Sample DNS searches and dashboards
This topic lists searches that you can perform to confirm that Windows DNS data has arrived at the indexer.
Note: If you are using TA-Windows version 6.0.0 version or later then you do not need TA_AD and TA_DNS, as they are merged with TA-Windows. To configure TA-Windows v6.0.0, Please refer to Deploy and configure the Splunk Add-on for Windows v6.0.0 or later.
Search Windows DNS data
To confirm that Windows DNS data is present on the indexer, use the Search app:
1. Log into Splunk Enterprise on the indexer, if you have not already.
2. Load the Search app. In the system bar, select Apps > Search & Reporting. Splunk loads the Search app.
3. Try the following searches to confirm that data is present:
This search confirms that the Splunk Add-on for Windows DNS is sending data to the indexer:
eventtype=perfmon-dns
Can't find the data?
Try the following:
- Use Forwarder Management to confirm that the Splunk Add-on for Windows DNS has been deployed to your deployment clients.
- Refer to the Troubleshooting manual for additional help.
| Confirm and troubleshoot DNS data collection | Configure Exchange servers |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 4.0.0, 4.0.1, 4.0.2, 4.0.3
Download manual
Feedback submitted, thanks!