All Apps and Add-ons

Splunk App for Windows infrastructure data not showing in app

Explorer

Hello

I currently have Splunk app for Windows Infrastructure installed and have a windows 2008 server setup with a universal forwarder with the Splunk_TA_windows add-on installed. I see the windows server logs being indexed on the Splunk 6.0 server. But it's not populating inside the app.

help please.

Path Finder

You have to go into the XML view for the dashboards and look at what searches are run to populate the dashboard.

They may rely on the sourcetype or index defined in the inputs.conf or something more abstract like an eventtype.

Communicator

Can you elaborate? I am having a similar problem. The only inputs.conf I edited for the setup was the one for the LDAP app. Is there another one?

0 Karma

Explorer

I figured out what i was doing wrong. i some how grabbed the wrong inputs.conf file and edited that one. i found the correct one and the data started to flow into the app.

anyhow thanks for the response.

Legend

I don't know much about the app, but I would guess that it is expecting the Windows data to be stored in a particular index. (index=os perhaps?)
If the data is stored elsewhere (like index=main for example), you will be able to see the data, but it won't appear in the Windows app dashboards, etc.

0 Karma