Splunk® Add-on for Microsoft Windows DNS

Install and use the Splunk Add-on for Windows DNS

Download manual as PDF

Download topic as PDF

Troubleshoot the Splunk Add-on for Windows DNS

General troubleshooting

For helpful troubleshooting tips that you can apply to all add-ons, see "Troubleshoot add-ons". You can also access these support and resource links.

Data appears in the wrong index

The Splunk Add-on for Windows DNS expects the following indexes to be present on your indexers:

  • msad
  • perfmon
  • winevents
  • windows (for backward compatibility)
  • wineventlog (for backward compatibility)

Ensure those indexes are present by installing the add-ons into all indexers in the deployment.

Sourcetype changes for WinEventLog data

The Splunk Add-on for Windows version 5.0.x introduces changes to WinEventLog data sourcetypes, and now assigns the WinEventLog sourcetype to the following WinEventLog input of the Splunk Add-on for Microsoft DNS:

Windows AD input Sourcetype
WinEventLog://DNS Server WinEventLog

WinEventLogs are distinguished by their source.

PREVIOUS
Configure the Splunk Add-on for Windows DNS
  NEXT
Lookups for the Splunk Add-on for Windows DNS

This documentation applies to the following versions of Splunk® Add-on for Microsoft Windows DNS: 1.0.0, 1.0.1, 1.0.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters