All Apps and Add-ons

Splunk App for Windows infrastructure data not showing in app

pmovrich
Explorer

Hello

I currently have Splunk app for Windows Infrastructure installed and have a windows 2008 server setup with a universal forwarder with the Splunk_TA_windows add-on installed. I see the windows server logs being indexed on the Splunk 6.0 server. But it's not populating inside the app.

help please.

tprzelom
Path Finder

You have to go into the XML view for the dashboards and look at what searches are run to populate the dashboard.

They may rely on the sourcetype or index defined in the inputs.conf or something more abstract like an eventtype.

neiljpeterson
Communicator

Can you elaborate? I am having a similar problem. The only inputs.conf I edited for the setup was the one for the LDAP app. Is there another one?

0 Karma

pmovrich
Explorer

I figured out what i was doing wrong. i some how grabbed the wrong inputs.conf file and edited that one. i found the correct one and the data started to flow into the app.

anyhow thanks for the response.

lguinn2
Legend

I don't know much about the app, but I would guess that it is expecting the Windows data to be stored in a particular index. (index=os perhaps?)
If the data is stored elsewhere (like index=main for example), you will be able to see the data, but it won't appear in the Windows app dashboards, etc.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...