apps\search\wmi.conf this doesnt seem right, its missing a \local. should be:

C:\Program Files\Splunk\etc\apps\search\local\wmi.conf

Also from the machine that you are trying to grab the data from, try running wbemtest and see if you can retrieve logs from the other hosts.

0 Karma

jklittle
New Member

Thanks for the info, however the problem isn't getting the log data into splunk, the problem is that the tasks that are configured do not appear on the configuation page in the Splunk> web UI. I have 9 remote event logs tasks appearing, in the wmi.conf file I have 21. I would very much like to manage these from the Web UI and not from the conf file. Any ideas as the issue of this symptom? Thanks for all the imputs.

0 Karma

jklittle
New Member

Same Domain. One collection task per server I don't see all the jobs in the collection task list.

Look at Splunk> errors, I know why I am not getting data server names have changed, I don't know why some are not appearing in the collection task list. Can not edit them through the web page if they don't appear. Have changed the # of items to display with no luck.

Can I edit the wmi.conf file and am I looking at the right one? C:\Program Files\Splunk\etc\apps\search\wmi.conf

0 Karma

justinhart
Path Finder

Jkittle, are you using one event log collection, specifying additional hosts, or do you have a collection for each DC? Are all of the domain controllers members of the same domain?

Also, please check "Search >> Searches & Reports >> Errors >> Splunk errors last 24 hours" for any errors from the splunk server related to your missing DC's.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...