- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MS security integration with splunk
pavithra
Explorer
07-25-2024
07:36 AM
Hi All,
Data is not getting indexed after adding the conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
07-25-2024
08:15 AM
Data will not be indexed automatically after adding the add-on. Inputs must be configured so the add-on knows where to find the data. See https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Configure
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pavithra
Explorer
07-25-2024
08:29 AM
Hi ,
I have added the config details already , still data is not coming
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
07-25-2024
05:21 PM
Typical GDI troubleshooting steps include:
- Verify the input configuration, including the URL and credentials.
- Verify the Splunk server running the add-on can connect to the MS server. Use curl or a similar tool.
- Check splunkd.log for related messages.
- Check the MS logs for related messages.
- If you're using Splunk search to see if data is coming in then double-check the SPL. Verify the index name. Try specifying latest=+1y to account for timestamp errors.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.