Sourcetype "ActiveDirectory

franciscof · ‎11-26-2020

I`ve just installed the wiindows app for windows infrastructure and it addons and when I run the prequisite test, it fails, as it finds no events when looking for sourcetype="ActiveDirectory*".

I searched the entire AddOn, and couldn't find any reference to that sourcetype anywhere.

Could you help me out? What can this be? Perhaps en error with the TA?

inventsekar · ‎11-26-2020

>> I`ve just installed the wiindows app for windows infrastructure and it addons and when I run the prequisite test, it fails, as it finds no events when looking for sourcetype="ActiveDirectory*".

Do you have enough sample logs/production logs ingested in ur splunk? Do you get any other events/logs from the other remaining source/sourcetypes from the windows infra app?

> Could you help me out? What can this be? Perhaps en error with the TA?

please let us know more info about ur splunk setup? clustered or non-clustered? how big? HF or no?.. etc thanks.

Best Regards,

Sekar

PS - your karma points will be my 2 cents!

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Sourcetype "ActiveDirectory

Other

troubleshooting

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience