I've got everything installed and configured for the Splunk App for Windows Infrastructure. Most of the pre-built searches work fine, but the Active Directory -> Groups -> Security Group Reports -> Security Groups: New isn't returning any results even though I've made new groups recently and am running the search for the past 7 days.
Security Groups: All, Nested, etc. all seem to work fine.
Did you deploy this app to the Active Directory servers and turn on the
msad inputs by setting
disabled=false inside of
inputs.conf? Did you restart the splunk instances on those forwarders after deploying
Yes, everything else seems to be working. I get results from other searches... Active Directory -> Groups -> Security Group Reports -> Security Groups: Empty returns results, as does All. The 'New' search is the only one that doesn't seem to be working.