- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Where do I add domain controllers in Splunk App fo...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where do I add domain controllers in Splunk App for Windows Infrastructure?
I installed and configured Splunk App for Windows Infrastructure.
With this I install: Splunk Add-on for PowerShell, Splunk Supporting Add-on for Active Directory (and configure it "Connection test for default succeeded"), Splunk Add-on for Microsoft Active Directory, Splunk Add-on for Microsoft Windows DNS, Splunk Add-on for Microsoft Windows.
When I configure it and I complete all requirements I see only one server (self Splunk) but I don't see any domain controllers.
Where I must add domain controllers?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
✓
Splunk v6.6.0+
OK: Splunk v7.1.3 detected
OK: Key value store is enabled. Learn more.
✓
Splunk Add-on for Microsoft Windows v4.8.3 or 4.8.4
OK: Splunk Add-on for Microsoft Windows v4.8.4 detected
✓
Splunk Supporting Add-on for Microsoft Windows Active Directory v2.1.7
OK: Splunk Supporting Add-on for Microsoft Windows Active Directory v2.1.7 detected
✓
Users and/or groups configured with the winfra-admin user role:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think that problem with powershell module.
I have indexes (msad, perfmon, ...). I have sourcetypes (MSAD:NT6:..., Perfmon:..., ... )
1
And in sourcetype="Powershell:ScriptExecutionSummary" I have errors:
tcp://splunk-01:9389/ActiveDirectoryWebServices/Windows/Resource.
2
Exception="Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException: Не удалось найти сервер каталогов с удостоверением: "SPLUNK-01".
Splunk try connect to self as to DC, but it no DC... How I can configure real DC for connection?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you bringing data from your domain controllers and other windows hosts?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes. But when I open predefined dashboards, such as users reports: disabled I can't select domain.
Or in other reports, where I must select domain, site, controllers - this dropdowns is empty.
I think that splunk try to read domain info from splunk server, but not from real DC.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
