When I do a index=msad, i do see data in it.
host = hostname source = Powershell sourcetype = MSAD:NT5:DNS-Zone-Information
4/15/15
7:59:01.000 AM
System.Collections.ArrayList
host = hostname source = Powershell sourcetype = MSAD:NT5:DNS-Zone-Information
4/15/15
7:58:52.409 AM
wWWHomePage=OptionalProperties
host = hostname source = ActiveDirectory sourcetype = ActiveDirectory
However, when I do a Guided Setup, under Tools and Settings, I see these errors,
` Data from Splunk Add-on for Microsoft Windows Active Directory
Critical data could not be found
OK: 10 or more events detected in the last 24 hours
ERROR: Search "sourcetype="MSAD*" | head 5" did not return any events in the last 24 hours
ERROR: Search "sourcetype="ActiveDirectory*" | head 5" did not return any events in the last 24 hours`
So I think there is data but its not going to the right index?
... View more