I have Splunk Ent. 5.0.5 with the same version forwarders on four (4) domain controllers.
I'm running no firewalls internally, the forwarders are configured to push data to "splunk" which is the hostname for my inhouse splunk server.
However, I am not seeing ANYTHING pop up in the AD app.
I looked through the 10 common causes writeup and none of them apply to me. Splunk just acts like it isn't getting the data.
I did at the TA_Windows/DNS/Domain Controller folders into the local splunkuniversalforwarder folders.
What might be the problem? I can't get support to answer me, unfortunately.
... View more