I am trying to set up the App for Active Directory 1.1 in the free version of Splunk. I think I followed all the instructions but I am not getting any data. I have an AD forest with a parent domain and two children. I have forwarders set up on a domain controller in the root domain and on two of the domain controllers of one of the child domains. The forest is at Server 2003 level, the domains are at 2003 Interim level. All domain controllers are Server 2003 x86. My Splunk server is Server 2003 R2 x64. All are at the latest service pack and patch levels.
I installed the Splunk_TA_Windows, TA-DomainController-NT5 and TA-DNSServer-NT5 add-ins into the forwarders by dropping the respective folders into the ..\Program Files\SplunkUniversalForwarder\etc\apps folder on each of the domain controllers. Is this correct?
I have PowerShell 2.0 installed on the domain controllers and the Splunk server. PowerShell script execution is enabled. Auditing is turned on. DNS logging us turned on and (big) log files are present. I created an AD user account for Splunk to use. I think I did my ldap.conf correctly:
[domain.forest.net]
server = DomainController1.domain.forest.net;DomainController2.domain.forest.net
basedn = dc=domain,dc=ad,dc=net
binddn = cn=Splunk,cn=Users,dc=domain,dc=ad,dc=net
password = {64}password
[SPL]
alias = domain.forest.net
[default]
server = DomainController2.domain.forest.net
I have been looking at this for two days now. I can log in to the App but no information is displayed anywhere.
Any suggestions?
... View more