I saw that post and set it up for testing... Have yet to figure out how it collects data from the win servers, should get that figured out today! Thanks!
What NMS do you use?
Okay do you or anyone else have any well written howto on how to set this up? I am finding documents like this one - http://www.splunk.com/base/Documenta...MonitorWMIdata
However the steps they walk you through are missing pieces.
. Click Manager in the upper right-hand corner of Splunk Web.
2. Under System configurations, click Data Inputs.
3. Click WMI collections.
I do not have "WMI collections"
Just put splunk on a win virtual machine and voilą, looks like monitoring win events is best done from a win splunk instance?