Hi guys,
Currently in the project I am working on, the client has 11 Domain Controllers with 1 of them as the Master node, from what I was told, the Splunk App for Windows Infrastructure will have a powershell script which triggers every 15 minutes interval to collect relevant data from these DCs and populate the Active Directory Overview as well as the Domain Controller dashboards. However, only 7 out of these 11 are returning the results.
Each of these DCs has a Splunk Universal Forwarder installed on them and whenever we redeploy the Windows Infra App to these clients, the results of all 11 DCs will be shown in the first 15 minutes and subsequently only 7 remains.
I have tried to reinstall the Splunk Universal Forwarder on one the the 4 Dcs that is not returning results but once again it only work once after I redeploy the app to it.
We have ran out of troubleshooting ideas and I am hoping if anyone has any similar experiences or even better a solution to this issue. Any help would be greatly appreciated!
Thank you!
↧