Splunk App for Windows Infrastructure: I am receiv...

j666gak · ‎03-24-2015

I have been asked to try and setup the Windows Infrastructure app, after a contractor had been in and left the instance in a worse state than when he started.

I keep getting the error below. I have a feeling it is something to do with LDAP or Powershell? I have researched as much as I can run the lookup rebuild option within the app, checked configuration/permissions 100 times. I am getting Windows event logs from the Domain Controllers but nothing related to Active Directory.

Would really appreciate any help please.

brooklynotss · ‎04-01-2015

I had almost the exact same problem with the same lookup tables in the errors. For me it was a Windows NTFS permissions issue on the server. I turned on enable inheritance (not sure why it wasn't on) and reset all permissions below that for the app. To clarify - this was on the splunk_app_windows_infrastructure folder in the Splunk/etc/apps folder. I also needed to the same for the Splunk_TA_windows

Also it's possible that when installing the app the default lookup table files didn't all copy down, so re-download from the splunk site (extract it) and you can just compare what lookup files are in the default install and what made it into your folder.

juvetm · ‎03-25-2015

hi j666gak
it look as if you are having a problem on setup Splunk App for Windows Infrastructure: i forward you a documentation i think this wll help so your problem waiting to hear from you
http://docs.splunk.com/Documentation/MSApp/1.0.2

Splunk App for Windows Infrastructure: I am receiving Windows event logs, but why am I not getting anything related to Active Directory?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!