All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I use Splunk App for Windows Infrastructure without AD access?

Hudond
Path Finder
‎04-28-2020 06:52 AM

Good Morning

Not sure if this is an answerable question.

I am investigating using the Splunkbase "Splunk App for Windows Infrastructure" to gather resource information from our servers for management purposes. I like the interface and it is very informative for us.

The one issue I have is we cannot connect our Splunk deployment to AD (Active Directory) because it is a managed solution exterior to our organization. We have access to our servers as needed, but the support infrastructure behind the servers is outside of our purview.

That said, is there a way to edit the "Splunk App for Windows Infrastructure" so that the server information (names, etc.) is not extracted from AD, but maybe from a file?

I am fairly new to Splunk so this is a bit of a learning curve.

Thank you,

Dan

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

wyfwa4
Communicator
‎04-30-2020 01:14 PM

Yes, it is possible to use the app "Splunk App for Windows Infrastructure" without AD access. The app covers a wide range of data collection of which AD is just one type of data. The dashboards will just be empty for those items you do not collect data from.

The app itself does not collect data, for that you need the Splunk Add-on for Windows (https://splunkbase.splunk.com/app/742/). This app contains all the data collection options and you need to determine which are enabled or disabled. I believe these are all disabled by default - so you need to specifically decide which to enable.

The Add-One for windows would be installed on all the servers that you need to collect data from (deployed within a Splunk forwarder if collecting from hosts other than the Splunk server) and the Splunk App for Windows Infrastructure is installed on the Splunk server only. The app provides the data processing logic and dashboards, while the add-on simply collects the data.

You can think of these apps as a starter-pack to show what can be collected and how the data can be presented in Shell - but can be quite daunting with such a wide range of possible data sources. I tend to use my own data collection apps based to keep the collection configurations simple and easier to maintain. For example if you want to collect Windows event logs - the process is covered here - https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/MonitorWindowseventlogdata

View solution in original post

Reply
Solved! Jump to solution
Solution

wyfwa4
Communicator
‎04-30-2020 01:14 PM

Yes, it is possible to use the app "Splunk App for Windows Infrastructure" without AD access. The app covers a wide range of data collection of which AD is just one type of data. The dashboards will just be empty for those items you do not collect data from.

The app itself does not collect data, for that you need the Splunk Add-on for Windows (https://splunkbase.splunk.com/app/742/). This app contains all the data collection options and you need to determine which are enabled or disabled. I believe these are all disabled by default - so you need to specifically decide which to enable.

The Add-One for windows would be installed on all the servers that you need to collect data from (deployed within a Splunk forwarder if collecting from hosts other than the Splunk server) and the Splunk App for Windows Infrastructure is installed on the Splunk server only. The app provides the data processing logic and dashboards, while the add-on simply collects the data.

You can think of these apps as a starter-pack to show what can be collected and how the data can be presented in Shell - but can be quite daunting with such a wide range of possible data sources. I tend to use my own data collection apps based to keep the collection configurations simple and easier to maintain. For example if you want to collect Windows event logs - the process is covered here - https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/MonitorWindowseventlogdata

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...