Hi Guys,
I'm a newbiew. I have just installed splunk App for Windows Infrastructure but I have a problem about detect Window & Active Directory feature. I was only following guide from http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/Deploymentprocess but not sucess. I can't detect full Window, AD feature. The following is log when I tried detect feature.
Detecting Event Monitoring
Windows: Event Monitoring found.
Detecting Performance Monitoring
Windows: Performance Monitoring found.
Detecting Applications and Updates
Windows: Applications and Updates not found.
Detecting Network Monitoring
Windows: Network Monitoring not found.
Detecting Print Monitoring
Windows: Print Monitoring not found.
Detecting Host Monitoring
Windows: Host Monitoring not found.
Detecting Domains
Active Directory: Domains not found.
Detecting Domain Controllers
Active Directory: Domain Controllers not found.
Detecting DNS
Active Directory: DNS not found.
Detecting Users
Active Directory: Users found.
Detecting Computers
Active Directory: Computers found.
Detecting Groups
Active Directory: Groups found.
Please help me solve problem. Thanks for your support.
Hi rsennett_splunk, ppablo_splunk
This is log file's SAldapsearch.
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.ldap.ActiveDirectory:getConnectionForEntry#-1] ERROR Could not find entry xxx in ldap.conf
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.program.LDAPFilter:Execute#-1] ERROR No connection available for xxx
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.ldap.ActiveDirectory:getConnectionForEntry#-1] ERROR Could not find entry xxx*strong text* in ldap.conf
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.program.LDAPFilter:Execute#-1] ERROR No connection available for xxx*strong text*
I don't know why SAldapsearch not connect to AD. The following is file config SAldapsearch.
Please help me troubleshooting for this case.
Thanks.
This is file inputs config of Splunk_TA_Window. Please check for me about this file?
[WinEventLog://Application]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
[WinEventLog://System]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
[monitor://$WINDIR\System32\DHCP]
disabled = 0
whitelist = DhcpSrvLog*
crcSalt =
[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog
[fschange:$WINDIR\System32\drivers\etc]
disabled = 0
hashMaxSize = 1048576
pollPeriod = 30
[script://.\bin\win_listening_ports.bat]
disabled = 0
interval = 3600
sourcetype = Script:ListeningPorts
[script://.\bin\win_installed_apps.bat]
disabled = 0
interval = 86400
sourcetype = Script:InstalledApps
[script://.\bin\win_timesync_configuration.bat]
disabled = 0
interval = 86400
sourcetype = Script:TimesyncConfiguration
[script://.\bin\win_timesync_status.bat]
disabled = 0
interval = 7200
sourcetype = Script:TimesyncStatus
[perfmon://CPUTime]
counters = % Processor Time;% User Time
disabled = 0
instances = _Total
interval = 10
object = Processor
[perfmon://FreeDiskSpace]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 10
object = LogicalDisk
[perfmon://Memory]
counters = % Committed Bytes In Use;Available Bytes;Committed Bytes
disabled = 0
interval = 10
object = Memory
[perfmon://LocalNetwork]
counters = Bytes Received/sec;Bytes Sent/sec;Bytes Total/sec;Current Bandwidth
disabled = 0
instances = *
interval = 10
object = Network Interface
Thanks
Hi rsennett_splunk, ppablo_splunk
This is log file's SAldapsearch.
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.ldap.ActiveDirectory:getConnectionForEntry#-1] ERROR Could not find entry xxx in ldap.conf
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.program.LDAPFilter:Execute#-1] ERROR No connection available for xxx
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.ldap.ActiveDirectory:getConnectionForEntry#-1] ERROR Could not find entry xxx*strong text* in ldap.conf
2014-07-03 16:52:52.702 +0700 pid=544 [com.splunk.program.LDAPFilter:Execute#-1] ERROR No connection available for xxx*strong text*
I don't know why SAldapsearch not connect to AD. The following is file config SAldapsearch.
Please help me troubleshooting for this case.
Thanks.
The Windows Infrastructure App configurator, looks for existing data.
You seem to have none that it can see.
Can you see the data by just searching for it?
If not, what you want to do is open a separate question that addresses that subject and include your configuration files so we can help you. It may be something as simple as a typo...
Hi ppablo_splunk,
My version app is 6.X. I have configured to follow link document for version 6.x http://docs.splunk.com/Documentation/MSApp/1.0.2/MSInfra/HowtodeploytheSplunkAppforWindowsInfrastruc... but still not success. The following is log when I tried detect feature after config with the link above:
Detecting Event Monitoring
Windows: Event Monitoring found.
Detecting Performance Monitoring
Windows: Performance Monitoring found.
Detecting Applications and Updates
Windows: Applications and Updates not found.
Detecting Network Monitoring
Windows: Network Monitoring not found.
Detecting Print Monitoring
Windows: Print Monitoring not found.
Detecting Host Monitoring
Windows: Host Monitoring not found.
Detecting Domains
Active Directory: Domains not found.
Detecting Domain Controllers
Active Directory: Domain Controllers not found.
Detecting DNS
Active Directory: DNS not found.
Detecting Users
Active Directory: Users not found.
Detecting Computers
Active Directory: Computers not found.
Detecting Groups
Active Directory: Groups not found.
I think the ad-on SA-ldapsearch not operate. I have configured ad-on SA-ldapsearch follow to link http://docs.splunk.com/Documentation/ActiveDirectory/latest/DeployAD/ConfiguretheSA-ldapsearchsuppor....
Please help me solve problem. Thanks for your support.
Hi @dungpv
What app do you need help with? Your title says App for Windows Infrastructure, but the documentation link you provided in the post is for the 5.X App for Active Directory. From what I can tell, these are two completely different apps with different documentation. Can you confirm which one you are having issues with?
App for Windows Infrastructure:
http://apps.splunk.com/app/1680/
5.X App for Active Directory:
http://apps.splunk.com/app/1059/