Good morning all,
I am still new to Splunk configuration and was lucky enough to inherit a mostly functional setup. Right now, the main issue I am having is converting the SIDs to their respective user names. The evt_resolve_ad_obj = 1 fix did not work. Any other insight as to what could fix this problem would help me a lot. Thanks in advance!
Hi @Twagner79,
There is not much data you gave us for help. Are you using Universal Forwarder to get windows data? I assume it is Windows Security event logs? Did you put evt_resolve_ad_obj into your inputs on your Universal Forwarders? Are you using Deployment Server ? Did you restart Universal Forwarder after his setting?
Hi @Twagner79,
There is not much data you gave us for help. Are you using Universal Forwarder to get windows data? I assume it is Windows Security event logs? Did you put evt_resolve_ad_obj into your inputs on your Universal Forwarders? Are you using Deployment Server ? Did you restart Universal Forwarder after his setting?
Hey scelikok, yes your solution worked. Sorry for the lack of details, I can only share so much. Thank you!