Getting Data In

Active Directory not send logs for Splunk

mlog
New Member

Hello,

I am using splunk enterprise on linux server. I want to monitor active directory logs. I installed the universal splunk forwarder on windows server and configuring ports and accounts.

I am using splunk enterprise and have not received logs from the active windows directory.

I installed addons for prerequisites.

0 Karma

gcusello
Legend

Hi mlog,
you have to use the correct Technical AddOns (TAs).

See the documentation of Splunk App for Windows Infrastructure at https://docs.splunk.com/Documentation/MSApp/latest/MSInfra/AbouttheSplunkAppforMSInfrastructure to know which TAs to deploy and what to configure on Domain Controllers.

Bye.
Giuseppe

0 Karma

gcusello
Legend

Hi mlog,
if you're satisfied by this answer, please accept and/or upvote it.

Bye, see next time.
Giuseppe

0 Karma

lakshman239
SplunkTrust
SplunkTrust

Have you installed https://splunkbase.splunk.com/app/3207/ and enabled the required inputs?
check if there is any connectivity issue between the forwarder and indexer?
Are you getting _internal logs from the active directory server/windows?

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...