Hi,
I configured a Splunk enterprise indexer to monitor active directory. That worked without issues, it found my domain controllers right away. I also configured the `forwarders conf` file properly, but I'm not seeing any data in Splunk.
Netstat shows that the indexer is listening in `9997`. Netstat also shows that the domain controller running the forwarder is connected to the indexer in `9997`.
But still no data. Can someone please help?
↧