All Apps and Add-ons
Highlighted

Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

New Member

Hi All,

I have recently deployed Splunk light for a trial.
It is on a Windows server, which is a domain member (single domain, single forest).

I have enabled the 'Splunk add-on for Windows' (and restarted).
I am using Splunk Web for all config etc.
I have then 'added data' with the 'Monitor -> Active Directory monitoring' option.
I created a dedicated, new index for this.

When I have finished the input seems to complete (I step through the GUI and get a green tick at the end) - however on the home page 'what to search' I see no hosts, sources or source types. It still says 'no data added, please add data'.

Within settings I can see the data input I just created, and I can see data flowing into the index.

Pretty sure I have missed something basic - any clues?

Thanks in Advance..
D

0 Karma
Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

Super Champion

Start by trying the confirmation and troubleshooting searches in the documentation. Share those results here and the community can use that additional information to try to help you.

0 Karma
Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

Esteemed Legend

Did you do all of this on the same server? I am assuming you have an all-in-one server on the windows server in question but maybe you have a separate Search Head. In such a case, you need to do this work on the Forwarder, not the Search Head.

0 Karma
Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

New Member

I did do all of this on the same server - an all-in-one config.. 🙂

0 Karma
Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

New Member

HI ChrisG - thanks..

Total (splunk) newbie here - can you point me in the direction of a doco that how to use the commands listed in the link you provided?

I have only made any configuration via the web console so far... (tho I'm not afraid of CLIs...)

0 Karma
Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

Super Champion

Hi, thecloudmode. Those are not CLI commands, they are searches. You enter them in the search bar:

Spunk Light Search Bar

If you are not yet oriented to the Splunk Light UI, then take a look at the in-product tour: Menu icon > Help > Product Tour.

Here is the Splunk Light documentation topic that talks about searches and results:

http://docs.splunk.com/Documentation/SplunkLight/6.2.4/GettingStarted/Viewingsearchresults

You should also take a look at the Search Tutorial, which is geared to Splunk Enterprise but the tasks, workflow, and experience will be very similar for Light.

Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

New Member

Told you I was a total newbie!! (hand meet face)..

Thanks for the further info - appreciated. I will go through both the viewing search results link, and the search tutorial today.

I have just followed the initial link, and I get no results - I am wondering if 'check you have installed the add-on into the indexers in your deployment.' is my issue. This is a test deployment, so I am going to reinstall, and use the default index this time, and go from there....

0 Karma
Highlighted

Re: Why am I not getting any data after configuring Splunk Light on Windows for Active Directory monitoring?

New Member

Just an update ..

Thanks all for your help.
I ended up reinstalling (I had not put much effort into the install and therefore I did not loose much time).
Not sure what I had done wrong - will see if I end up in the same place this time.

Normally I would try to troubleshoot and resolve, for learning (shared learning in this case) - however I did not have the time..

I'm sure I'll be back though!

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.