Activity Feed
- Karma How to deploy App for Windows Infrastructure? for dungpv. 12-02-2020 10:43 PM
- Karma Re: users and groups not found by add-on for windows infrastructure for glandy. 12-02-2020 10:43 PM
- Karma Re: Active Directory not found. How to troubleshoot a problem in Splunk App for Windows Infrastructure? for dfigurello. 12-02-2020 10:40 PM
- Posted Re: No hosts, no data returned from Windows Infra app on All Apps and Add-ons. 12-02-2020 10:35 PM
- Posted Re: Windows Infrastructure app - Active Directory Error on All Apps and Add-ons. 12-02-2020 10:31 PM
- Posted Re: App for Windows Infrastructure can't track AD Users or Groups - what am I missing? on All Apps and Add-ons. 12-02-2020 10:28 PM
- Karma Re: App for Windows Infrastructure can't track AD Users or Groups - what am I missing? for keinsignal. 12-02-2020 10:28 PM
- Karma Re: App for Windows Infrastructure can't track AD Users or Groups - what am I missing? for jbernt_splunk. 12-02-2020 10:28 PM
- Posted Re: Windows Infrastructure app - Active Directory Error on All Apps and Add-ons. 12-02-2020 10:24 PM
- Posted Re: Sourcetype issue -Splunk addon for Microsoft Windows Active Directory on Splunk Enterprise. 12-02-2020 10:00 PM
- Posted Re: Sourcetype issue -Splunk addon for Microsoft Windows Active Directory on Splunk Enterprise. 12-02-2020 09:58 PM
- Karma Re: Splunk app for Window infrastructure for richgalloway. 11-30-2020 09:32 PM
- Karma Re: Splunk app for Window infrastructure for mysplunkbase. 11-30-2020 09:32 PM
- Posted Re: Splunk app for Windows infrastructure on Installation. 11-30-2020 09:18 PM
- Karma Re: Splunk app for Windows infrastructure for vikramyadav. 11-30-2020 09:10 PM
- Posted Missing features in Windows Infrastructure app guided setup v.2.0.1 on Splunk Enterprise. 11-30-2020 08:40 PM
- Karma Re: Sourcetype "ActiveDirectory for inventsekar. 11-30-2020 06:40 PM
- Posted Re: Windows Infrastructure app - Active Directory Error on All Apps and Add-ons. 11-24-2020 05:25 PM
- Karma Windows Infrastructure app - Active Directory Error for PanIrosha. 11-24-2020 05:24 PM
- Karma Re: Active Directory not found. How to troubleshoot a problem in Splunk App for Windows Infrastructure? for dungpv. 11-24-2020 04:43 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
12-02-2020
10:35 PM
not sure if you fixed it in the end mate, but looks like your inputs.conf aren't pushing the right events data through. Check that you have the right prerequisite components installed on your DC too. And whilst you're in inputs.conf, check each sourcetype is going to the right index.
... View more
12-02-2020
10:31 PM
Possible explanation here. Few years old though. The suggestion is that the detect features check only looks for events in the last 15min. So click enable on the 'not found' features, and save. The Windows Infrastructure dashboards should start populating data given enough time.
... View more
12-02-2020
10:28 PM
Oh, so the timeframe for the initial check is the last 15min? And the solution to the "not found" warning is to check the boxes anyway, save, and then wait for the Win Infra dashboards to present the data?
... View more
12-02-2020
10:00 PM
I had the same problem last week (still on my first deployment project of Splunk), and once I went through the inputs it all flowed. I had better results too when I specified the indexes for each sourcetype - had been getting some results into main for some instead of msad until then.
... View more
11-30-2020
09:18 PM
Is indexes.conf required for Splunk Addon for Windows v800/Splunk App for Windows Infrastructure v201? Its unclear from the documentation, as Splunk_TA_Windows (v800) documentation says indexes.conf is removed? Do I need an indexes.conf in my \local\ folder for MSAD, Windows, Perfmon, Wineventlog? cheers 🙂
... View more
11-30-2020
08:40 PM
Hi, I'm doing an on-premise Splunk Enterprise proof of concept deployment - its mostly successful but I'm encountering one issue with the Windows Infrastructure add-on and am not sure what I'm missing. I'm hoping y'all can help point me in the right direction. Thanks in advance. My current setup: Instances: SearchHead HeavyForwarder Indexer Manager (Licensing/Apps/ForwardManager) I've made the following changes: Installed Splunk Add-on for Windows v8.0.0 (configured) Installed Splunk Supporting Add-on for Active Directory v3.0.1 (configured) Installed Splunk App for Windows Infrastructure v.2.0.1 (incomplete) Configured Active Directory auditing I've enabled most stanzas in the inputs.conf, but left DNS, Perfmon, PrintMon, WindowsUpdates disabled as they're outside the scope of what we want. I've created MSAD, perfmon, windows, windowseventlog indexes - I can see the events populating in those indexes and not Main. The SearchHead is configured and able to search logs on the indexer. On the SearchHead, when I search for: "index=msad sourcetype=activedirectory", I get a thousand results+ for index=msad, source=ActiveDirectory, sourcetype=ActiveDirectory. So everything looks kosher. I can see AD user events like account locks etc, sa well. When I run the guided setup for Splunk App for Windows Infrastructure on the SearchHead, I get successful results for the Prerequisite checks and Data Checks (except for the expected warnings on PerfMon and PrintMon, but those inputs.conf stanzas are disabled on forwarders). However when I run Customize Features - several features are not found though that I do expect: Windows \ Performance Monitoring (Expected - I've disabled the stanza) Windows \ Applications and Updates (Unsure - I've disabled the WindowsUpdate stanzas) Windows \ Print Monitoring (Expected - I've disabled the stanza) Active Directory \ Domain Controllers (unsure) Active Directory \ DNS (Expected - I've disabled the stanza) Active Directory \ Users (unsure) Active Directory \ Computers (unsure) Active Directory \ Groups (unsure) I can't locate a precise explanation in documentation (though I'm sure the issue is something simple) of why part of the Domain Controllers, Users, Computers and Group features in Active Directory are not found in the Windows Infrastructure guided setup. And am unsure what I may have missed during initial configuration setup. Any advice, direction or help would be most welcome. Regards, Jon
... View more
Labels
11-24-2020
05:25 PM
How did you go setting up the Windows infrastructure app? Did you eventually succeed running the guided setup?
... View more
11-24-2020
04:35 PM
How did you go with the Windows infrastructure setup? I'm having a similiar issue with Active Directory features not being founded in the guided setup. Suspect its an incorrectly configured conf file but hoping not to have to reinvent wheel.
... View more
