Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Where do I add domain controllers in Splunk Ap...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where do I add domain controllers in Splunk App for Windows Infrastructure?
I installed and configured Splunk App for Windows Infrastructure.
With this I install: Splunk Add-on for PowerShell, Splunk Supporting Add-on for Active Directory (and configure it "Connection test for default succeeded"), Splunk Add-on for Microsoft Active Directory, Splunk Add-on for Microsoft Windows DNS, Splunk Add-on for Microsoft Windows.
When I configure it and I complete all requirements I see only one server (self Splunk) but I don't see any domain controllers.
Where I must add domain controllers?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
✓
Splunk v6.6.0+
OK: Splunk v7.1.3 detected
OK: Key value store is enabled. Learn more.
✓
Splunk Add-on for Microsoft Windows v4.8.3 or 4.8.4
OK: Splunk Add-on for Microsoft Windows v4.8.4 detected
✓
Splunk Supporting Add-on for Microsoft Windows Active Directory v2.1.7
OK: Splunk Supporting Add-on for Microsoft Windows Active Directory v2.1.7 detected
✓
Users and/or groups configured with the winfra-admin user role:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think that problem with powershell module.
I have indexes (msad, perfmon, ...). I have sourcetypes (MSAD:NT6:..., Perfmon:..., ... )
1
And in sourcetype="Powershell:ScriptExecutionSummary" I have errors:
tcp://splunk-01:9389/ActiveDirectoryWebServices/Windows/Resource.
2
Exception="Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException: Не удалось найти сервер каталогов с удостоверением: "SPLUNK-01".
Splunk try connect to self as to DC, but it no DC... How I can configure real DC for connection?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you bringing data from your domain controllers and other windows hosts?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes. But when I open predefined dashboards, such as users reports: disabled I can't select domain.
Or in other reports, where I must select domain, site, controllers - this dropdowns is empty.
I think that splunk try to read domain info from splunk server, but not from real DC.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
