Checking the uberAgent UXM app in Splunk for a Windows 11 machine, or querying index=uberAgent for a specific machine, will return no results.  The uberAgent.log from the Windows 11 machine will contain the following error.

Error: 'wmic' is not recognized as an internal or external command,operable program or batch file.

The uberAgent configuration must be updated to specify PowerShell as the default WMI provider.  This can be done in one of two ways:

1. If utilizing a configuration file, add WmiProvider=PowerShell to the [Miscellaneous] stanza in the uberAgent.conf file.
2. If utilizing Group Policy, set the WMI Provider to PowerShell under Computer Configuration\Policies\Administrative Templates\uberAgent\Miscellaneous.

Problem Cause

WMIC is currently the default WMI provider for uberAgent.  However, Windows 11 utilizes PowerShell as the default WMI provider; WMIC is only available as an optional component via Feature On Demand.  Therefore, it is necessary to configure uberAgent to use PowerShell to retrieve WMI data.