All Apps and Add-ons

App for windows infrastructure domain drop downs not populating among other

phamanth
Explorer

Domain controllers have a forwarder with the TA-Windows deployed via server class. Splunk App for Windows Infrastruture on the search head. We get wineventlog, some AD user record changes, logins, etc. However, Things like domain controller health and OU, nor domain drop downs in some dashboards are not populating. During the detect features configuration, Domains, Domain Controllers, and DNS do not get detected.

0 Karma

phamanth
Explorer

No prerequisites were skipped. The splunk supporting add-on for active directory is installed on the search head

0 Karma

tauliang
Communicator

Does the forwarder have SA-ldapsearch installed? It was not clear to me whether it was installed on the forwarder.

Domain controllers have a forwarder with the TA-Windows deployed via server class

0 Karma

phamanth
Explorer

The universal forwarder on the domain controller does not have SA-ldapsearch, only app deployed is TA-windows. SA-ldapsearch is only on the search head.

0 Karma

tauliang
Communicator

Cool. That is great. Is there an indexer between the forwarder and the search head?

0 Karma

phamanth
Explorer

Yes, Currently, looking into the inputs.conf file from the TA-WIndows, As there are monitors that are disabled such as Directory service and File Replication service. If enabled, would that fix the problem?

0 Karma

tauliang
Communicator

Possibly. However, since the deployment has an indexer, if the indexer is used by the search head as search peer, SA-ldapsearch needs to be installed there as well if it is not already installed.

0 Karma

tauliang
Communicator

Splunk App for Windows Infrastructure needs the Splunk Supporting Add-on for Active Directory to get the domain specific data. Please refer to Configure the Splunk App for Windows Infrastructure for more details.

Were the prerequisite checks bypassed when the app was installed?

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...