Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Sourcetype issue -Splunk addon for Microsoft Windows Active Directory

franciscof
Explorer
‎10-29-2020 12:57 PM

Hi guys, i've been trying to configure the Splunk app for windows infrastructure and for that I've previously installed the addon you see on the subject. But when I'm running the data check I see that the ActiveDirectory* sourcetype that I need to see , is not returning any events. See below:

 

franciscof_0-1604001338224.png

What could this be?

Thanks in advance!

 

Labels (1)
Labels
0 Karma
Reply

Ibbers
Explorer
‎12-02-2020 10:00 PM

I had the same problem last week (still on my first deployment project of Splunk), and once I went through the inputs it all flowed.

I had better results too when I specified the indexes for each sourcetype - had been getting some results into main for some instead of msad until then.

0 Karma
Reply

Ibbers
Explorer
‎12-02-2020 09:58 PM

check your inputs.conf In Splunk Add-On for Windows - likely you haven't enabled the desired types so the forwarders aren't sending it. Remember it'll probably need to be deployed to your universal forwarders.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...