Activity Feed
- Karma Re: Splunk App for Windows Infrastructure documentation missing? for piebob. 06-05-2020 12:46 AM
- Got Karma for Re: Splunk App for Windows Infrastructure documentation missing?. 06-05-2020 12:46 AM
- Got Karma for Administrator Audit function returning no results for Splunk App for Windows Infrastructure. 06-05-2020 12:46 AM
- Got Karma for Administrator Audit function returning no results for Splunk App for Windows Infrastructure. 06-05-2020 12:46 AM
- Got Karma for Administrator Audit function returning no results for Splunk App for Windows Infrastructure. 06-05-2020 12:46 AM
- Got Karma for How to install AWS Splunk App on clustered environment?. 06-05-2020 12:46 AM
- Got Karma for How to install AWS Splunk App on clustered environment?. 06-05-2020 12:46 AM
- Posted Re: Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 06:42 AM
- Posted Re: Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 06:37 AM
- Posted Re: Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 06:23 AM
- Posted Re: Splunk App for Windows Infrastructure AD issue on All Apps and Add-ons. 04-16-2014 05:26 AM
- Posted Re: Splunk App for Windows Infrastructure - Visualizations on All Apps and Add-ons. 04-16-2014 05:24 AM
- Posted Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 05:17 AM
- Tagged Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 05:17 AM
- Tagged Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 05:17 AM
- Tagged Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 05:17 AM
- Tagged Convert AD LDAP Timestamp to Epoch or other readable date on Getting Data In. 04-16-2014 05:17 AM
- Posted Administrator Audit function returning no results for Splunk App for Windows Infrastructure on All Apps and Add-ons. 04-02-2014 01:05 PM
- Tagged Administrator Audit function returning no results for Splunk App for Windows Infrastructure on All Apps and Add-ons. 04-02-2014 01:05 PM
- Tagged Administrator Audit function returning no results for Splunk App for Windows Infrastructure on All Apps and Add-ons. 04-02-2014 01:05 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 3 | |||
| 0 | |||
| 2 |
04-16-2014
06:42 AM
eval myTime=AD_time/10000000 - 11644473600
got it. Thanks for your help!
... View more
04-16-2014
06:37 AM
he current LDAP time = (time()+11644473600)*10000000;
You can replace time() with any UNIX timestamp or strtotime("15 November 2012") is the math if ound around it
... View more
04-16-2014
06:23 AM
Actually, i just found it's 64bit in of the number of 100 nanoseconds since 1/1/1601
... View more
04-16-2014
05:26 AM
have you verified your ldapsearch is working properly? Specifically the SA-ldapsearch addon required?
... View more
04-16-2014
05:24 AM
What version of splunk are you running on? I havent noticed any of my screens/dashboards in the app to be off. Which specific dashboards are you referring to and I will take a closer look?
... View more
04-16-2014
05:17 AM
Using ldapsearch queries in the splunk for windows ifnrastructure app, I am trying to convert the following fields timestamp which is the integer8 windows NT timestamp to epoch or other readable time after my query runs. The timestamp is the number of 100-nanoseconds intervals (1 nanosecond = one billionth of a second) since Jan 1, 1601 UTC
Anyone have any experience with this? Would be much appreciated!
field = msDS-LastSuccessfulInteractiveLogonTime
timestamp returned = 129878945338632316
... View more
04-02-2014
01:05 PM
3 Karma
I have the Splunk App for windows infrastructure up and running. the support SA-ldapsearch is installed along with java and functioning fine as well. I am receiving results on virtually every dashboard included with the app.
The only dashboard I am having issues with is the Administrator Audit. I keep receiving a 'Search query is not resolved." msg in every view on that dashboard. Under Account Domain/Administrator there is a Search Produced no results message and its looking for the default 'Last 15 minutes'.
If I change the 15 minutes to 24 hours, or 1 minuted or some other 'real-time' search, the Account Domain: will start 'Populating' and finally find the Domain, but the Administrator is being hardset to some random user/computer account and will not let me search/choose from an actual Administrator.
I do not see any specific errors in splunkd.log or my SA-ldapsearch log relating to this. Any ideas?
... View more
03-31-2014
11:44 AM
1 Karma
Thank you sir.
... View more
03-31-2014
06:44 AM
Hoping to get the documentation on the installation/configuration/use of the Splunk App for Windows Infrastructure. Every link from the app page is just taking me to the main documentation page. Any direction on this would be appreciated.
... View more
02-24-2014
01:40 PM
2 Karma
Curious on the instructions to Deploy the AWS Splunk App in a clustered environment? We have 1 Master, 1 Searchhead, 2 Indexers, 2 forwarders. I dont think i missed it, but I did not see best practice on deploying this way. THanks.
... View more
