Splunk® Add-on for Microsoft Windows DNS (Legacy)

Install and use the Splunk Add-on for Windows DNS

The Splunk Add-on for Windows DNS version 1.0.1 not supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.

Troubleshoot the Splunk Add-on for Windows DNS

General troubleshooting

For helpful troubleshooting tips that you can apply to all add-ons, see "Troubleshoot add-ons". You can also access these support and resource links.

Data appears in the wrong index

The Splunk Add-on for Windows DNS expects the following indexes to be present on your indexers:

  • msad
  • perfmon
  • winevents
  • windows (for backward compatibility)
  • wineventlog (for backward compatibility)

Ensure those indexes are present by installing the add-ons into all indexers in the deployment.

Sourcetype changes for WinEventLog data

The Splunk Add-on for Windows version 5.0.x introduces changes to WinEventLog data sourcetypes, and now assigns the WinEventLog sourcetype to the following WinEventLog input of the Splunk Add-on for Microsoft DNS:

Windows AD input Sourcetype
WinEventLog://DNS Server WinEventLog

WinEventLogs are distinguished by their source.

Last modified on 15 November, 2018
Configure the Splunk Add-on for Windows DNS   Lookups for the Splunk Add-on for Windows DNS

This documentation applies to the following versions of Splunk® Add-on for Microsoft Windows DNS (Legacy): 1.0.0, 1.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters