Solved: Re: Splunk App for Windows Infrastructure: Why do ...

schultet · ‎12-23-2014

I am trying to set up Splunk app for Windows Infrastructure and Forward events from Domain Controllers but keep getting this from the Setup dialog. Any idea how to fix it

schultet · ‎12-23-2014

Looks like the same issue has been reported already

http://answers.splunk.com/answers/205187/splunk-app-windows-infrastructure-upgrade-no-sourc.html

However I added TA-DomainController-NT6 and enable on Splunk Search Head (SH?). But still get error above.

View solution in original post

schultet · ‎12-23-2014

Looks like the same issue has been reported already

http://answers.splunk.com/answers/205187/splunk-app-windows-infrastructure-upgrade-no-sourc.html

However I added TA-DomainController-NT6 and enable on Splunk Search Head (SH?). But still get error above.

ppablo · ‎12-29-2014

Just to make this post more complete, @schultet found their solution provided by @dolejh76 which was to make sure the msad index was set to be searched by default. This was done by going to:

Settings > Access Controls > Roles > winfra-admin > Scroll down to "Indexes searched by default" and add the appropriate indexes. (msad in this case)

Splunk App for Windows Infrastructure: Why do I keep getting "ERROR Search "sourcetype="MSAD*" | head 5" did not return any events in the last 24 hours"?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!