Hello Spunkers, I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for. My client/Universal Forwarders are calling home and sending data. It seems as if my indexes are not parsing the data. Of the following indexes msad, perfmon, windows, wineventlog; only perfmon and wineventlog are showing in the Splunk App for Win Infra. But the data is only for the splunk server where splunk resides. . Thanks in advance for any help.   My setup has the deployment and the search head are on the same SPLUNK instance. Splunk version: 8.1.0 Splunk app for Windows Infrastructure v2.0.1 Splunk Supporting Add-on for Microsoft Windows v7.0 Splunk Supporting Add-on for Microsoft Windows Active Directory v3.0.1   Here is the output of the "detect features" button.   Detecting Event Monitoring ... Windows: Event Monitoring found. Detecting Performance Monitoring ... Windows: Performance Monitoring found. Detecting Applications and Updates ... Windows: Applications and Updates found. Detecting Network Monitoring ... Windows: Network Monitoring not found. Detecting Print Monitoring ... Windows: Print Monitoring not found. Detecting Host Monitoring ... Windows: Host Monitoring not found. Detecting Domains ... Active Directory: Domains not found. Detecting Domain Controllers ... Active Directory: Domain Controllers not found. Detecting DNS ... Active Directory: DNS not found. Detecting Users ... Active Directory: Users not found. Detecting Computers ... Active Directory: Computers not found. Detecting Groups ... Active Directory: Groups not found. Detecting Group Policy ... Active Directory: Group Policy found. Detecting Organizational Units ... Active Directory: Group Policy found. Detecting Organizational Units ... Active Directory: Organizational Units found.s ... View more