All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows Infrastructure guided setup not seeing Domain, Domain Controllers, DNS, Users, Computers, Groups

ssrush
Engager
‎11-13-2020 11:51 AM

Hello Spunkers,
I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for.

My client/Universal Forwarders are calling home and sending data. It seems as if my indexes are not parsing the data. Of the following indexes msad, perfmon, windows, wineventlog; only perfmon and wineventlog are showing in the Splunk App for Win Infra. But the data is only for the splunk server where splunk resides. .
Thanks in advance for any help.

 

My setup has the deployment and the search head are on the same SPLUNK instance.

Splunk version: 8.1.0
Splunk app for Windows Infrastructure v2.0.1
Splunk Supporting Add-on for Microsoft Windows v7.0

Splunk Supporting Add-on for Microsoft Windows Active Directory v3.0.1

 

Here is the output of the "detect features" button.

 

Detecting Event Monitoring ...

Windows: Event Monitoring found.

Detecting Performance Monitoring ...

Windows: Performance Monitoring found.

Detecting Applications and Updates ...

Windows: Applications and Updates found.

Detecting Network Monitoring ...

Windows: Network Monitoring not found.

Detecting Print Monitoring ...

Windows: Print Monitoring not found.

Detecting Host Monitoring ...

Windows: Host Monitoring not found.

Detecting Domains ...

Active Directory: Domains not found.

Detecting Domain Controllers ...

Active Directory: Domain Controllers not found.

Detecting DNS ...

Active Directory: DNS not found.

Detecting Users ...

Active Directory: Users not found.

Detecting Computers ...

Active Directory: Computers not found.

Detecting Groups ...

Active Directory: Groups not found.

Detecting Group Policy ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Organizational Units found.s

datacheck.PNGforw.PNGindexes.PNG

Labels (1)
Labels
Reply

Ibbers
Explorer
‎11-24-2020 04:35 PM

How did you go with the Windows infrastructure setup? I'm having a similiar issue with Active Directory features not being founded in the guided setup. Suspect its an incorrectly configured conf file but hoping not to have to reinvent wheel.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...