All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk App for Windows Infrastructure: I am receiving Windows event logs, but why am I not getting anything related to Active Directory?

j666gak
Communicator
‎03-24-2015 04:12 PM

I have been asked to try and setup the Windows Infrastructure app, after a contractor had been in and left the instance in a worse state than when he started.

I keep getting the error below. I have a feeling it is something to do with LDAP or Powershell? I have researched as much as I can run the lookup rebuild option within the app, checked configuration/permissions 100 times. I am getting Windows event logs from the Domain Controllers but nothing related to Active Directory.

Would really appreciate any help please.

alt text

Preview file
113 KB
0 Karma
Reply

brooklynotss
Path Finder
‎04-01-2015 03:25 PM

I had almost the exact same problem with the same lookup tables in the errors. For me it was a Windows NTFS permissions issue on the server. I turned on enable inheritance (not sure why it wasn't on) and reset all permissions below that for the app. To clarify - this was on the splunk_app_windows_infrastructure folder in the Splunk/etc/apps folder. I also needed to the same for the Splunk_TA_windows

Also it's possible that when installing the app the default lookup table files didn't all copy down, so re-download from the splunk site (extract it) and you can just compare what lookup files are in the default install and what made it into your folder.

0 Karma
Reply

juvetm
Communicator
‎03-25-2015 06:07 AM

hi j666gak
it look as if you are having a problem on setup Splunk App for Windows Infrastructure: i forward you a documentation i think this wll help so your problem waiting to hear from you
http://docs.splunk.com/Documentation/MSApp/1.0.2

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...