I am attempting to follow the online documentation/PDF for configuring my AD forwarder, but am having some trouble.
When customizing the index names in the .conf files, where in my Splunk install can I find these? Does anyone know the default index names that would have been used?
I installed the Splunk portion on my Kubuntu linux receiver a couple of weeks ago, and now am trying to configure the DC in my new DEV AD environment for Windows testing.
Thank you for any replies/help in advance
hi all, i have configured splunk app for active directory. i am getting row data from active directory.
But when i am going through splunk app for AD there i can not see any kind of log, event, or data.
my configuration...
Universal forwarder is installed in Active directory. with the correct port number 9997. As well as WMI is also correctly configured.
Splunk 5 (receiver) is installed in one machine. and active directory app is also installed in same splunk instance.
user have full access.
but still i am not getting data.
please help me to solve this.
Are you just trying to assign the right index for the inputs.conf on the forwarder? The indexes in the app are msad, perfmon, and winevents and you'll find them defined on your splunk server in Splunk_for_ActiveDirectory/default/indexes.conf. If you need to create your own indexes you'll have some work to do but you can define those through the UI as well.
From the readme.txt file.
By default, the Splunk_TA_windows logs events into the main index. The TAs for Splunk App for
Active Directory log events into one of three indices:
* perfmon = All performance data
* winevents = All Windows Event Log data
* msad = Everything else
If you decide on a different indexing scheme, you will need to create the indices, adjust the
inputs.conf on the TAs before deployment. In addition, you will need to adjust eventtypes.conf
and macros.conf for the new index locations.
That typo has since been fixed.
does anyone know where this went to?
Important: The SA-ldapsearch supporting add-on replaces the Perl LDAP commands that come with the Splunk App for Active Directory.
I'm trying to configure the admon.conf, perfmon.conf and inputs.conf as shown in
http://docs.splunk.com/Documentation/ActiveDirectory/latest/DeployAD/Configureanddeploythetechnicala...