I am trying to set up Splunk app for Windows Infrastructure and Forward events from Domain Controllers but keep getting this from the Setup dialog. Any idea how to fix it
Looks like the same issue has been reported already
http://answers.splunk.com/answers/205187/splunk-app-windows-infrastructure-upgrade-no-sourc.html
However I added TA-DomainController-NT6 and enable on Splunk Search Head (SH?). But still get error above.
Looks like the same issue has been reported already
http://answers.splunk.com/answers/205187/splunk-app-windows-infrastructure-upgrade-no-sourc.html
However I added TA-DomainController-NT6 and enable on Splunk Search Head (SH?). But still get error above.
Just to make this post more complete, @schultet found their solution provided by @dolejh76 which was to make sure the msad index was set to be searched by default. This was done by going to:
Settings > Access Controls > Roles > winfra-admin > Scroll down to "Indexes searched by default" and add the appropriate indexes. (msad in this case)