Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About omatsei
omatsei
Explorer
Member since:
05-31-2011
06-05-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 05-31-2011 |
Activity Feed
- Karma Re: From Nothing to Active Directory for malmoore. 06-05-2020 12:46 AM
- Got Karma for DNS Perfmon. 06-05-2020 12:46 AM
- Posted Re: DNS Perfmon on All Apps and Add-ons. 05-08-2013 12:55 PM
- Posted DNS Perfmon on All Apps and Add-ons. 05-08-2013 12:25 PM
- Tagged DNS Perfmon on All Apps and Add-ons. 05-08-2013 12:25 PM
- Tagged DNS Perfmon on All Apps and Add-ons. 05-08-2013 12:25 PM
- Posted Re: From Nothing to Active Directory on All Apps and Add-ons. 05-08-2013 10:20 AM
- Posted Re: From Nothing to Active Directory on All Apps and Add-ons. 05-08-2013 08:17 AM
- Posted From Nothing to Active Directory on All Apps and Add-ons. 05-07-2013 01:43 PM
- Tagged From Nothing to Active Directory on All Apps and Add-ons. 05-07-2013 01:43 PM
- Posted Re: Active Directory User Logon Failures on Getting Data In. 05-07-2013 11:45 AM
- Posted Re: Active Directory User Logon Failures on Getting Data In. 05-07-2013 11:39 AM
- Posted Re: Active Directory User Logon Failures on Getting Data In. 05-07-2013 07:42 AM
- Posted Re: Active Directory User Logon Failures on Getting Data In. 05-07-2013 07:25 AM
- Posted Active Directory User Logon Failures on Getting Data In. 05-07-2013 06:49 AM
- Tagged Active Directory User Logon Failures on Getting Data In. 05-07-2013 06:49 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 |
05-08-2013
12:25 PM
1 Karma
I'm trying to get all the Active Directory stuff working, and almost everything is (thanks to the nice folks on here). The only part that isn't working so far is the DNS performance monitoring. For whatever reason, the eventtype "perfmon-dns" is empty. All the DNS servers are also domain controllers, so I installed the Splunk TA for Winows, and the TA for DNS Servers and Domain Controllers on each domain controller, and everything else seems to work. I can check the status of the DNS servers and all the zones have information, but the DNS perfmon is still empty. Anyone know what I can check?
... View more
05-08-2013
10:20 AM
I followed all these instructions, and everything appears to work perfectly! Thank you!
... View more
05-08-2013
08:17 AM
This is much better than anything else I've found on the subject thus far. For step 8, does that entail simply extracting the folder called "Splunk_TA_windows" into the %SPLUNK_HOME%\etc\apps folder, similar to step 7?
... View more
05-07-2013
01:43 PM
I've been fighting with the Active Directory app for 4 days now, and I'm becoming frustrated. I had it working, except for some really strange hostname issues, which I was unable to resolve. At this point, I have uninstalled every universal forwarder, and the central Splunk install completely. I have deleted every single reference of Splunk from every file or directory that I can find. Is there any documentation for how to install Splunk from scratch, then install the Active Directory app and have all the features work?
The existing documentation is vague and unhelpful in some rather important spots. For example, when editing the conf files, it says I should ensure the correct indexes are set. What are the correct indexes? If I'm installing directly out of the box, do I need to change ANY conf file at all? Isn't there a "from nothing to monitor AD" guide somewhere out there?
... View more
05-07-2013
11:45 AM
Maybe I'm not explaining it right. The data is coming in tagged as "domaincontroller.domain", but I want it to be tagged as "domaincontroller". All the other data from the same domain controller, using the universal forwarder, is tagged as "domaincontroller". Why are the fields for the security stuff tagged differently?
... View more
05-07-2013
11:39 AM
I don't understand. I installed the Universal Forwarder on 5 domain controllers, as it required for the active directory app. Considering everything I've done is a completely out-of-the-box install, how can it not work?
... View more
05-07-2013
07:42 AM
No, if I select "Security" then "User Utilization", it says "No matching fields exist", and no results under any of the boxes.
... View more
05-07-2013
06:49 AM
I've got the Active Directory app installed, and everything is working except the User Logon Failures tab. The search is:
search eventtype=msad-failed-user-logons (host="HOSTNAME") | fields _time,signature,src_ip,src_host,src_nt_domain,user,Logon_Type
However, the data is coming in tagged with the host as "HOSTNAME.domain". If I modify the search manually to say:
search eventtype=msad-failed-user-logons (host="HOSTNAME.domain") | fields _time,signature,src_ip,src_host,src_nt_domain,user,Logon_Type
Everything works. Is there a conf file I need to change somewhere?
... View more
- Tags:
- activedirectory
