All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

MS Windows AD Objects - How to finish setup

nortonjco
Explorer
‎06-22-2021 12:00 PM

The automatic setup in this app will not complete (Overview shows not configured). 

Getting Data In dashboards will never complete its lookup creation (even though the lookups were created). Also, the "Check Data" portion always shows the indexes created by are missing data. Admin user has all these indexes configured for default search.

 

nortonjco_0-1624388240807.png

 

Is there a checkbox missing somewhere that I haven't selected or something? 

This screen will remain as is for days:

nortonjco_1-1624388316240.png

 

If it is completed and the app is done being setup, how do the dashboards get replaced with info from this app in the Splunk App For Windows Infrastructure?

Labels (2)
0 Karma
Reply

CycloneCteve
Engager
‎07-21-2021 06:33 AM

@shogan_splunk , I'm having a similar issue. 

@nortonjco , can you please tell us which macro was looking at the SH for the index size?

0 Karma
Reply

nortonjco
Explorer
‎07-22-2021 07:38 AM

I know Steve is working on an updated app which will fix some of these issues; however,   I was able to get the “missing data” part to populate by changing the splunk_server=local to splunk_server=idx* in the macro “ms_ad_obj_cfg_idx_avail”

So you can change the splunk_server=local to what matches your environment. Im my case we are using Splunk Cloud, so idx* worked.

0 Karma
Reply

nortonjco
Explorer
‎06-22-2021 05:44 PM

Found that the indexes "Warning: indexes created but some or all missing data" was because one of the macros is trying to determine index size from the SH. 

Fixed that, but it still does not allow the app to finish setup.

All of the lookups get created, however the app doesn't see that it has been done.

I need to be able to complete the app setup so that the dashboards in " Splunk App for Windows Infrastructure" will begin using the data from "MS Windows AD Objects".

Is there a way to manually accomplish this (I'm assuming it would be accomplished automatically if the app completes configuration).?

 

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...