https://community.splunk.com/t5/Getting-Data-In/Splunk-and-Active-Directory/m-p/331066#M61328 <P>I am currently trying to use Splunk to parse data from our Active Directory. I have currently loaded the Apps:</P> <P>Splunk Add-on for Microsoft Active Directory 2.1.4<BR /> Splunk Supporting Add-On for Active Directory 1.0.0<BR /> Splunk Add-on for Microsoft DNS 1.0.1<BR /> Splunk Add-on for Windows infrastructure 1.4.1<BR /> Splunk Add-on for Microsoft Windows 4.8.4</P> <P>What I am struggling with since there is no clear instruction set is how to get the data that is relevant to Active Directory. I have only been able to find Splunk® App for Active Directory (Legacy) documentation. Does any one have ideas to help me get the last few steps into providing this type of data for my customer?</P> <P>Running:<BR /> Windows Server 2012 R2<BR /> 16 Cores (Physical) 32 Cores (Virtual)<BR /> 262 GB memory<BR /> Splunk 6.6.2</P> Wed, 26 Jul 2017 23:39:08 GMT molinarf 2017-07-26T23:39:08Z https://community.splunk.com/t5/Getting-Data-In/Splunk-and-Active-Directory/m-p/331066#M61328 <P>I am currently trying to use Splunk to parse data from our Active Directory. I have currently loaded the Apps:</P> <P>Splunk Add-on for Microsoft Active Directory 2.1.4<BR /> Splunk Supporting Add-On for Active Directory 1.0.0<BR /> Splunk Add-on for Microsoft DNS 1.0.1<BR /> Splunk Add-on for Windows infrastructure 1.4.1<BR /> Splunk Add-on for Microsoft Windows 4.8.4</P> <P>What I am struggling with since there is no clear instruction set is how to get the data that is relevant to Active Directory. I have only been able to find Splunk® App for Active Directory (Legacy) documentation. Does any one have ideas to help me get the last few steps into providing this type of data for my customer?</P> <P>Running:<BR /> Windows Server 2012 R2<BR /> 16 Cores (Physical) 32 Cores (Virtual)<BR /> 262 GB memory<BR /> Splunk 6.6.2</P> Wed, 26 Jul 2017 23:39:08 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-and-Active-Directory/m-p/331066#M61328 molinarf 2017-07-26T23:39:08Z https://community.splunk.com/t5/Getting-Data-In/Splunk-and-Active-Directory/m-p/331067#M61329 <P>Hi,</P> <P>I am not really a big fan of the MS addons. I would recommend to use Universal Forwarders, if possible. That's also what Splunk recommends these days (atleast what I heard in the last meeting): try to use a UF to get your data and if you can't, try to use an addon for the task.</P> <P>What kind of logs are you trying to get? Event logs? There are quite a few examples in the documentation: <A href="https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf#WINDOWS_INPUTS:">https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf#WINDOWS_INPUTS:</A></P> <P>Skalli</P> <P>Edit: typo</P> Thu, 27 Jul 2017 06:27:01 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-and-Active-Directory/m-p/331067#M61329 skalliger 2017-07-27T06:27:01Z