https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694360#M115376 <P>Typical GDI troubleshooting steps include:</P><OL><LI>Verify the input configuration, including the URL and credentials.</LI><LI>Verify the Splunk server running the add-on can connect to the MS server.&nbsp; Use <FONT face="courier new,courier">curl</FONT> or a similar tool.</LI><LI>Check splunkd.log for related messages.</LI><LI>Check the MS logs for related messages.</LI><LI>If you're using Splunk search to see if data is coming in then double-check the SPL.&nbsp; Verify the index name.&nbsp; Try specifying <FONT face="courier new,courier">latest=+1y</FONT> to account for timestamp errors.</LI></OL> Fri, 26 Jul 2024 00:21:47 GMT richgalloway 2024-07-26T00:21:47Z https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694295#M115373 <P>Hi All,</P><P>Data is not getting indexed after adding the conf</P> Thu, 25 Jul 2024 14:36:58 GMT https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694295#M115373 pavithra 2024-07-25T14:36:58Z https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694301#M115374 <P>Data will not be indexed automatically after adding the add-on.&nbsp; Inputs must be configured so the add-on knows where to find the data.&nbsp; See <A href="https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Configure" target="_blank">https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Configure</A></P> Thu, 25 Jul 2024 15:15:30 GMT https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694301#M115374 richgalloway 2024-07-25T15:15:30Z https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694303#M115375 <P class="lia-align-justify">Hi ,</P><P class="lia-align-justify">I have added the config details already&nbsp; , still data is not coming</P> Thu, 25 Jul 2024 15:29:49 GMT https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694303#M115375 pavithra 2024-07-25T15:29:49Z https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694360#M115376 <P>Typical GDI troubleshooting steps include:</P><OL><LI>Verify the input configuration, including the URL and credentials.</LI><LI>Verify the Splunk server running the add-on can connect to the MS server.&nbsp; Use <FONT face="courier new,courier">curl</FONT> or a similar tool.</LI><LI>Check splunkd.log for related messages.</LI><LI>Check the MS logs for related messages.</LI><LI>If you're using Splunk search to see if data is coming in then double-check the SPL.&nbsp; Verify the index name.&nbsp; Try specifying <FONT face="courier new,courier">latest=+1y</FONT> to account for timestamp errors.</LI></OL> Fri, 26 Jul 2024 00:21:47 GMT https://community.splunk.com/t5/Getting-Data-In/MS-security-integration-with-splunk/m-p/694360#M115376 richgalloway 2024-07-26T00:21:47Z