I have the Splunk App for Windows Infrastructure and the Supporting Add-on for Active Directory. I have universal forwarders installed on all my Windows Servers, including my domain controllers. For any of the views in the Windows Infrastructure app that has a Domain drop-down selector at the top, I get a message saying "Search produced no results" and the drop-down is empty.
How can I fix this? I can do queries in the the Supporting Add-on for Active Directory just fine.
Besides the "winfra-admin" role, users also need to have the "windows-admin" role mapped to them.
Map the role and then try it again. If everything else is installed correctly, it should work.
did you deploy the correct TAs to your Domain Controllers?
http://docs.splunk.com/Documentation/MSApp/1.4.1/MSInfra/ConfigureWindowsDomainNameServer
also read all items after this page:
http://docs.splunk.com/Documentation/MSApp/1.4.1/MSInfra/ConfigureActiveDirectoryauditpolicy
hope it helps