All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows Infrastructure app - Active Directory Error

eliasit
Path Finder
‎04-07-2020 12:20 PM

Hello Spunkers,
I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for. The Windows Overview dashboard is populating and it is finding some AD data, so I think the AD data is being ingested just not being parsed correctly, but I don't know how to tell.
Thanks in advance for any help.

Here is the output of the "detect features" button.
Detecting Event Monitoring ...
Windows: Event Monitoring found.
Detecting Performance Monitoring ...
Windows: Performance Monitoring found.
Detecting Applications and Updates ...
Windows: Applications and Updates found.
Detecting Network Monitoring ...
Windows: Network Monitoring not found. (This one is expected)
Detecting Print Monitoring ...
Windows: Print Monitoring not found. (This one is expected)
Detecting Host Monitoring ...
Windows: Host Monitoring found.
Detecting Domains ...
Active Directory: Domains not found.
Detecting Domain Controllers ...
Active Directory: Domain Controllers not found.
Detecting DNS ...
Active Directory: DNS found.
Detecting Users ...
Active Directory: Users not found.
Detecting Computers ...
Active Directory: Computers not found.
Detecting Groups ...
Active Directory: Groups not found.
Detecting Group Policy ...
Active Directory: Group Policy found.
Detecting Organizational Units ...
Active Directory: Organizational Units found.

Splunk version: 7.3.0
Splunk app for Windows Infrastructure version: 2.0.1
Splunk Supporting Add-on for Active Directory version: 3.0.1 (Connection status on configuration tab is successful)

0 Karma
Reply

Ibbers
Explorer
‎12-02-2020 10:31 PM

Possible explanation here. Few years old though. The suggestion is that the detect features check only looks for events in the last 15min. So click enable on the 'not found' features, and save.

The Windows Infrastructure dashboards should start populating data given enough time.

0 Karma
Reply

Ibbers
Explorer
‎12-02-2020 10:24 PM

How did you end up going with this? I've had a similiar thing (Perfmon and Printmon were expected for me, as I'd disabled the inputs) with my setup.

I haven't found much in the way of explanation unfortunately in doco, beyond a vague suggestion that the feature/s may not work if Active Directory hasn't generated the logs on its end.

Sidenote - did you do anything to get the Applications and Updates detected?

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...