Hi
I'm using Splunk app for Active Directory, i've installed and configured it to make it run.
I receive data regarding the CPU/RAM monitoring, general info, etc ... in the 3 index msad, perform & winevents.
Unfortunately, i don't receive any information regarding the DC status/helth.
I see it's due to the search "index=msad source=powershell", i'd never indexed data with the field source=powershell in the msad index (only index=msad source=ActiveDirectory).
How could i check where the problem come from ? The script doesn't work ? Isn't executed ? something else ?
The GPO making run the PS script on my DCs is enabled.
I use 1 splunk server with 2 Win 2012 DCs.
Some help would be fine 🙂
Thanks !
... View more