All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Can I use Splunk App for Windows Infrastructure without AD access?

Hudond
Path Finder
‎04-28-2020 06:52 AM

Good Morning

Not sure if this is an answerable question.

I am investigating using the Splunkbase "Splunk App for Windows Infrastructure" to gather resource information from our servers for management purposes. I like the interface and it is very informative for us.

The one issue I have is we cannot connect our Splunk deployment to AD (Active Directory) because it is a managed solution exterior to our organization. We have access to our servers as needed, but the support infrastructure behind the servers is outside of our purview.

That said, is there a way to edit the "Splunk App for Windows Infrastructure" so that the server information (names, etc.) is not extracted from AD, but maybe from a file?

I am fairly new to Splunk so this is a bit of a learning curve.

Thank you,

Dan

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

wyfwa4
Communicator
‎04-30-2020 01:14 PM

Yes, it is possible to use the app "Splunk App for Windows Infrastructure" without AD access. The app covers a wide range of data collection of which AD is just one type of data. The dashboards will just be empty for those items you do not collect data from.

The app itself does not collect data, for that you need the Splunk Add-on for Windows (https://splunkbase.splunk.com/app/742/). This app contains all the data collection options and you need to determine which are enabled or disabled. I believe these are all disabled by default - so you need to specifically decide which to enable.

The Add-One for windows would be installed on all the servers that you need to collect data from (deployed within a Splunk forwarder if collecting from hosts other than the Splunk server) and the Splunk App for Windows Infrastructure is installed on the Splunk server only. The app provides the data processing logic and dashboards, while the add-on simply collects the data.

You can think of these apps as a starter-pack to show what can be collected and how the data can be presented in Shell - but can be quite daunting with such a wide range of possible data sources. I tend to use my own data collection apps based to keep the collection configurations simple and easier to maintain. For example if you want to collect Windows event logs - the process is covered here - https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/MonitorWindowseventlogdata

View solution in original post

Reply
Solved! Jump to solution
Solution

wyfwa4
Communicator
‎04-30-2020 01:14 PM

Yes, it is possible to use the app "Splunk App for Windows Infrastructure" without AD access. The app covers a wide range of data collection of which AD is just one type of data. The dashboards will just be empty for those items you do not collect data from.

The app itself does not collect data, for that you need the Splunk Add-on for Windows (https://splunkbase.splunk.com/app/742/). This app contains all the data collection options and you need to determine which are enabled or disabled. I believe these are all disabled by default - so you need to specifically decide which to enable.

The Add-One for windows would be installed on all the servers that you need to collect data from (deployed within a Splunk forwarder if collecting from hosts other than the Splunk server) and the Splunk App for Windows Infrastructure is installed on the Splunk server only. The app provides the data processing logic and dashboards, while the add-on simply collects the data.

You can think of these apps as a starter-pack to show what can be collected and how the data can be presented in Shell - but can be quite daunting with such a wide range of possible data sources. I tend to use my own data collection apps based to keep the collection configurations simple and easier to maintain. For example if you want to collect Windows event logs - the process is covered here - https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/MonitorWindowseventlogdata

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...