All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for AD has wrong title for a DNS Report

coleman07
Path Finder
‎07-22-2013 03:20 PM

I have installed the Splunk App for Active Directory. Now I am writing a fairly hefty user manual for the AD admins to know what information this app provides. I am frankly stuck on the naming of one report, DNS: Top Non-Authoritative Responses. In the search, it looks for all replies to DNS queries whose response was not NOERROR and whose flags equaled "A*". The fact that the search is looking for records with A in the flag actually implies that the Response is Authoritative, not non-authoritative. Seems like this report should be titled, DNS: Top Authoritative Failed Responses.

I hope someone at Splunk will read this and explain the title of the report or fix it in a future release.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

malmoore
Splunk Employee
Splunk Employee
‎07-22-2013 04:44 PM

Hi,

I've forwarded this report to the Windows team for triage and analysis.

In the meantime, you said you were writing a user manual for AD admins to know what information the app provides. What specific things were you looking for in the official product documentation that you didn't see?

View solution in original post

Reply
Solved! Jump to solution
Solution

malmoore
Splunk Employee
Splunk Employee
‎07-22-2013 04:44 PM

Hi,

I've forwarded this report to the Windows team for triage and analysis.

In the meantime, you said you were writing a user manual for AD admins to know what information the app provides. What specific things were you looking for in the official product documentation that you didn't see?

Reply
Solved! Jump to solution

malmoore
Splunk Employee
Splunk Employee
‎07-22-2013 05:41 PM

I will update the ticket I opened with your additional requests. While I can't guarantee or estimate a fix, I can say that your concerns will be noted.

Thanks for your feedback. We actually have plans to include screenshots in the documentation. Responses like yours validate that need.

Was there anything else you would have liked to see in the official manual?

0 Karma
Reply
Solved! Jump to solution

coleman07
Path Finder
‎07-22-2013 05:29 PM

Malmoore, it started as a demo guide for my admins to sell the product to them. It includes screen shots for most of the screens in the app. Also, I wanted to clarify to our community what worked and didn't work using our current audit settings. I would be happy to send it to you when I am done with it tonight.

Also, I wonder if you could ask the windows group to look at the other report titles. Top hosts sending failing queries seems mistitled since the the host shown is actually sending a DNS response to a query. The host listed didn't initiate the query.

Thanks so much,

Sean

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...