Is the Splunk App for Windows Infrastructure funct...

DotTest37 · ‎01-08-2015

I need to index and search Event Logs from a few Windows 7 and 8 Desktops, but I don't use a Domain Controller.
This app has some prerequisites on the Configuration page, and it won't let me continue unless I specify AD parameters.

How can I use this app without a Domain Controller?

Dotty...

esix_splunk · ‎01-08-2015

This a current known bug in the Windows Infra app. Should be fixed next release.

Current work around, install a domain controller with relevant AD TA's and index the data to get the data sources available.

Another option I proposed in a previous post: Install eventgen and the windows AD TA's and enable eventgen for a little bit. This should generate the required data sources, and hopefully allow the app to be installed. I havent heard back if this worked.

If you try the datagen, post the results, as that is the quickest and easiest fix.

DotTest37 · ‎01-09-2015

Lets say I install the Domain Controller, do I need the Windows Desktops to join the Domain? because I cant do that.
Also, will a be able to remove the DC after I finished configuring the AD TA and keep indexing the Desktops?

malmoore · ‎01-12-2015

Yes, you should be able to remove the DC once you get the required events to pass the data check.

Is the Splunk App for Windows Infrastructure functional without a Domain Controller?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?