When setting up a Splunk forwarder for monitoring a Windows server, we receive performance metrics, but not Windows events. When I enter the application log's data input settings and ask it to look for logs on the server I am given the following error:
'win-wmi-enum-eventlogs': Admin handler 'win-wmi-enum-eventlogs' not found.
I suspect this is something related to my issue as the forwarder doesn't seem to be able to enumerate the event logs on the server and I am having trouble receiving logs from this server. Is this a known error or is this likely to be an issue with the Windows Server?
The forwarder is version 6.2.5 and is being run as the local system, the server is a domain controller and I've tried running it as system and as the domain administrator.
... View more