I am running splunk 6.6.3 . can anyone help me to Active Directory information into Splunk App for windows infrastructure. I have installed the Splunk AD addon and every sourcetype is eneabled on it. I am unable to get Groups, Group Plocy information, Organizational units information and Active Directory Health information.
All i am able to get is User Information. I am not able to generate default domain lookup tables.
Thanks in advance.
Can you try this command and check outcome:
Also there is troubleshooting doc available:
_internal logs for any kind of error.
the ldap search command is resturning all the user related information. I am also looking to get "eventtype=msad-dc-health" and "DomainList.csv" as there are lots of dependencies on these to populate all the dashboards.
_internal logs doesnot not show errors related to AD or Ldap. Mostly Perfmon Errors.
Yes. I have resolved the issue, I am able to collect all the logs from AD. I have followed the following posts and was able to resolve it.