All Apps and Add-ons

Windows Infrastructure guided setup not seeing Domain, Domain Controllers, DNS, Users, Computers, Groups

ssrush
Engager

Hello Spunkers,
I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for.

My client/Universal Forwarders are calling home and sending data. It seems as if my indexes are not parsing the data. Of the following indexes msad, perfmon, windows, wineventlog; only perfmon and wineventlog are showing in the Splunk App for Win Infra. But the data is only for the splunk server where splunk resides. .
Thanks in advance for any help.

 

My setup has the deployment and the search head are on the same SPLUNK instance.

Splunk version: 8.1.0
Splunk app for Windows Infrastructure v2.0.1
Splunk Supporting Add-on for Microsoft Windows v7.0

Splunk Supporting Add-on for Microsoft Windows Active Directory v3.0.1

 

Here is the output of the "detect features" button.

 

Detecting Event Monitoring ...

Windows: Event Monitoring found.

Detecting Performance Monitoring ...

Windows: Performance Monitoring found.

Detecting Applications and Updates ...

Windows: Applications and Updates found.

Detecting Network Monitoring ...

Windows: Network Monitoring not found.

Detecting Print Monitoring ...

Windows: Print Monitoring not found.

Detecting Host Monitoring ...

Windows: Host Monitoring not found.

Detecting Domains ...

Active Directory: Domains not found.

Detecting Domain Controllers ...

Active Directory: Domain Controllers not found.

Detecting DNS ...

Active Directory: DNS not found.

Detecting Users ...

Active Directory: Users not found.

Detecting Computers ...

Active Directory: Computers not found.

Detecting Groups ...

Active Directory: Groups not found.

Detecting Group Policy ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Group Policy found.

Detecting Organizational Units ...

Active Directory: Organizational Units found.s

datacheck.PNGforw.PNGindexes.PNG

Labels (1)

Ibbers
Explorer

How did you go with the Windows infrastructure setup? I'm having a similiar issue with Active Directory features not being founded in the guided setup. Suspect its an incorrectly configured conf file but hoping not to have to reinvent wheel.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...