https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/531821#M64359 <P>Possible explanation <A href="https://community.splunk.com/t5/All-Apps-and-Add-ons/App-for-Windows-Infrastructure-can-t-track-AD-Users-or-Groups/m-p/193476/highlight/false#M19906" target="_self">here</A>. Few years old though. The suggestion is that the detect features check only looks for events in the last 15min. So click enable on the 'not found' features, and save.</P><P>The Windows Infrastructure dashboards should start populating data given enough time.</P> Thu, 03 Dec 2020 06:31:52 GMT Ibbers 2020-12-03T06:31:52Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/467923#M57496 <P>Hello Spunkers,<BR /> I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for. The Windows Overview dashboard is populating and it is finding some AD data, so I think the AD data is being ingested just not being parsed correctly, but I don't know how to tell.<BR /> Thanks in advance for any help.</P> <P>Here is the output of the "detect features" button.<BR /> Detecting Event Monitoring ...<BR /> Windows: Event Monitoring found.<BR /> Detecting Performance Monitoring ...<BR /> Windows: Performance Monitoring found.<BR /> Detecting Applications and Updates ...<BR /> Windows: Applications and Updates found.<BR /> Detecting Network Monitoring ...<BR /> Windows: Network Monitoring not found. (This one is expected)<BR /> Detecting Print Monitoring ...<BR /> Windows: Print Monitoring not found. (This one is expected)<BR /> Detecting Host Monitoring ...<BR /> Windows: Host Monitoring found.<BR /> Detecting Domains ...<BR /> Active Directory: Domains not found.<BR /> Detecting Domain Controllers ...<BR /> Active Directory: Domain Controllers not found.<BR /> Detecting DNS ...<BR /> Active Directory: DNS found.<BR /> Detecting Users ...<BR /> Active Directory: Users not found.<BR /> Detecting Computers ...<BR /> Active Directory: Computers not found.<BR /> Detecting Groups ...<BR /> Active Directory: Groups not found.<BR /> Detecting Group Policy ...<BR /> Active Directory: Group Policy found.<BR /> Detecting Organizational Units ...<BR /> Active Directory: Organizational Units found.</P> <P>Splunk version: 7.3.0<BR /> Splunk app for Windows Infrastructure version: 2.0.1<BR /> Splunk Supporting Add-on for Active Directory version: 3.0.1 (Connection status on configuration tab is successful)</P> Tue, 07 Apr 2020 19:20:23 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/467923#M57496 eliasit 2020-04-07T19:20:23Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/531818#M64357 <P>How did you end up going with this? I've had a similiar thing (Perfmon and Printmon were expected for me, as I'd disabled the inputs) with my setup.<BR /><BR />I haven't found much in the way of explanation unfortunately in doco, beyond a vague suggestion that the feature/s may not work if Active Directory hasn't generated the logs on its end.<BR /><BR />Sidenote - did you do anything to get the Applications and Updates detected?</P> Thu, 03 Dec 2020 06:24:06 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/531818#M64357 Ibbers 2020-12-03T06:24:06Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/531821#M64359 <P>Possible explanation <A href="https://community.splunk.com/t5/All-Apps-and-Add-ons/App-for-Windows-Infrastructure-can-t-track-AD-Users-or-Groups/m-p/193476/highlight/false#M19906" target="_self">here</A>. Few years old though. The suggestion is that the detect features check only looks for events in the last 15min. So click enable on the 'not found' features, and save.</P><P>The Windows Infrastructure dashboards should start populating data given enough time.</P> Thu, 03 Dec 2020 06:31:52 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Windows-Infrastructure-app-Active-Directory-Error/m-p/531821#M64359 Ibbers 2020-12-03T06:31:52Z