If you don't have domain administrator access, find someone who can either configure Splunk user access or give domain administrator rights to you. However, you must have domain administrator privileges to configure access for the user. The user that the Splunk platform instance runs as does not need to be a member of the Domain Admins group, and for security reasons, should not be. Both the Splunk platform instance and the target machines must be part of the same AD domain or forest.The machine that runs the instance must be able to connect to the remote machine and must have permissions to get the data from the remote machine after it has connected.The instance user must also be a member of the local Administrators group on the machine that runs the instance.The Windows user that the instance runs as must be a member of an Active Directory (AD) domain or forest and must have appropriate privileges to query WMI providers.The instance that gets the data must be installed with a Windows user that has permissions to perform remote network connections.Whether the instance that indexes your data is a Splunk Cloud Platform or a Splunk Enterprise instance, review the following prerequisites before attempting to use the platform to get data over WMI.īefore the Splunk platform can get WMI-based data: Security and remote access considerationsīoth of the Splunk platform instances that get WMI data and your Windows network must be correctly configured for data access over WMI. If you run Splunk Enterprise, you can collect data over WMI if the machine that you install the instance on runs Windows, or the forwarders that you use to send data to the instance run Windows. The forwarder must run as a domain user with appropriate access to the Windows Performance Data Helper libraries.The forwarder must run as a domain user with at least read access to WMI.Splunk Enterprise can collect performance data over WMI if it runs on a Windows machine.Monitor remote performance monitor counters over WMI For example, a user who is a member of the Event Log Readers group has appropriate access. The forwarder must run as a domain user with appropriate access to the desired event logs.The forwarder must run as a Windows domain user with at least read access to WMI. Splunk Enterprise can collect WMI data directly if it runs on a Windows machine.Splunk Cloud Platform must receive data from a forwarder that runs on Windows.You might need additional permissions based on the event logs or performance counters you want to monitor.įor additional details on what you need to monitor WMI-based data, see Security and remote access considerations in this topic. Here are the minimum requirements to monitor WMI-based data. What do you need to monitor WMI-based data? See Considerations for deciding how to monitor remote Windows data. Use a forwarder if you collect multiple event logs or performance counters from each machine, or from very busy machines like domain controllers. The resource load of WMI can exceed that of installing a universal forwarder in many cases. If possible, when you need to collect Windows data remotely, install a universal forwarder directly onto the machine where you want to collect the Windows data, rather than use WMI. The input runs on the forwarder as a separate process called splunk-wmi.exe. WMI data inputs can connect to multiple WMI providers. Splunk Cloud Platform cannot connect directly to a Windows machine using WMI, so a universal or heavy forwarder is the only option. To get WMI data into Splunk Cloud Platform, you can install a universal or heavy forwarder on a Windows machine and configure that forwarder to use the WMI data input to collect data remotely from other Windows machines, then forward that data to your Splunk Cloud Platform instance. The Splunk platform supports the use of Windows Management Instrumentation (WMI) providers for access to Windows performance and event log data on remote Windows machines without the need to install software on those machines. I know quite a few EUC, DC, HCI and Cloud technologies.Monitor data through Windows Management Instrumentation (WMI) I write to empower, encourage and inspire. I am Citrix Technology Advocate (CTA 2021, 2022, and 2023 class). My name is Nishith Gupta and I work as an Infrastructure Architect in Cognizant.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |