- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk app for active directory is not displaying ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk app for active directory is not displaying data
Hello everybody
Since couple of days I'm working on Splunk 5.04. Since yesterday all the tests went good. When I started to evaluate app for Active Directory I cant obtain data and I cant display any flow on the dashboard.
Let me tell you how I installed the app. Please correct my errors.
1- Install the app on splunk server.
2- Enable the receiver on splunk server at port 9997.
3- Install the universal forwarder on my Win 2008 R2 Ent. DC.
3.1 - Use a domain account with high privileges.
3.2 - Select all the input types + follow active directory.
now I can display all the event types are created correctly on my Manager screen. Also, on the search screen I can select some sources e.g. "ActiveDirectory" or "Perfmon:CPU Load" and I can see the data flow.
But when I open the Active Directory app. I dont see nothing.
I checked the link below :
http://docs.splunk.com/Documentation/ActiveDirectory/latest/DeployAD/Deploymentprocess
- I configured my splunk server as it.
- I reinstalled the universal forwarder and this time I didnt checked nothing.
- I copied the TAs to my. Restarted splunk agent.
I still dont see nothng on my Splunk server.
Could you please guide me to solve this ?
Thank you so much.
Mehmet
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Last update :
My mistake, AD logging is still not working but I'm confused.
I will try to regenerate the situation.
Regards.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you for your quick response
This is strange but I made my last change 2 hours ago. Since two hours I didnt checked the management console. But now I can see everything in the console.
Really strange for me.
As I wrote in my first note,
- I removed all the inputs checks
- and copied from TAs some files to my DC,
- then I restarted the agent.
- Wait two hours 🙂
Thank you for your co-operation.
PS: When I precise my procedure, I will add to this topic.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would double check the steps in the docs to make sure you haven't missed anything. I see this quite often on the Splunk App for AD. However, this is a pretty good troubleshooting reference to help as well.
http://blogs.splunk.com/2012/10/21/splunk-app-for-active-directory-and-the-top-10-issues/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you for your quick response
This is strange but I made my last change 2 hours ago. Since two hours I didnt checked the management console. But now I can see everything in the console.
Really strange for me.
As I wrote in my first note,
- I removed all the inputs checks
- and copied from TAs some files to my DC,
- then I restarted the agent.
- Wait two hours 🙂
Thank you for your co-operation.
PS: When I precise my procedure, I will add to this topic.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
