All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows Infrastructure guided setup not seeing Domain, Domain Controllers, DNS, Users, Computers, Groups

ssrush
Engager
‎11-13-2020 11:51 AM

Hello Spunkers,
I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for.

My client/Universal Forwarders are calling home and sending data. It seems as if my indexes are not parsing the data. Of the following indexes msad, perfmon, windows, wineventlog; only perfmon and wineventlog are showing in the Splunk App for Win Infra. But the data is only for the splunk server where splunk resides. .
Thanks in advance for any help.

 

My setup has the deployment and the search head are on the same SPLUNK instance.

Splunk version: 8.1.0
Splunk app for Windows Infrastructure v2.0.1
Splunk Supporting Add-on for Microsoft Windows v7.0

Splunk Supporting Add-on for Microsoft Windows Active Directory v3.0.1

 

Here is the output of the "detect features" button.

 

Detecting Event Monitoring ...

Windows: Event Monitoring found.

Detecting Performance Monitoring ...

Windows: Performance Monitoring found.

Detecting Applications and Updates ...

Windows: Applications and Updates found.

Detecting Network Monitoring ...

Windows: Network Monitoring not found.

Detecting Print Monitoring ...

Windows: Print Monitoring not found.

Detecting Host Monitoring ...

Windows: Host Monitoring not found.

Detecting Domains ...

Active Directory: Domains not found.

Detecting Domain Controllers ...

Active Directory: Domain Controllers not found.

Detecting DNS ...

Active Directory: DNS not found.

Detecting Users ...

Active Directory: Users not found.

Detecting Computers ...

Active Directory: Computers not found.

Detecting Groups ...

Active Directory: Groups not found.

Detecting Group Policy ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Organizational Units found.s

datacheck.PNGforw.PNGindexes.PNG

Labels (1)
Labels
Reply

Ibbers
Explorer
‎11-24-2020 04:35 PM

How did you go with the Windows infrastructure setup? I'm having a similiar issue with Active Directory features not being founded in the guided setup. Suspect its an incorrectly configured conf file but hoping not to have to reinvent wheel.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...