Solved: Re: Splunk App for Windows Infrastructure: Why doe...

tckoaypg · ‎04-05-2015

My Splunk Ent V 6.2.2 running in Linux installed with Windows Add-on 4.75, Splunk App for Windows Infrastructure 1.12, Splunk Supporting Add-on for Active Directory 2.01.

My AD running in Win 2008 with Universal Forwarder installed, Splunk TA For Windows, Splunk PowerShell module installed.

However, I still getting "MSAD did not return any event during the Windows Infra Setup Page, check data section."

Data from Splunk Add-on for Microsoft Windows Active Directory
Critical data could not be found
OK: 15 or more events detected in the last 24 hours
ERROR: Search "sourcetype="MSAD*" | head 5" did not return any events in the last 24 hours

When I search index=* source="activedirectory", it does display AD events which show that the AD settings is correct. How do I troubleshoot with this issue?

tckoaypg · ‎04-05-2015

Problem resolved by Install TA for DomainController to Windows Server that you need to monitor. I extract the TA for DomainController from Splunk app for microsoft exchange.

View solution in original post

tckoaypg · ‎04-05-2015

Problem resolved by Install TA for DomainController to Windows Server that you need to monitor. I extract the TA for DomainController from Splunk app for microsoft exchange.

Splunk App for Windows Infrastructure: Why does search sourcetype=MSAD return no events?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio