All Apps and Add-ons
Highlighted

Why are there no results found for expired accounts and disabled account reports?

New Member

Hello

We have recently setup the Spunk App for Windows Infrastructure to monitor our Active Directory.
We are receiving the AD audit information from the daily changes etc, however the reports such as Expired accounts or Disabled accounts do not work, no results are found.

I have checked the configuration within Splunk Support for Active Directory and the test comes back as successful.

Struggling to work out where the issue lies?

Would appreciate some help / advice.

Thanks
Karl Forster

0 Karma
Highlighted

Re: Why are there no results found for expired accounts and disabled account reports?

Motivator

Hi @Karl12347

Did you check your Audit Policies ? Perhaps you are not auditing those events.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.