All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for Active Directory - No incoming data from powershell source

rbw78
Communicator
‎07-20-2013 06:29 AM

Hi

I'm using Splunk app for Active Directory, i've installed and configured it to make it run.
I receive data regarding the CPU/RAM monitoring, general info, etc ... in the 3 index msad, perform & winevents.

Unfortunately, i don't receive any information regarding the DC status/helth.
I see it's due to the search "index=msad source=powershell", i'd never indexed data with the field source=powershell in the msad index (only index=msad source=ActiveDirectory).

How could i check where the problem come from ? The script doesn't work ? Isn't executed ? something else ?
The GPO making run the PS script on my DCs is enabled.

I use 1 splunk server with 2 Win 2012 DCs.

Some help would be fine 🙂

Thanks !

Reply

skylasam_splunk
Splunk Employee
Splunk Employee
‎09-24-2013 01:35 PM

A couple of things to check first to make sure Powershell scripts can run –
1. Set the PS execution policy on the UF - Set-ExecutionPolicy remotesigned
2. Make sure that the Powershell script itself is not blocked – Open the script in Windows explorer=>Properties; Go to the security tab and unblock.

0 Karma
Reply
Get Updates on the Splunk Community!

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...