All Apps and Add-ons

Windows Infrastructure guided setup not seeing Domain, Domain Controllers, DNS, Users, Computers, Groups

ssrush
Engager

Hello Spunkers,
I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for.

My client/Universal Forwarders are calling home and sending data. It seems as if my indexes are not parsing the data. Of the following indexes msad, perfmon, windows, wineventlog; only perfmon and wineventlog are showing in the Splunk App for Win Infra. But the data is only for the splunk server where splunk resides. .
Thanks in advance for any help.

 

My setup has the deployment and the search head are on the same SPLUNK instance.

Splunk version: 8.1.0
Splunk app for Windows Infrastructure v2.0.1
Splunk Supporting Add-on for Microsoft Windows v7.0

Splunk Supporting Add-on for Microsoft Windows Active Directory v3.0.1

 

Here is the output of the "detect features" button.

 

Detecting Event Monitoring ...

Windows: Event Monitoring found.

Detecting Performance Monitoring ...

Windows: Performance Monitoring found.

Detecting Applications and Updates ...

Windows: Applications and Updates found.

Detecting Network Monitoring ...

Windows: Network Monitoring not found.

Detecting Print Monitoring ...

Windows: Print Monitoring not found.

Detecting Host Monitoring ...

Windows: Host Monitoring not found.

Detecting Domains ...

Active Directory: Domains not found.

Detecting Domain Controllers ...

Active Directory: Domain Controllers not found.

Detecting DNS ...

Active Directory: DNS not found.

Detecting Users ...

Active Directory: Users not found.

Detecting Computers ...

Active Directory: Computers not found.

Detecting Groups ...

Active Directory: Groups not found.

Detecting Group Policy ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Organizational Units found.s

datacheck.PNGforw.PNGindexes.PNG

Labels (1)

Ibbers
Explorer

How did you go with the Windows infrastructure setup? I'm having a similiar issue with Active Directory features not being founded in the guided setup. Suspect its an incorrectly configured conf file but hoping not to have to reinvent wheel.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...