Hello Spunkers,
I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for.
My client/Universal Forwarders are calling home and sending data. It seems as if my indexes are not parsing the data. Of the following indexes msad, perfmon, windows, wineventlog; only perfmon and wineventlog are showing in the Splunk App for Win Infra. But the data is only for the splunk server where splunk resides. .
Thanks in advance for any help.
My setup has the deployment and the search head are on the same SPLUNK instance.
Splunk version: 8.1.0
Splunk app for Windows Infrastructure v2.0.1
Splunk Supporting Add-on for Microsoft Windows v7.0
Splunk Supporting Add-on for Microsoft Windows Active Directory v3.0.1
Here is the output of the "detect features" button.
Detecting Event Monitoring ...
Windows: Event Monitoring found.
Detecting Performance Monitoring ...
Windows: Performance Monitoring found.
Detecting Applications and Updates ...
Windows: Applications and Updates found.
Detecting Network Monitoring ...
Windows: Network Monitoring not found.
Detecting Print Monitoring ...
Windows: Print Monitoring not found.
Detecting Host Monitoring ...
Windows: Host Monitoring not found.
Detecting Domains ...
Active Directory: Domains not found.
Detecting Domain Controllers ...
Active Directory: Domain Controllers not found.
Detecting DNS ...
Active Directory: DNS not found.
Detecting Users ...
Active Directory: Users not found.
Detecting Computers ...
Active Directory: Computers not found.
Detecting Groups ...
Active Directory: Groups not found.
Detecting Group Policy ...
Active Directory: Group Policy found.
Detecting Organizational Units ...
Active Directory: Group Policy found.
Detecting Organizational Units ...
Active Directory: Organizational Units found.s
How did you go with the Windows infrastructure setup? I'm having a similiar issue with Active Directory features not being founded in the guided setup. Suspect its an incorrectly configured conf file but hoping not to have to reinvent wheel.