Solved: Splunk App for Windows Infrastructure: Why does se...

tckoaypg · ‎04-05-2015

My Splunk Ent V 6.2.2 running in Linux installed with Windows Add-on 4.75, Splunk App for Windows Infrastructure 1.12, Splunk Supporting Add-on for Active Directory 2.01.

My AD running in Win 2008 with Universal Forwarder installed, Splunk TA For Windows, Splunk PowerShell module installed.

However, I still getting "MSAD did not return any event during the Windows Infra Setup Page, check data section."

Data from Splunk Add-on for Microsoft Windows Active Directory
Critical data could not be found
OK: 15 or more events detected in the last 24 hours
ERROR: Search "sourcetype="MSAD*" | head 5" did not return any events in the last 24 hours

When I search index=* source="activedirectory", it does display AD events which show that the AD settings is correct. How do I troubleshoot with this issue?

tckoaypg · ‎04-05-2015

Problem resolved by Install TA for DomainController to Windows Server that you need to monitor. I extract the TA for DomainController from Splunk app for microsoft exchange.

View solution in original post

tckoaypg · ‎04-05-2015

Problem resolved by Install TA for DomainController to Windows Server that you need to monitor. I extract the TA for DomainController from Splunk app for microsoft exchange.

Splunk App for Windows Infrastructure: Why does search sourcetype=MSAD return no events?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor