All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is the Splunk App for Windows Infrastructure functional without a Domain Controller?

DotTest37
Path Finder
‎01-08-2015 06:31 PM

I need to index and search Event Logs from a few Windows 7 and 8 Desktops, but I don't use a Domain Controller.
This app has some prerequisites on the Configuration page, and it won't let me continue unless I specify AD parameters.

How can I use this app without a Domain Controller?

Dotty...

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎01-08-2015 09:30 PM

This a current known bug in the Windows Infra app. Should be fixed next release.

Current work around, install a domain controller with relevant AD TA's and index the data to get the data sources available.

Another option I proposed in a previous post: Install eventgen and the windows AD TA's and enable eventgen for a little bit. This should generate the required data sources, and hopefully allow the app to be installed. I havent heard back if this worked.

If you try the datagen, post the results, as that is the quickest and easiest fix.

0 Karma
Reply

DotTest37
Path Finder
‎01-09-2015 06:24 AM

Lets say I install the Domain Controller, do I need the Windows Desktops to join the Domain? because I cant do that.
Also, will a be able to remove the DC after I finished configuring the AD TA and keep indexing the Desktops?

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎01-12-2015 01:31 PM

Yes, you should be able to remove the DC once you get the required events to pass the data check.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...