All Apps and Add-ons

Can I install the Splunk Supporting Add-on for Active Directory to a heavy forwarder?

Motivator

Splunk app for exchange is installed on Search Head,can I install AD support addon which is prerequisite for exchange on Heavy Forwarder?

AD connectivity can be easy from Heavy forwarder(HF at customer site). Search head to Customer AD is not possible (389 is not open)

0 Karma

New Member

Here's the document URL I used for setting this up.

http://docs.splunk.com/Documentation/SA-LdapSearch/2.1.4/User/ConfiguretheSplunkSupportingAdd-onforA...

However, while LDAP queries work on the heavy forwarder just fine, there is some missing information to really make this work well with the Splunk Cloud. I believe one needs to create some scheduled searches on their heavy forwarder and then make sure forwarding for that data is sent to their cloud instance. I have found zero useful documentation from Splunk on this and given a general lack of polish with the cloud offering, don't expect to. I'm sure it is possible to make this all work together, such that the Splunk App for Windows Infrastructure installed in the cloud will work as expected, but it will take some time and effort to make it happen.

Hurricane Labs has a article with some good information if you're trying to get it into the Splunk App for Enterprise Security in the cloud, might be helpful.

https://www.hurricanelabs.com/splunk-tutorials/gathering-ldap-identity-data-with-splunk-cloud

If/when I get this sorted out, I will update my answer in hopes that it is helpful for others.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!