Hi Experts
I have installed and configured Splunk app for windows infrastructure in our search head as per the instruction on the Splunk Docs.
I can see all events in indexes (wineventlog, windows, msad, perfmon) etc. but i can't see any Active directory related information in the app. when i run "Customise Feature" option i can see below results;
Active Directory: Domains not found.
Detecting Domain Controllers ...
Active Directory: Domains not found.
Detecting Domain Controllers ...
Active Directory: Domain Controllers not found.
Detecting DNS ...
Active Directory: Domains not found.
any idea what might be the reason ?
Many Thanks.
How did you go setting up the Windows infrastructure app? Did you eventually succeed running the guided setup?
I don't know if your question has been answered, but I think it would help if we know what versions of Splunk App for Windows Infrastructure are you running and which Splunk Add-On for windows?