We currently have our main Active Directory forest in Splunk. However, we have a secondary forest that shares the same namespace. What would be your recommendation:
the winfra app does support multiple forests. By default, the app expects that all the AD data across all forests is in the same set of indexes.
the winfra app does support multiple forests. By default, the app expects that all the AD data across all forests is in the same set of indexes.